Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus: Internet Security designed to protect


  • Please log in to reply
9 replies to this topic

#1 Tedisaid

Tedisaid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 10:55 AM

Have virus: Internet Security designed to protect.  I read through other posts related to this or similar virus'.  Decided to run scans as requested in other posts.  Here are the results:

 

Security Checkup

 

 Results of screen317's Security Check version 0.99.68 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````

 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Windows Defender          
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````

 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 11 
 Java version out of Date!
 Adobe Reader XI 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 



BC AdBot (Login to Remove)

 


#2 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 10:57 AM

Farbar Service Scanner

 

Farbar Service Scanner Version: 06-07-2013
Ran by Ted (administrator) on 08-07-2013 at 09:30:01
Running from "C:\Users\Ted\Desktop"
Microsoft Windows 8 Pro  (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 02:20] - [2013-05-04 02:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-15 05:09] - [2013-05-04 01:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8

C:\Windows\System32\wscsvc.dll
[2013-05-17 17:13] - [2013-04-08 23:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-15 05:09] - [2013-05-04 01:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 00:34] - [2013-04-23 17:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-05-04 21:32] - [2013-01-28 18:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-05-04 21:32] - [2013-01-28 20:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#3 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:01 AM

MiniToolBox

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Ted (administrator) on 08-07-2013 at 09:32:33
Running from "C:\Users\Ted\Desktop"
Windows 8 Pro  (X64)
Boot Mode: Network
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)
Ralink RT3290 802.11bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TedhpPhoenix
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 68-94-23-A0-7A-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 68-94-23-A0-7A-83
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 4C-72-B9-E0-A2-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::19a2:3845:87b5:d2f6%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, July 8, 2013 9:19:14 AM
   Lease Expires . . . . . . . . . . : Tuesday, July 9, 2013 9:19:14 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 256668345
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-4A-C7-88-4C-72-B9-E0-A2-78
   DNS Servers . . . . . . . . . . . : 97.64.183.164
                                       97.64.209.37
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5DFBE29B-3625-4BD9-BA56-560B5EC95D3F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  sprdc-dns-dts10.mcomdc.com
Address:  97.64.183.164

Name:    google.com
Addresses:  2607:f8b0:4009:804::1002
   173.194.46.38
   173.194.46.39
   173.194.46.40
   173.194.46.41
   173.194.46.46
   173.194.46.32
   173.194.46.33
   173.194.46.34
   173.194.46.35
   173.194.46.36
   173.194.46.37

Pinging google.com [74.125.134.138] with 32 bytes of data:
Reply from 74.125.134.138: bytes=32 time=43ms TTL=43
Reply from 74.125.134.138: bytes=32 time=44ms TTL=43

Ping statistics for 74.125.134.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 44ms, Average = 43ms
Server:  sprdc-dns-dts10.mcomdc.com
Address:  97.64.183.164

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=54ms TTL=48
Reply from 98.139.183.24: bytes=32 time=63ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 63ms, Average = 58ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...68 94 23 a0 7a 85 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...68 94 23 a0 7a 83 ......Ralink RT3290 802.11bgn Wi-Fi Adapter
 12...4c 72 b9 e0 a2 78 ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::19a2:3845:87b5:d2f6/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2013 03:30:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPConnectedRemoteService.exe, version: 1.0.1206.0, time stamp: 0x503e3c5d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007f8b05a5795
Faulting process id: 0x13dc
Faulting application start time: 0xHPConnectedRemoteService.exe0
Faulting application path: HPConnectedRemoteService.exe1
Faulting module path: HPConnectedRemoteService.exe2
Report Id: HPConnectedRemoteService.exe3
Faulting package full name: HPConnectedRemoteService.exe4
Faulting package-relative application ID: HPConnectedRemoteService.exe5

Error: (07/08/2013 03:30:17 AM) (Source: .NET Runtime) (User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at HP.Seeker.HPSeekerSwitchboard.StartUserService()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/08/2013 03:28:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TedhpPhoenix)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Error: (07/08/2013 03:26:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: TedhpPhoenix)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Error: (07/07/2013 10:07:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x5011bce1
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000618fd
Faulting process id: 0x1c6c
Faulting application start time: 0xSolitaire.exe0
Faulting application path: Solitaire.exe1
Faulting module path: Solitaire.exe2
Report Id: Solitaire.exe3
Faulting package full name: Solitaire.exe4
Faulting package-relative application ID: Solitaire.exe5

Error: (07/07/2013 10:07:10 PM) (Source: .NET Runtime) (User: )
Description: Application: Solitaire.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 77CE18FD
Stack:

Error: (07/06/2013 03:00:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (07/05/2013 03:01:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (07/05/2013 03:00:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (07/03/2013 03:01:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

System errors:
=============
Error: (07/08/2013 09:32:34 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2013 09:31:17 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2013 09:30:02 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2013 09:29:38 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2013 09:28:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/08/2013 09:28:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/08/2013 09:28:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/08/2013 09:28:05 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/08/2013 09:28:04 AM) (Source: DCOM) (User: TedhpPhoenix)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/08/2013 09:27:57 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (07/08/2013 03:30:17 AM) (Source: Application Error)(User: )
Description: HPConnectedRemoteService.exe1.0.1206.0503e3c5dunknown0.0.0.000000000c0000005000007f8b05a579513dc01ce7bb48fe840a3c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeunknown9e0ec910-e7a8-11e2-be96-689423a07a84

Error: (07/08/2013 03:30:17 AM) (Source: .NET Runtime)(User: )
Description: Application: HPConnectedRemoteService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at HP.Seeker.HPSeekerSwitchboard.StartUserService()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/08/2013 03:28:09 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TedhpPhoenix)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel

Error: (07/08/2013 03:26:54 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: TedhpPhoenix)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel

Error: (07/07/2013 10:07:11 PM) (Source: Application Error)(User: )
Description: Solitaire.exe1.0.0.05011bce1ntdll.dll6.2.9200.16578515fac6ec0000005000618fd1c6c01ce7b860c8ab598C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Solitaire.exeC:\windows\SYSTEM32\ntdll.dll7adb7e87-e77b-11e2-be94-689423a07a84Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbweApp

Error: (07/07/2013 10:07:10 PM) (Source: .NET Runtime)(User: )
Description: Application: Solitaire.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 77CE18FD
Stack:

Error: (07/06/2013 03:00:21 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/05/2013 03:01:43 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/05/2013 03:00:47 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/03/2013 03:01:32 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

=========================== Installed Programs ============================

4 Elements II (Version: 2.2.0.98)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
Bejeweled 3 (Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.98)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.4.0.15)
Canon MOV Encoder (Version: 1.2.0.10)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.3.0.15)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities Digital Photo Professional 3.7 (Version: 3.7.1.1)
Canon Utilities EOS Utility (Version: 2.7.1.0)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.6.0.0)
Canon Utilities WFT-E1/E2/E3/E4/E5 Utility (Version: 3.4.0.2)
Canon Utilities ZoomBrowser EX (Version: 6.4.1.11)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0704.2139.36919)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.2139.36919)
Catalyst Control Center InstallProxy (Version: 2012.0704.2139.36919)
Catalyst Control Center Localization All (Version: 2012.0704.2139.36919)
Catalyst Control Center Profiles Desktop (Version: 2012.0704.2139.36919)
CCC Help Chinese Standard (Version: 2012.0704.2138.36919)
CCC Help Chinese Traditional (Version: 2012.0704.2138.36919)
CCC Help Czech (Version: 2012.0704.2138.36919)
CCC Help Danish (Version: 2012.0704.2138.36919)
CCC Help Dutch (Version: 2012.0704.2138.36919)
CCC Help English (Version: 2012.0704.2138.36919)
CCC Help Finnish (Version: 2012.0704.2138.36919)
CCC Help French (Version: 2012.0704.2138.36919)
CCC Help German (Version: 2012.0704.2138.36919)
CCC Help Greek (Version: 2012.0704.2138.36919)
CCC Help Hungarian (Version: 2012.0704.2138.36919)
CCC Help Italian (Version: 2012.0704.2138.36919)
CCC Help Japanese (Version: 2012.0704.2138.36919)
CCC Help Korean (Version: 2012.0704.2138.36919)
CCC Help Norwegian (Version: 2012.0704.2138.36919)
CCC Help Polish (Version: 2012.0704.2138.36919)
CCC Help Portuguese (Version: 2012.0704.2138.36919)
CCC Help Russian (Version: 2012.0704.2138.36919)
CCC Help Spanish (Version: 2012.0704.2138.36919)
CCC Help Swedish (Version: 2012.0704.2138.36919)
CCC Help Thai (Version: 2012.0704.2138.36919)
CCC Help Turkish (Version: 2012.0704.2138.36919)
ccc-utility64 (Version: 2012.0704.2139.36919)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink LabelPrint (Version: 2.5.1.5510)
CyberLink Media Suite 10 (Version: 10.0.1.1916)
CyberLink PhotoDirector (Version: 2.0.1.3109)
CyberLink Power2Go 8 (Version: 8.0.1.1902)
CyberLink PowerDirector 10 (Version: 10.0.1.1925)
CyberLink PowerDVD (Version: 10.0.1.4319)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Document eSort Components (Version: 2.4.2.1013)
Energy Star (Version: 1.0.8)
EntlClnt (Version: 1.1.0)
Farm Frenzy (Version: 2.2.0.98)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
FlatOut 2 (Version: 2.2.0.98)
Google Chrome (Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.149)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (Version: 1.00.0000)
Hoyle Card Games (Version: 2.2.0.95)
HP Connected Backup (Version: 8.7.0.0)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP Connected Music (Meridian - player) (Version: 1.1 (build 37) hp)
HP Connected Remote (Version: 1.0.1206)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.3.0)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Registration Service (Version: 1.0.5976.4186)
HP Support Assistant (Version: 7.0.33.6)
HP Support Information (Version: 12.00.0000)
HydraVision (Version: 4.2.236.0)
IDT Audio (Version: 1.0.6418.0)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Intuit Entitlement Client (Version: 1.0.0)
Intuit Entitlement Client v8 (Version: 8.0.24)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Luxor Evolved (Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
Norton Internet Security (Version: 20.4.0.40)
Pc Mars for Windows (full)
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
Photo Gallery (Version: 16.4.3505.0912)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
ProSeries 2003
ProSeries 2004
ProSeries 2005
ProSeries 2006
ProSeries 2007
ProSeries 2008
ProSeries 2009
ProSeries 2010
ProSeries 2011
ProSeries 2012
Ralink Bluetooth Stack64 (Version: 9.0.720.5)
Ralink RT3290 802.11bgn Wi-Fi Adapter (Version: 5.0.0.0)
Recovery Manager (Version: 5.5.0.5530)
Roads of Rome 3 (Version: 2.2.0.98)
Tales of Lagoona (Version: 2.2.0.110)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest™ - Australia (Version: 2.2.0.98)
WexTech AnswerWorks (Version: 1.00.000)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.9.6)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Zuma's Revenge (Version: 2.2.0.98)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 10%
Total physical RAM: 10179.54 MB
Available physical RAM: 9127.97 MB
Total Pagefile: 20419.54 MB
Available Pagefile: 19412.63 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.83 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1841.86 GB) (Free:1749.83 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:19.68 GB) (Free:2.46 GB) NTFS
10 Drive p: () (Removable) (Total:14.9 GB) (Free:5.95 GB) FAT32

========================= Users: ========================================

User accounts for \\TEDHPPHOENIX

Administrator            ASPNET                   Guest                   
Ted                     

**** End of log ****



#4 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:03 AM

Malwarebytes AntiMalware mbam

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.08.05

Windows 8 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16599
Ted :: TEDHPPHOENIX [administrator]

7/8/2013 9:35:44 AM
mbam-log-2013-07-08 (09-35-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232899
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.Agent.SPT) -> Data: C:\Users\Ted\AppData\Roaming\mxdefender.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Ted\AppData\Roaming\mxdefender.exe (Trojan.Agent.SPT) -> Quarantined and deleted successfully.
C:\Users\Ted\AppData\Local\Temp\54D9.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Ted\AppData\Local\Temp\~rmj4274040365637199382.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)



#5 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:05 AM

Malwarebytes AntiRootkit log

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.08.05

Windows 8 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16599
Ted :: TEDHPPHOENIX [administrator]

7/8/2013 10:03:39 AM
-log-2013-07-08 (10-03-39).txt

Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP
Objects scanned: 0
Time elapsed:

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#6 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:07 AM

Malwarebytes AntiRootkit system log

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16599

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 10674016256, free: 9608040448

Downloaded database version: v2013.07.08.05
Initializing...
------------ Kernel report ------------
     07/08/2013 10:03:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\lsi_scsi.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\MegaSR.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\adp94xx.sys
\SystemRoot\System32\drivers\adpahci.sys
\SystemRoot\System32\drivers\adpu320.sys
\SystemRoot\System32\drivers\arc.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\iirsp.sys
\SystemRoot\System32\drivers\nfrd960.sys
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\gagp30kx.sys
\SystemRoot\System32\drivers\uagp35.sys
\SystemRoot\System32\drivers\agp440.sys
\SystemRoot\System32\drivers\nv_agp.sys
\SystemRoot\System32\drivers\uliagpkx.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xfffffa800d50e740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000058\
Lower Device Object: 0xfffffa800d4cf060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800d4d2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xfffffa800d4d7b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800d92a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000052\
Lower Device Object: 0xfffffa800d92cb00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800d92e740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000051\
Lower Device Object: 0xfffffa800d936060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800d930060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xfffffa800d935b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800d92f740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xfffffa800d935410
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800d932740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004e\
Lower Device Object: 0xfffffa800d934060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ac50060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xfffffa8008b9b250
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ac50060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ac50b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ac50060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008b99580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8008b9b250, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\windows\system32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6F37F8E9

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2020185780
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34  LastUsableLba 3907029134
    GPT Header Guid 2870e752-267e-423b-88de-444935c46f6
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2020185780
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 3907029134
    Backup GPT header Guid 2870e752-267e-423b-88de-444935c46f6
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID b145ddef-b30a-44a2-9528-da75b0e723a6
    FirstLBA 2048  Last LBA 2097151
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 9136b1bb-a823-4c91-b487-c5a57979f986
    FirstLBA 2097152  Last LBA 2834431
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c78bfde5-9fad-4571-aa72-a045aba3d896
    FirstLBA 2834432  Last LBA 3096575
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 460db9d4-3144-4f3f-9bfe-da2926388d61
    FirstLBA 3096576  Last LBA 3865765887
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4ebab707-e5e0-448d-b31d-85881e76f2cd
    FirstLBA 3865765888  Last LBA 3907028991
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800d932740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d933040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d932740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d934060, DeviceName: \Device\0000004e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800d92f740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d92e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d92f740, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d935410, DeviceName: \Device\0000004f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800d930060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008b96040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d930060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d935b00, DeviceName: \Device\00000050\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800d92e740, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d931310, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d92e740, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d936060, DeviceName: \Device\00000051\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa800d92a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d931b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d92a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d92cb00, DeviceName: \Device\00000052\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 31266784

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16008609792 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800d4d2060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d4cfb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d4d2060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d4d7b00, DeviceName: \Device\00000057\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa800d50e740, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d4d8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d50e740, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800d4cf060, DeviceName: \Device\00000058\, DriverName: \Driver\USBSTOR\
------------ End ----------
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_5_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_5_r.mbam...
Removal finished



#7 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:09 AM

RKill

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/08/2013 10:17:27 AM in x64 mode.
Windows Version: Windows 8 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * WinDefend => "%ProgramFiles%\Windows Defender\MsMpEng.exe" [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/08/2013 10:18:18 AM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)



#8 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 July 2013 - 11:19 AM

OS is Windows 8

All of the above scans were run in Windows 8 Safe Mode

 

Thank you for your assistance.

What is the next step?



#9 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 09 July 2013 - 10:11 AM

Just trying to keep this thread active.

Anything else that I should do?

#10 Tedisaid

Tedisaid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 22 July 2013 - 08:06 PM

All of the above scans were rerun with Windows 8 OS.

To date there have been no further problems with this computer. 

 

Are there any other suggestions to prevent future problems? 

 

Thank you in advance for responding.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users