Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't start Windows Firewall, please help.


  • This topic is locked This topic is locked
10 replies to this topic

#1 nkedwards90

nkedwards90

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 15 July 2013 - 02:34 AM

This is a Farbar scan.

 

 

Farbar Service Scanner Version: 13-07-2013
Ran by nkedw_000 (administrator) on 15-07-2013 at 02:15:32
Running from "C:\Users\nkedw_000\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll
[2012-12-28 15:12] - [2012-09-20 01:31] - 0331776 ____A (Microsoft Corporation) CFB72DF4B2364AF6D4D685DCD310E942

C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-22 03:15] - [2013-05-04 02:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2012-07-25 18:40] - [2012-07-25 22:06] - 0904704 ____A (Microsoft Corporation) 411EA973A1961C287927DF13891EB41E

C:\Windows\System32\bfe.dll
[2012-07-25 19:00] - [2012-07-25 22:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys
[2012-07-25 21:23] - [2012-07-25 21:23] - 0074752 ____A (Microsoft Corporation) 36BF4D86F166ACBC14F0B8B8F90CBCEA

C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 15 July 2013 - 03:58 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 nkedwards90

nkedwards90
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 15 July 2013 - 05:57 AM

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.10.2
Run by nkedw_000 at 5:14:11 on 2013-07-15
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.1606.275 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atiesrxx.exe
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\windows\system32\dashost.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\hphmon05.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\vssvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo13.msn.com
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [GoogleChromeAutoLaunch_EA0A38464DA321B3F536C69A77B70C19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [AdobeBridge] <no file>
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPHUPD05] C:\Program Files (x86)\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
mRun: [HP Component Manager] "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] C:\windows\SysWOW64\hphmon05.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19}\2456C6B696E6F574F575962756C6563737F5246383144344 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19}\4416973794E6E60233 : DHCPNameServer = 172.17.0.1
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19}\5436F6E6F6D6970294E6E6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19}\56467716274637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{67C7B8DF-35AF-4290-8EC1-831C27DDBC19}\E45445745414254303 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\nkedw_000\AppData\Roaming\Mozilla\Firefox\Profiles\fptw6e8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-29 01:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\nkedw_000\AppData\Roaming\Mozilla\Firefox\Profiles\fptw6e8w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-29 22:07; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\nkedw_000\AppData\Roaming\Mozilla\Firefox\Profiles\fptw6e8w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-07-07 00:29; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-7-14 65336]
R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-7-14 189936]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-10-27 39008]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-1-1 1025808]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-1-1 378432]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\Drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\Drivers\cmdguard.sys [2013-6-18 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\windows\System32\Drivers\cmdhlp.sys [2013-6-18 37560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\Drivers\dtsoftbus01.sys [2012-12-25 283200]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-1-1 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-1-1 80816]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-8-13 98472]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-8-21 311632]
R3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\Drivers\mcvidrv_x64.sys [2013-6-24 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-27 690832]
R3 vm331avs;Digital Camera 1;C:\windows\System32\Drivers\vm331avs.sys [2012-10-27 975104]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-10-27 315536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-10-27 102376]
.
=============== Created Last 30 ================
.
2013-07-15 07:01:19    --------    d-----w-    C:\ProgramData\HitmanPro
2013-07-15 06:47:55    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-15 04:21:21    --------    d-s---w-    C:\ProgramData\Shared Space
2013-07-15 04:20:16    --------    d-----w-    C:\Program Files\COMODO
2013-07-15 04:19:51    --------    d-----w-    C:\ProgramData\COMODO
2013-07-15 04:19:13    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2013-07-15 04:17:58    --------    d-----w-    C:\Program Files (x86)\Comodo
2013-07-15 04:17:37    --------    d-----w-    C:\ProgramData\Comodo Downloader
2013-07-15 03:14:05    73728    ----a-w-    C:\windows\SysWow64\wscsvc.dll
2013-07-15 03:12:46    19392    ----a-w-    C:\windows\System32\roboot64.exe
2013-07-15 02:34:24    189936    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2013-07-15 02:34:23    65336    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2013-07-11 13:51:14    --------    d-----w-    C:\Users\nkedw_000\AppData\Roaming\Dropbox
2013-07-11 12:19:09    --------    d-----w-    C:\ProgramData\BlueStacksSetup
2013-07-10 08:07:40    19187712    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-10 08:07:09    18523648    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-10 06:56:31    2035200    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-10 06:56:30    1272320    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 06:56:28    1617920    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 06:56:28    1306112    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 06:56:27    1318912    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 06:56:25    1413632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-10 06:56:23    1029632    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-10 06:53:30    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-07-10 06:51:41    1838080    ----a-w-    C:\windows\System32\DWrite.dll
2013-07-10 06:51:37    1421312    ----a-w-    C:\windows\SysWow64\DWrite.dll
2013-07-10 06:50:30    595968    ----a-w-    C:\windows\System32\qedit.dll
2013-07-10 06:50:29    496640    ----a-w-    C:\windows\SysWow64\qedit.dll
2013-07-10 06:50:07    4036096    ----a-w-    C:\windows\System32\win32k.sys
2013-07-10 06:49:25    2842112    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2013-07-10 06:49:21    2620928    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2013-07-09 04:12:53    --------    d-----w-    C:\Users\nkedw_000\AppData\Local\PMB Files
2013-07-09 04:12:30    --------    d-----w-    C:\ProgramData\PMB Files
2013-07-09 04:11:59    --------    d-----w-    C:\Program Files (x86)\Pando Networks
2013-07-09 04:11:19    --------    d-----w-    C:\Users\nkedw_000\.swt
2013-07-08 09:38:20    --------    d-----w-    C:\windows\SysWow64\Adobe
2013-07-07 05:35:29    --------    d-----w-    C:\Users\nkedw_000\AppData\Roaming\RealNetworks
2013-07-07 05:29:05    --------    d-----w-    C:\Program Files (x86)\RealNetworks
2013-07-07 05:28:57    --------    d-----w-    C:\ProgramData\RealNetworks
2013-07-07 05:28:04    --------    d-----w-    C:\Program Files (x86)\Common Files\xing shared
2013-07-07 05:16:45    --------    d-----w-    C:\windows\en
2013-07-07 05:13:13    77656    ----a-w-    C:\windows\System32\XAPOFX1_5.dll
2013-07-07 05:13:13    74072    ----a-w-    C:\windows\SysWow64\XAPOFX1_5.dll
2013-07-07 05:13:13    527192    ----a-w-    C:\windows\SysWow64\XAudio2_7.dll
2013-07-07 05:13:13    518488    ----a-w-    C:\windows\System32\XAudio2_7.dll
2013-07-07 05:13:10    2526056    ----a-w-    C:\windows\System32\D3DCompiler_43.dll
2013-07-07 05:13:10    2106216    ----a-w-    C:\windows\SysWow64\D3DCompiler_43.dll
2013-07-07 05:13:08    276832    ----a-w-    C:\windows\System32\d3dx11_43.dll
2013-07-07 05:13:08    248672    ----a-w-    C:\windows\SysWow64\d3dx11_43.dll
2013-07-07 05:12:57    523088    ----a-w-    C:\windows\System32\d3dx10_42.dll
2013-07-07 05:12:57    453456    ----a-w-    C:\windows\SysWow64\d3dx10_42.dll
2013-07-07 05:12:42    4398360    ----a-w-    C:\windows\System32\d3dx9_32.dll
2013-07-07 05:12:42    3426072    ----a-w-    C:\windows\SysWow64\d3dx9_32.dll
2013-07-07 05:09:39    525656    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2a99a5c71ce7ad003\DXSETUP.exe
2013-07-07 05:09:38    94040    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2a99a5c71ce7ad003\DSETUP.dll
2013-07-07 05:09:38    1691480    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\2a99a5c71ce7ad003\dsetup32.dll
2013-07-07 05:09:30    89944    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\25cf7e041ce7ad002\DSETUP.dll
2013-07-07 05:09:30    537432    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\25cf7e041ce7ad002\DXSETUP.exe
2013-07-07 05:09:30    1801048    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\25cf7e041ce7ad002\dsetup32.dll
2013-07-07 05:09:23    537432    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\20c9b4ed1ce7ad001\DXSETUP.exe
2013-07-07 05:09:22    89944    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\20c9b4ed1ce7ad001\DSETUP.dll
2013-07-07 05:09:22    1801048    -c--a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\20c9b4ed1ce7ad001\dsetup32.dll
2013-07-07 05:09:12    --------    d-----w-    C:\Users\nkedw_000\AppData\Local\Windows Live
2013-07-07 05:08:55    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-07-04 06:13:48    237744    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10209.bin
2013-07-04 05:24:24    144384    ----a-w-    C:\windows\System32\tssdisai.dll
2013-06-29 01:45:37    --------    d-----w-    C:\Program Files (x86)\RAR Password Unlocker
2013-06-26 06:36:06    78200    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-26 06:36:01    693112    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 07:15:26    --------    d-----w-    C:\Users\nkedw_000\AppData\Local\ManyCam
2013-06-24 07:15:23    --------    d-----w-    C:\ProgramData\ManyCam
2013-06-24 07:15:13    --------    d-----w-    C:\Users\nkedw_000\AppData\Roaming\ManyCam
2013-06-24 07:14:53    44544    ----a-w-    C:\windows\System32\drivers\mcvidrv_x64.sys
2013-06-24 07:14:27    --------    d-----w-    C:\Program Files (x86)\ManyCam
2013-06-23 00:22:12    30720    ----a-w-    C:\windows\System32\cryptdlg.dll
2013-06-23 00:22:12    25088    ----a-w-    C:\windows\SysWow64\cryptdlg.dll
2013-06-22 08:25:29    13644288    ----a-w-    C:\windows\System32\Windows.UI.Xaml.dll
2013-06-22 08:25:09    10788864    ----a-w-    C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-06-22 08:25:01    1131520    ----a-w-    C:\windows\System32\AppXDeploymentServer.dll
2013-06-22 08:24:36    1332736    ----a-w-    C:\windows\System32\sysmain.dll
2013-06-22 08:24:18    10116096    ----a-w-    C:\windows\System32\twinui.dll
2013-06-22 08:23:51    427520    ----a-w-    C:\windows\System32\drivers\rdbss.sys
2013-06-22 08:23:48    1483776    ----a-w-    C:\windows\System32\VSSVC.exe
2013-06-22 08:23:42    470528    ----a-w-    C:\windows\System32\netprofmsvc.dll
2013-06-22 08:23:41    1820672    ----a-w-    C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
2013-06-22 08:23:33    8857088    ----a-w-    C:\windows\SysWow64\twinui.dll
2013-06-22 08:23:21    2305024    ----a-w-    C:\windows\System32\authui.dll
2013-06-22 08:23:06    2035712    ----a-w-    C:\windows\SysWow64\authui.dll
2013-06-22 08:21:57    419840    ----a-w-    C:\windows\System32\intl.cpl
2013-06-22 08:19:57    888320    ----a-w-    C:\windows\System32\autochk.exe
2013-06-22 08:19:56    542208    ----a-w-    C:\windows\System32\untfs.dll
2013-06-22 08:19:56    482816    ----a-w-    C:\windows\SysWow64\untfs.dll
2013-06-22 08:19:53    793088    ----a-w-    C:\windows\SysWow64\autochk.exe
2013-06-22 08:19:25    1300992    ----a-w-    C:\windows\System32\gdi32.dll
2013-06-22 08:19:23    1022464    ----a-w-    C:\windows\SysWow64\gdi32.dll
2013-06-22 08:18:27    1889280    ----a-w-    C:\windows\System32\crypt32.dll
2013-06-22 08:18:19    1569792    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-06-22 08:17:59    1255936    ----a-w-    C:\windows\System32\certutil.exe
2013-06-22 08:17:52    1013248    ----a-w-    C:\windows\SysWow64\certutil.exe
2013-06-22 08:17:50    68096    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-06-22 08:17:50    141312    ----a-w-    C:\windows\System32\cryptnet.dll
2013-06-22 08:17:49    109056    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-06-22 08:15:30    733184    ----a-w-    C:\windows\System32\win32spl.dll
2013-06-22 08:15:26    2233600    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-06-22 08:13:17    148992    ----a-w-    C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-22 08:13:15    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-06-22 08:13:15    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-22 08:13:05    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-06-22 08:13:04    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-06-22 08:13:03    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-06-22 08:13:01    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-06-18 21:16:18    37560    ----a-w-    C:\windows\System32\drivers\cmdhlp.sys
2013-06-18 21:16:16    713776    ----a-w-    C:\windows\System32\drivers\cmdguard.sys
2013-06-18 21:16:16    23168    ----a-w-    C:\windows\System32\drivers\cmderd.sys
2013-06-18 21:15:50    43216    ----a-w-    C:\windows\System32\cmdcsr.dll
2013-06-18 21:15:48    437688    ----a-w-    C:\windows\System32\guard64.dll
2013-06-18 21:15:48    348584    ----a-w-    C:\windows\SysWow64\guard32.dll
2013-06-18 21:15:40    45784    ----a-w-    C:\windows\System32\cmdkbd64.dll
2013-06-18 21:15:40    344792    ----a-w-    C:\windows\System32\cmdvrt64.dll
2013-06-18 21:15:36    40664    ----a-w-    C:\windows\SysWow64\cmdkbd32.dll
2013-06-18 21:15:36    278232    ----a-w-    C:\windows\SysWow64\cmdvrt32.dll
.
==================== Find3M  ====================
.
2013-06-11 23:43:37    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-05-23 06:19:42    231376    ----a-w-    C:\windows\System32\drivers\truecrypt.sys
2013-05-09 08:59:07    72016    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    1025808    ----a-w-    C:\windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\windows\avastSS.scr
2013-05-04 07:58:17    120736    ----a-w-    C:\windows\System32\AuthHost.exe
2013-05-04 07:34:17    446720    ----a-w-    C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17    213248    ----a-w-    C:\windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15    284416    ----a-w-    C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56    39424    ----a-w-    C:\windows\System32\wuapp.exe
2013-05-04 06:59:36    812544    ----a-w-    C:\windows\System32\Magnify.exe
2013-05-04 06:59:25    98304    ----a-w-    C:\windows\System32\wudriver.dll
2013-05-04 06:59:25    251904    ----a-w-    C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25    141824    ----a-w-    C:\windows\System32\wuwebv.dll
2013-05-04 06:59:24    1619968    ----a-w-    C:\windows\System32\wucltux.dll
2013-05-04 06:58:54    328192    ----a-w-    C:\windows\System32\ubpm.dll
2013-05-04 06:58:49    173568    ----a-w-    C:\windows\System32\storewuauth.dll
2013-05-04 06:58:48    330240    ----a-w-    C:\windows\System32\stobject.dll
2013-05-04 06:58:28    93696    ----a-w-    C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02    151552    ----a-w-    C:\windows\System32\netprofm.dll
2013-05-04 06:58:01    169984    ----a-w-    C:\windows\System32\netplwiz.dll
2013-05-04 06:57:59    17408    ----a-w-    C:\windows\System32\muifontsetup.dll
2013-05-04 06:57:46    560640    ----a-w-    C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15    501760    ----a-w-    C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05    179712    ----a-w-    C:\windows\System32\bisrv.dll
2013-05-04 06:57:05    122368    ----a-w-    C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04    389120    ----a-w-    C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:00    708096    ----a-w-    C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 04:58:34    34304    ----a-w-    C:\windows\SysWow64\wuapp.exe
2013-05-04 04:58:14    758784    ----a-w-    C:\windows\SysWow64\Magnify.exe
2013-05-04 04:58:02    83968    ----a-w-    C:\windows\SysWow64\wudriver.dll
2013-05-04 04:58:02    125952    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2013-05-04 04:57:39    247296    ----a-w-    C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35    303616    ----a-w-    C:\windows\SysWow64\stobject.dll
2013-05-04 04:57:16    18432    ----a-w-    C:\windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04    151040    ----a-w-    C:\windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04    115712    ----a-w-    C:\windows\SysWow64\netprofm.dll
2013-05-04 04:57:02    14336    ----a-w-    C:\windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48    411136    ----a-w-    C:\windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:14    449536    ----a-w-    C:\windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06    92160    ----a-w-    C:\windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05    309760    ----a-w-    C:\windows\SysWow64\BCP47Langs.dll
2013-05-04 04:55:58    389632    ----a-w-    C:\windows\SysWow64\intl.cpl
2013-05-04 04:51:38    14848    ----a-w-    C:\windows\System32\rars.rs
2013-05-04 04:48:33    83968    ----a-w-    C:\windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26    27648    ----a-w-    C:\windows\System32\drivers\hidusb.sys
2013-05-04 04:10:47    14848    ----a-w-    C:\windows\SysWow64\rars.rs
.
============= FINISH:  5:20:38.33 ===============
 



ATTACH

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2012 1:37:26 AM
System Uptime: 7/15/2013 1:50:30 AM (4 hours ago)
.
Motherboard: LENOVO |  | Lenovo IdeaPad N585
Processor: AMD E1-1200 APU with Radeon™ HD Graphics | Socket FT1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 251 GiB total, 190.594 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 23.663 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Shockwave Player 12.0
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
COMODO Firewall
Conexant HD Audio
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolby Advanced Audio v2
Energy Management
ETDWare PS/2-X64 11.4.3.3_WHQL
GeekBuddy
Google Chrome
Google Update Helper
Intel AppUp(SM) center
iTunes
Java 7 Update 10
Java Auto Updater
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo PowerDVD10
ManyCam 3.1.57
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Pando Media Booster
PDF Settings CS6
Photo Common
Photo Gallery
Photosmart 140,240,7200,7600,7700,7900 Series
Power2Go
PowerXpressHybrid
PSShortcutsP
PSUsage
QFolder
Qualcomm Atheros Client Installation Program
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Rosetta Stone Version 3
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
SugarSync Manager
swMSM
System Requirements Lab CYRI
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
UserGuide
VLC media player 2.0.0
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/15/2013 5:10:29 AM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
7/15/2013 2:20:53 AM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with the following service-specific error:  The system cannot find the file specified.
7/15/2013 1:50:34 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/14/2013 10:06:55 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 



MALWAREBYTES

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 1684279296, free: 283484160

Initializing...
------------ Kernel report ------------
     07/15/2013 05:21:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\53810245.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dtsoftbus01.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002ad05b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000037\
Lower Device Object: 0xfffffa80020f9600
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Device number: 0, partition: 5
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002ad05b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002acfb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002acf040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8002ad05b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80020f9600, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CE59DB89

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 753203490
    GPT Header CurrentLba = 1 BackupLba 625142447
    GPT Header FirstUsableLba 34  LastUsableLba 625142414
    GPT Header Guid 70f4d92-db7-4484-94f8-da6e8a461534
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 753203490
    Backup GPT header CurrentLba = 625142447 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 625142414
    Backup GPT header Guid 70f4d92-db7-4484-94f8-da6e8a461534
    Backup GPT header Contains 128 partition entries starting at LBA 625142415
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 57c46cc8-6f47-467f-9ee8-8bfb5b6bab77
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a3971aa5-276d-48e1-9ab9-98346f2ae241
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 3803fa63-5b7a-4ac3-ba6-5729fdc7813e
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 1412c7d-5af2-485e-ad9-5c74d5d859f4
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9435322a-d455-40ca-83f-9597729dc77
    FirstLBA 4892672  Last LBA 530769919
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 972bd753-3a36-4465-969a-8da389ad9525
    FirstLBA 530769920  Last LBA 583198719
    Attributes 0
    Partition Name                 Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 418e5ce2-b4aa-4b21-be40-4a57e1a53ff
    FirstLBA 583198720  Last LBA 625141759
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Infected: c:\$Recycle.Bin\S-1-5-18\$4918e7c31482ec8cc2f3f33c33ad959d\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$4918e7c31482ec8cc2f3f33c33ad959d\trzEA89.tmp --> [Rootkit.Siredef]
Infected: c:\$Recycle.Bin\S-1-5-21-461226596-1127582815-2108284930-1002\$4918e7c31482ec8cc2f3f33c33ad959d\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-461226596-1127582815-2108284930-1002\$4918e7c31482ec8cc2f3f33c33ad959d\trzCAF7.tmp --> [Rootkit.Siredef]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]
Infected: c:\$Recycle.Bin\S-1-5-18\$4918e7c31482ec8cc2f3f33c33ad959d\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-461226596-1127582815-2108284930-1002\$4918e7c31482ec8cc2f3f33c33ad959d\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$4918e7c31482ec8cc2f3f33c33ad959d\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-461226596-1127582815-2108284930-1002\$4918e7c31482ec8cc2f3f33c33ad959d\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$4918e7c31482ec8cc2f3f33c33ad959d --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-461226596-1127582815-2108284930-1002\$4918e7c31482ec8cc2f3f33c33ad959d --> [Trojan.Siredef.C]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Trojan.0Access]
Scan finished
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 15 July 2013 - 07:10 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 nkedwards90

nkedwards90
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 15 July 2013 - 09:25 AM

I ran the scan once more, as you requested.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 1684279296, free: 499798016

Initializing...
------------ Kernel report ------------
     07/15/2013 08:43:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dtsoftbus01.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8002acf5b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000034\
Lower Device Object: 0xfffffa80020e34e0
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Device number: 0, partition: 5
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8002acf5b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002ace110, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8002ace720, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8002acf5b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80020e34e0, DeviceName: \Device\00000034\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CE59DB89

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 753203490
    GPT Header CurrentLba = 1 BackupLba 625142447
    GPT Header FirstUsableLba 34  LastUsableLba 625142414
    GPT Header Guid 70f4d92-db7-4484-94f8-da6e8a461534
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 753203490
    Backup GPT header CurrentLba = 625142447 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 625142414
    Backup GPT header Guid 70f4d92-db7-4484-94f8-da6e8a461534
    Backup GPT header Contains 128 partition entries starting at LBA 625142415
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 57c46cc8-6f47-467f-9ee8-8bfb5b6bab77
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID a3971aa5-276d-48e1-9ab9-98346f2ae241
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 3803fa63-5b7a-4ac3-ba6-5729fdc7813e
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 1412c7d-5af2-485e-ad9-5c74d5d859f4
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9435322a-d455-40ca-83f-9597729dc77
    FirstLBA 4892672  Last LBA 530769919
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 972bd753-3a36-4465-969a-8da389ad9525
    FirstLBA 530769920  Last LBA 583198719
    Attributes 0
    Partition Name                 Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 418e5ce2-b4aa-4b21-be40-4a57e1a53ff
    FirstLBA 583198720  Last LBA 625141759
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

 

My computer still refuses to turn Windows Firewall on, and, as a side-note, Windows Defender cannot be turned on, either.

 

When I attempt to manually start Windows Firewall from the "Services" menu, I get this message.

 

zejqqpW.png

 

Any thoughts as to what I might be able to do?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 16 July 2013 - 12:55 AM

Run fixdamage.exe

Navigate to the directory where you extracted mbar to.
Open the plugins folder and run fixdamge.exe by doubleclick.
Reboot and post up a new fss log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 nkedwards90

nkedwards90
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 16 July 2013 - 02:02 AM

fss log

Did you mean DSS log?



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 16 July 2013 - 02:09 AM

No - FSS (Farbars Service Scanner)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 nkedwards90

nkedwards90
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 PM

Posted 16 July 2013 - 02:11 AM

Once again, my machine refuses to start Windows Firewall. It gives me a message identical to the screen shot I posted above.

 

 

Farbar Service Scanner Version: 13-07-2013
Ran by nkedw_000 (administrator) on 16-07-2013 at 02:10:20
Running from "C:\Users\nkedw_000\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll
[2012-12-28 15:12] - [2012-09-20 01:31] - 0331776 ____A (Microsoft Corporation) CFB72DF4B2364AF6D4D685DCD310E942

C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-22 03:15] - [2013-05-04 02:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2012-07-25 18:40] - [2012-07-25 22:06] - 0904704 ____A (Microsoft Corporation) 411EA973A1961C287927DF13891EB41E

C:\Windows\System32\bfe.dll
[2012-07-25 19:00] - [2012-07-25 22:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys
[2012-07-25 21:23] - [2012-07-25 21:23] - 0074752 ____A (Microsoft Corporation) 36BF4D86F166ACBC14F0B8B8F90CBCEA

C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 16 July 2013 - 02:17 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 19 July 2013 - 12:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users