Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Defender won't Turn On

This is a discussion on [SOLVED] Defender won't Turn On within the Resolved HJT Threads forums, part of the Tech Support Forum category. Description of the problem: All files downloaded from the internet as marked as a virus and immediately deleted. Action center


 
 
Thread Tools Search this Thread
Old 07-22-2013, 09:28 AM   #1
TSF Enthusiast
 
Join Date: May 2011
Location: Quebec, Canada
Posts: 3,387
OS: Windows 10

My System


Description of the problem:

All files downloaded from the internet as marked as a virus and immediately deleted. Action center cannot enable Windows firewall or defender. I can't reinstall/uninstall any AV. I believe the computer is infected.

Attach.txt

Code:
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe Content Viewer
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Illustrator CS5.1
Adobe InDesign CS5.5
Adobe Media Player
Adobe Output Module
Adobe Photoshop CS5.1
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Bonjour
Chyron Diagnostic Utility
Chyron Lyric 8.1
Chyron Lyric Shell Extension
Connect
D-Link DWA-160 
Dell Edoc Viewer
DirectX 9 Runtime
ESET Online Scanner v3
FileHippo.com Update Checker
FileZilla Client 3.6.0.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iTunes
Java 7 Update 17 (64-bit)
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 33
kuler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
PDF Settings CS5
Photoshop Camera Raw
PhotoShowExpress
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SearchAmong Toolbar version 1.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SentinelLM Server
Shared C Run-time for x64
Skype Toolbars
Skype™ 6.3
Sonic CinePlayer Decoder Pack
Speccy
Suite Shared Configuration CS4
TeamViewer 8
Tennis Elbow 2013 1.0
THX TruStudio PC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Virtual DJ Pro Full - Atomix Productions
VLC media player 2.0.6
WebEx
WinRAR 4.20 (64-bit)
Yahoo! Detect
.
==== End Of File ===========================
DDS.txt

Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Domenico at 12:05:09 on 2013-07-22
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe
C:\Program Files (x86)\Rainbow Technologies\sentLM\Server\lservnt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
uSearchAssistant = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &SearchAmong - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://chyron.webex.com/client/T27LD/support/ieatgpc1.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F}\2454C4C4630353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F}\46F6D656E696361323 : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? Impcd;Impcd
R? MBAMService;MBAMService
R? netvsc;netvsc
R? qxxvdooi;qxxvdooi
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RoxMediaDB12OEM;RoxMediaDB12OEM
R? RoxWatch12;Roxio Hard Drive Watcher 12
R? Sentinel64;Sentinel64
R? SkypeUpdate;Skype Updater
R? SwitchBoard;Adobe SwitchBoard
R? Synth3dVsc;Microsoft Virtual 3D Video Transport Driver
R? SynthVid;SynthVid
R? terminpt;Microsoft Remote Desktop Input Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? tsusbhub;Remote Deskotop USB Hub
R? USBAAPL64;Apple Mobile USB Driver
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? anodlwf;ANOD Network Security Filter driver
S? atashost;WebEx Service Host for Support Center
S? D-Link Wireless N Dual Band DWA-160 _WPS;D-Link Wireless N Dual Band DWA-160 _WPS Service
S? Darusb_win7x;D-LInk DWA-160 11n Wireless LAN device driver
S? IntcDAud;Intel(R) Display Audio
S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? NisDrv;Microsoft Network Inspection System
S? nusb3hub;NEC Electronics USB 3.0 Hub Driver
S? nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver
S? PxHlpa64;PxHlpa64
S? SentinelLM;SentinelLM
S? TeamViewer8;TeamViewer 8
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-21 02:32:05	--------	d-----w-	C:\Program Files (x86)\ESET
2013-07-20 00:42:56	--------	d-----w-	C:\Windows\TempBCB83E94-EEC2-250F-A2AA-C5C9C39D345C-Signatures
2013-07-20 00:38:35	--------	d-----w-	C:\Windows\System32\MRT
2013-07-19 23:47:38	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-07-19 23:47:38	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:40:17	--------	d-----w-	C:\Program Files\Speccy
2013-07-11 19:01:41	9216	----a-w-	C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
.
==================== Find3M  ====================
.
2013-07-20 00:48:37	204	----a-w-	C:\Windows\SysWow64\lsprst.dll
2013-06-12 23:36:45	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 23:36:45	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20	2241024	----a-w-	C:\Windows\System32\wininet.dll
2013-06-11 23:25:16	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27	3153920	----a-w-	C:\Windows\System32\win32k.sys
2013-06-04 06:00:13	624128	----a-w-	C:\Windows\System32\qedit.dll
2013-06-04 04:53:07	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00	1464320	----a-w-	C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40	52224	----a-w-	C:\Windows\System32\certenc.dll
2013-05-13 04:45:55	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55	1160192	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55	1192448	----a-w-	C:\Windows\System32\certutil.exe
2013-05-13 03:08:10	903168	----a-w-	C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06	43008	----a-w-	C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27	30720	----a-w-	C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54	24576	----a-w-	C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01	1910632	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49	1887744	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35	1620480	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36	751104	----a-w-	C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21	492544	----a-w-	C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32	1505280	----a-w-	C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 12:05:18.43 ===============
gmer.exe

The scan did not complete. Tried it twice, both times resulting in the following error message.

Quote:
gmer.exe has stopped working

A problem has caused the program to stop working correctly. Windows will close the program and notify if solution is available.
Quote:
If (and only if) there are problems using gmer as indicated above, run the scan with ONLY the Sections and C drive boxes ticked.
Gmer.exe didn't allow me to untick the Quick scan box andtick the C: drive box. I was only able to tick the sections box. This is log for that scan:

Code:
GMER 2.1.19163 - https://www.gmer.net
Rootkit scan 2013-07-22 12:22:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320006 rev.CC43 1863.02GB
Running: gmer.exe; Driver: C:\Users\Domenico\AppData\Local\Temp\pxldqkow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 662                                                             fffff800035b8066 51 bytes [F7, D1, 48, FF, C9, 48, 81, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 714                                                             fffff800035b809a 15 bytes {OR [RAX-0x2f], CL; JMP 0x48fbb717}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077571465 2 bytes [57, 77]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000775714bb 2 bytes [57, 77]
.text     ...                                                                                                                            * 2
?         C:\Windows\system32\mssprxy.dll [2864] entry point in ".rdata" section                                                         00000000746171e6
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     00000000775bf991 7 bytes {MOV EDX, 0x328e28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          00000000775bfbd5 7 bytes {MOV EDX, 0x328e68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              00000000775bfc05 2 bytes [BA, A8]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8              00000000775bfc08 4 bytes {XOR AL, [RAX]; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       00000000775bfc1d 2 bytes [BA, 28]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8       00000000775bfc20 4 bytes {XOR AL, [RAX]; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         00000000775bfc35 7 bytes {MOV EDX, 0x328f28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       00000000775bfc65 7 bytes {MOV EDX, 0x328f68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        00000000775bfce5 7 bytes {MOV EDX, 0x328ee8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       00000000775bfcfd 7 bytes {MOV EDX, 0x328ea8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 00000000775bfd49 7 bytes {MOV EDX, 0x328c68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      00000000775bfe41 7 bytes {MOV EDX, 0x328ca8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               00000000775c0099 7 bytes {MOV EDX, 0x328c28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000775c10a5 2 bytes [BA, E8]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8         00000000775c10a8 4 bytes {XOR AL, [RAX]; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               00000000775c111d 2 bytes [BA, 68]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8               00000000775c1120 4 bytes {XOR AL, [RAX]; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  00000000775c1321 7 bytes {MOV EDX, 0x328ce8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077571465 2 bytes [57, 77]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000775714bb 2 bytes [57, 77]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      00000000775bf991 7 bytes {MOV EDX, 0x2bfa28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           00000000775bfbd5 7 bytes {MOV EDX, 0x2bfa68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               00000000775bfc05 7 bytes {MOV EDX, 0x2bf9a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        00000000775bfc1d 7 bytes {MOV EDX, 0x2bf928; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          00000000775bfc35 7 bytes {MOV EDX, 0x2bfb28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        00000000775bfc65 7 bytes {MOV EDX, 0x2bfb68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         00000000775bfce5 7 bytes {MOV EDX, 0x2bfae8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        00000000775bfcfd 7 bytes {MOV EDX, 0x2bfaa8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  00000000775bfd49 7 bytes {MOV EDX, 0x2bf868; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       00000000775bfe41 7 bytes {MOV EDX, 0x2bf8a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                00000000775c0099 7 bytes {MOV EDX, 0x2bf828; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          00000000775c10a5 7 bytes {MOV EDX, 0x2bf9e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                00000000775c111d 7 bytes {MOV EDX, 0x2bf968; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   00000000775c1321 7 bytes {MOV EDX, 0x2bf8e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077571465 2 bytes [57, 77]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000775714bb 2 bytes [57, 77]
.text     ...                                                                                                                            * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     00000000775bf991 7 bytes {MOV EDX, 0x100da28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          00000000775bfbd5 7 bytes {MOV EDX, 0x100da68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              00000000775bfc05 7 bytes {MOV EDX, 0x100d9a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       00000000775bfc1d 7 bytes {MOV EDX, 0x100d928; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         00000000775bfc35 7 bytes {MOV EDX, 0x100db28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       00000000775bfc65 7 bytes {MOV EDX, 0x100db68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        00000000775bfce5 7 bytes {MOV EDX, 0x100dae8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       00000000775bfcfd 7 bytes {MOV EDX, 0x100daa8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 00000000775bfd49 7 bytes {MOV EDX, 0x100d868; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      00000000775bfe41 7 bytes {MOV EDX, 0x100d8a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               00000000775c0099 7 bytes {MOV EDX, 0x100d828; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         00000000775c10a5 7 bytes {MOV EDX, 0x100d9e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               00000000775c111d 7 bytes {MOV EDX, 0x100d968; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  00000000775c1321 7 bytes {MOV EDX, 0x100d8e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077571465 2 bytes [57, 77]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000775714bb 2 bytes [57, 77]
.text     ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----
Solidify is offline  
Sponsored Links
Advertisement
 
Old 07-22-2013, 10:07 AM   #2
TSF Enthusiast
 
Join Date: May 2011
Location: Quebec, Canada
Posts: 3,387
OS: Windows 10

My System


Restarted the computer and was provided with 2 BlueScreen error reports, which are attached:
Attached Files
File Type: zip 072213-134379-01.zip (57.0 KB, 31 views)
File Type: zip WER-306869-0.sysdata.zip (13.4 KB, 31 views)
Solidify is offline  
Old 07-22-2013, 10:24 AM   #3
TSF Enthusiast
 
Join Date: May 2011
Location: Quebec, Canada
Posts: 3,387
OS: Windows 10

My System


i was able to complete the gmer scan with the "sections" and "C:" drive box ticked. Nothing was detected. Here's the log:
Attached Files
File Type: zip gmer.zip (114 Bytes, 27 views)
Solidify is offline  
Sponsored Links
Advertisement
 
Old 07-22-2013, 12:15 PM   #4
TSF Enthusiast
 
Join Date: May 2011
Location: Quebec, Canada
Posts: 3,387
OS: Windows 10

My System


Disregard all my posts above this one. I managed to get the scans to work as they should. Below are the appropriate results.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Domenico at 15:11:01 on 2013-07-22
.
============== Running Processes ================
.
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Rainbow Technologies\sentLM\Server\lservnt.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
c:\program files (x86)\teamviewer\version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
uSearchAssistant = hxxp://search.searchamong.com/searchview.php?source=64020400f00960c0ef04052547b134b3&query={searchTerms}&cat=webs&bar=true
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &SearchAmong - C:\Program Files (x86)\SearchAmong Toolbar\SearchAmongToolbar.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://chyron.webex.com/client/T27LD/support/ieatgpc1.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F}\2454C4C4630353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1EC05A0D-E4C1-4420-85AA-BFA970C0E91F}\46F6D656E696361323 : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? Impcd;Impcd
R? MBAMService;MBAMService
R? netvsc;netvsc
R? qxxvdooi;qxxvdooi
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RoxMediaDB12OEM;RoxMediaDB12OEM
R? RoxWatch12;Roxio Hard Drive Watcher 12
R? Sentinel64;Sentinel64
R? SkypeUpdate;Skype Updater
R? SwitchBoard;Adobe SwitchBoard
R? Synth3dVsc;Microsoft Virtual 3D Video Transport Driver
R? SynthVid;SynthVid
R? terminpt;Microsoft Remote Desktop Input Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? tsusbhub;Remote Deskotop USB Hub
R? USBAAPL64;Apple Mobile USB Driver
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? anodlwf;ANOD Network Security Filter driver
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? atashost;WebEx Service Host for Support Center
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? D-Link Wireless N Dual Band DWA-160 _WPS;D-Link Wireless N Dual Band DWA-160 _WPS Service
S? Darusb_win7x;D-LInk DWA-160 11n Wireless LAN device driver
S? IntcDAud;Intel(R) Display Audio
S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? NisDrv;Microsoft Network Inspection System
S? nusb3hub;NEC Electronics USB 3.0 Hub Driver
S? nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver
S? PxHlpa64;PxHlpa64
S? SentinelLM;SentinelLM
S? TeamViewer8;TeamViewer 8
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-22 18:43:47 -------- d-----w- C:\Users\Domenico\AppData\Roaming\Avira
2013-07-22 18:33:28 83672 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-07-22 18:32:01 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-07-22 18:32:01 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-07-22 18:32:00 -------- d-----w- C:\ProgramData\Avira
2013-07-22 18:32:00 -------- d-----w- C:\Program Files (x86)\Avira
2013-07-21 02:32:05 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-20 00:42:56 -------- d-----w- C:\Windows\TempBCB83E94-EEC2-250F-A2AA-C5C9C39D345C-Signatures
2013-07-20 00:38:35 -------- d-----w- C:\Windows\System32\MRT
2013-07-19 23:47:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-19 23:47:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-19 23:40:17 -------- d-----w- C:\Program Files\Speccy
2013-07-11 19:01:41 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
.
==================== Find3M ====================
.
2013-07-22 18:36:18 204 ----a-w- C:\Windows\SysWow64\lsprst.dll
2013-06-12 23:36:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 23:36:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 0608 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 15:11:08.64 ===============



The other logs are attached, as requested.


Quote:
also tell us whether or not you have/have access to a Windows Install disc, or a Boot CD
Yes, I do have access.
Attached Files
File Type: zip Attach.zip (2.8 KB, 33 views)
Solidify is offline  
Old 08-08-2013, 08:14 PM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Solidify,

Our apologies for the oversight of your thread. By repeatedly adding posts so quickly, it appeared as though you were already being assisted so your thread kept getting passed by.

Do you still require assistance?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-09-2013, 06:53 AM   #6
TSF Enthusiast
 
Join Date: May 2011
Location: Quebec, Canada
Posts: 3,387
OS: Windows 10

My System


No I'm good.
Solidify is offline  
Old 08-09-2013, 08:02 AM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Great.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Update and Windows Defender not working
Windows Update When I try to run windows update I get the following message: Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer. Windows Defender When I try to run windows defender I get the following message:
Eterna1 Windows 7 , Windows Vista Support 8 09-17-2012 07:18 PM
[SOLVED] CPU would turn on but the not the monitor
Good Day! When I turn on the PC, the CPU would power up (fans, LED, CR-ROM) and all of that but not the monitor as the monitor light appears orange (as if its not connected). I'll turn the CPU off/on again until the monitor light turns blue and the start sequence goes through. I have checked...
airamtm Windows 7 , Windows Vista Support 29 07-04-2012 12:28 AM
Network adapter struggles (turns off randomly, doesn't turn back on)
Hey guys, been having this problem since Vista. I am now on Windows 7. I've had this adapter for about three years and it's been happening for most of it, as far as my recollection goes. Not sure if it's my card or whatever, but here's the rundown. I've got this desktop that uses a USB network...
darksteel88 Other Hardware Support 5 07-21-2011 06:06 PM
Motherboard is getting power; but won't turn on
Alright, so this is the weirdest problem i've ever had with a computer. I have loads of experience with computers, and this problem absolutely baffles me. Please, help me find a solution. Well-here's the problem. About 2 weeks ago, i bought a new PSU (it's a thermaltake Tr2 600W). It worked...
Jas.Savage Motherboards, Bios|UEFI & CPU 2 07-07-2011 07:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:12 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts