Jump to content

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to c


Recommended Posts

Today when I try to run "Malwarebytes Anti-Rootkit I get a message that says:

 

"This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue."

 

I use Malwarebytes Anti-Virus Premium Edition.

 

I have run some reports [see Attached] but I do not know how to read them in order to identify the problem and to implement a cure.

 

If further information is required from me please let me know.

 

Could someone please assist me is this matter?

 

 

Thank you

attach.txt

dds.txt

CheckResults.txt

Link to post
Share on other sites

Hello, 
 

I use Malwarebytes Anti-Virus Premium Edition.

Malwarebytes Anti-Malware is not an Anti-Virus.
 

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue."

This is normal behaviour, and not of any concern. 
 

Could someone please assist me is this matter?

Is there any particular reason why you felt the need to run MBAR? 
 
Are you experiencing any other issues or symptoms of malware?

Link to post
Share on other sites

1.  Please accept my humble apologies for using the term "Anti-Virus Premium Edition."  I ought to have said:  "Malwarebytes "Anti-Malware." 

 

2.  If normal behavior constitutes a message when trying to run Malwarebyes Anti-Rootkit of:  "This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue." then I would like to know:

a.  How do I completely exit the Malwarebytes Anti-Malware in order to utilize the Malwarebytes Anti-Rootkit scan feature?  

 

3.  The particular reason "I feel the need" to run MBAR is that I suspect I may have an infection related to a "Rootkit."

 

a.  When I run Rogue Killer from the Bleeping Computer site I am getting indications of potential "Rootkit" issues in the form of eleven  suspicious: ( I AT:InL (Hook.IEAT )  

b. When I run a full system scan with Avast Free Anti-Virus [2015] the scan results beginning today shows "some files could not be scanned."

 

Insofar as the Rogue Killer indication of suspicious rootkits and the inability of Avast Anti-Virus [2015] to scan some files ocurred simultaneously on the same day the adage "better be safe than sorry" came to mind so I thought I would solicit advice from the experts at Malwarebytes.

 

Thank you in advance for both your assistance as well as your patience and understanding.

Link to post
Share on other sites

Hello,
 

a.  How do I completely exit the Malwarebytes Anti-Malware in order to utilize the Malwarebytes Anti-Rootkit scan feature?  

Right-click the Malwarebytes Anti-Malware icon in your System Tray, and click Exit
 
ahQXvoG.png
 
 

a.  When I run Rogue Killer from the Bleeping Computer site I am getting indications of potential "Rootkit" issues in the form of eleven  suspicious: ( I AT:InL (Hook.IEAT ) 

In most cases, these hooks are legitimate. 
 

b. When I run a full system scan with Avast Free Anti-Virus [2015] the scan results beginning today shows "some files could not be scanned."

Again, in most cases this is fine.
 
However, without seeing any logs I can't say for certain. 
Lets take a look. Please include the RogueKiller log (RKreport.txt) and avast! log in your next reply. 

 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKreport.txt
  • avast! log
  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Trusted Adviser:

 

1.  I am ashamed to confess I do not know how to find the Avast log in a format that I can cut and paste.  Can you provide me guidance on how to do this?

 

2.  I tried to send you all of the other reports that you requested I cut and paste to this reply but when I tried to send it to you I got a message saying it was too long to send and instructing me to shorten it.  Consequently I have attached some of the reports rather than pasting them.

 

RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lewis [Administrator]
Mode : Scan -- Date : 12/08/2014  16:09:47
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 12 (Driver: Not loaded [0xc000036b]) ¤¤¤
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
[iAT:Inl] (chrome.exe) aswCmnOS.dll - dep_strFreeString : C:\windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\MSVCR110.dll @ 0x7363b80d (jmp dword near [0x736e6268])
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] afd3e18634a03cfc5f5cd4c7c7c1540f
[bSP] 2ec32c4dafc030881e2a9675b975a583 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] a7c406ef14883c7612ee9d931648b6a6
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 29940 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_11142014_090921.log - RKreport_DEL_11142014_172802.log - RKreport_DEL_11152014_080038.log - RKreport_DEL_11152014_080058.log
RKreport_DEL_11152014_080408.log - RKreport_DEL_11152014_081817.log - RKreport_DEL_11152014_082020.log - RKreport_DEL_11152014_090828.log
RKreport_DEL_11152014_113130.log - RKreport_DEL_11152014_133749.log - RKreport_DEL_11152014_170455.log - RKreport_DEL_11162014_053032.log
RKreport_DEL_11162014_161509.log - RKreport_DEL_11212014_152532.log - RKreport_DEL_11222014_105050.log - RKreport_DEL_11222014_105058.log
RKreport_DEL_11232014_160826.log - RKreport_DEL_11242014_045727.log - RKreport_DEL_11252014_055648.log - RKreport_DEL_11262014_064140.log
RKreport_DEL_11302014_055856.log - RKreport_DEL_12022014_051336.log - RKreport_DEL_12022014_123214.log - RKreport_DEL_12022014_173516.log
RKreport_DEL_12032014_103733.log - RKreport_DEL_12032014_163215.log - RKreport_DEL_12052014_163352.log - RKreport_DEL_12072014_123502.log
RKreport_DEL_12082014_064244.log - RKreport_DEL_12082014_065059.log - RKreport_DEL_12082014_080030.log - RKreport_DEL_12082014_101318.log
RKreport_DEL_12082014_142633.log - RKreport_SCN_11142014_090836.log - RKreport_SCN_11142014_172410.log - RKreport_SCN_11142014_172739.log
RKreport_SCN_11152014_075940.log - RKreport_SCN_11152014_080628.log - RKreport_SCN_11152014_081758.log - RKreport_SCN_11152014_082009.log
RKreport_SCN_11152014_090714.log - RKreport_SCN_11152014_113121.log - RKreport_SCN_11152014_133607.log - RKreport_SCN_11152014_170359.log
RKreport_SCN_11162014_052245.log - RKreport_SCN_11162014_161423.log - RKreport_SCN_11212014_152331.log - RKreport_SCN_11222014_105030.log
RKreport_SCN_11232014_160744.log - RKreport_SCN_11242014_045637.log - RKreport_SCN_11252014_055110.log - RKreport_SCN_11262014_063944.log
RKreport_SCN_11302014_055838.log - RKreport_SCN_12022014_051317.log - RKreport_SCN_12022014_123116.log - RKreport_SCN_12022014_173455.log
RKreport_SCN_12032014_103634.log - RKreport_SCN_12032014_163051.log - RKreport_SCN_12052014_163336.log - RKreport_SCN_12072014_123412.log
RKreport_SCN_12082014_064206.log - RKreport_SCN_12082014_065020.log - RKreport_SCN_12082014_075838.log - RKreport_SCN_12082014_101305.log
RKreport_SCN_12082014_142547.log
 
 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/8/2014

Scan Time: 4:10:08 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2014.12.08.08

Rootkit Database: v2014.12.08.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Lewis

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 335001

Time Elapsed: 18 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014

Ran by Lewis at 2014-12-08 16:36:50
Running from C:\Users\Lewis\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden
Dell System Detect (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) Hidden
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-11-2014 11:59:25 Removed Google Drive
15-11-2014 18:45:54 Windows Update
16-11-2014 12:35:32 avast! antivirus system restore point
16-11-2014 13:39:27 Restore Operation
16-11-2014 15:51:28 avast! antivirus system restore point
17-11-2014 00:00:10 Windows Backup
19-11-2014 11:34:11 Windows Update
22-11-2014 16:36:13 ComboFix created restore point
23-11-2014 18:16:36 Removed Malwarebytes Secure Backup
24-11-2014 01:54:48 Windows Backup
25-11-2014 10:22:00 Configured Microsoft Outlook 2010
25-11-2014 14:21:14 Windows Update
01-12-2014 05:13:49 Windows Backup
03-12-2014 05:17:45 Windows Update
08-12-2014 05:48:54 Windows Backup
08-12-2014 15:14:04 Installed Sophos Virus Removal Tool.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-08 08:00 - 00000768 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08E7F967-E580-4036-9B5D-7DE3012A294F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {223A9C25-F81C-46EA-8C7D-4A79E134DC95} - System32\Tasks\{E0C02BB2-E10A-4787-843C-8DBE4BAFCF49} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-11-08] (Microsoft Corporation)
Task: {2F7B0BC0-94B4-49D2-B8C8-051B3FE16248} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {3787A3F1-83A5-4EEB-9EF5-BC374252B921} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {386CB256-2524-461C-89F9-F258780F6178} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {690EF210-3C3E-4D7C-8419-520B39C6F4DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {7620479D-5519-4082-B9AA-B11D5DCE2782} - System32\Tasks\{B9F54019-5895-4C67-8889-5CF0FCC26592} => C:\Program Files\Microsoft Security Client\msseces.exe
Task: {96F14597-6597-47ED-8DAB-3458EBF2B483} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C1F93649-549E-4AE4-8C31-236A17FE0B70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
Task: {C730324A-BB8C-4DA7-BBD3-A8AA188CD027} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [] (Microsoft Corporation)
Task: {C8A0B1EF-464E-430A-B8EA-4C9E1527B067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
Task: {DA9630F7-3B25-42E4-A2FE-73B9B88C28F0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-06] (Adobe Systems Incorporated)
Task: {DBE087F4-8B41-46B7-9017-DB78DC55353F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
Task: {DEF5643B-367E-4A5A-B336-F79B1EF5DB7F} - System32\Tasks\{68313C00-F4BB-4305-8EEB-2FC4046E7DBD} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: {F7A907E1-36E7-44DF-9288-E30D38D3B381} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-15 18:46 - 2011-09-15 18:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-03-03 15:50 - 2009-11-04 08:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2014-11-16 10:52 - 2014-11-16 10:52 - 00388208 ____C () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-16 10:52 - 2014-11-16 10:52 - 05851328 ____C () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-08 04:27 - 2014-12-08 04:27 - 02905088 ____C () C:\Program Files\AVAST Software\Avast\defs\14120800\algo.dll
2014-11-16 10:52 - 2014-11-16 10:52 - 04495336 ____C () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-08 14:05 - 2014-12-08 14:05 - 02905088 ____C () C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll
2014-11-16 10:53 - 2014-11-16 10:53 - 38562088 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-26 04:26 - 2014-11-25 01:39 - 01077064 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 04:26 - 2014-11-25 01:39 - 00211272 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 04:26 - 2014-11-25 01:39 - 09009480 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 04:26 - 2014-11-25 01:39 - 01677128 ____C () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 3
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Bluetooth Device Monitor => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 3
MSCONFIG\Services: BTHSSecurityMgr => 3
MSCONFIG\Services: DellDigitalDelivery => 3
MSCONFIG\Services: dleaCATSCustConnectService => 2
MSCONFIG\Services: dlea_device => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hmpalertsvc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: LMS => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: ReimageRealTimeProtection => 2
MSCONFIG\Services: sagentservice => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: SftService => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: UNS => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: SMessaging => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
MSCONFIG\startupreg: SOSUAUI => "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showui
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1422163307-3788927115-2030255185-500 - Administrator - Disabled)
Guest (S-1-5-21-1422163307-3788927115-2030255185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422163307-3788927115-2030255185-1002 - Limited - Enabled)
Lewis (S-1-5-21-1422163307-3788927115-2030255185-1000 - Administrator - Enabled) => C:\Users\Lewis
 
==================== Faulty Device Manager Devices =============
 
Name: TrueSight
Description: TrueSight
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TrueSight
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: avast! Firewall NDIS Filter Miniport #2
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: avast! Firewall NDIS Filter Miniport #10
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 04:01:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/08/2014 02:03:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:41:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (12/08/2014 00:30:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 11:44:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
 
System errors:
=============
Error: (12/08/2014 04:04:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/08/2014 02:16:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/08/2014 02:00:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 02:00:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 02:00:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 01:58:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (12/08/2014 01:58:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2014 04:01:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/08/2014 02:03:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:41:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (12/08/2014 00:31:02 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (12/08/2014 00:30:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/08/2014 11:44:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000A1BA0000A1BA0000980B0000
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-04 18:09:12.635
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-04 18:09:12.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-04 18:09:12.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-04 18:09:12.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-15 08:18:39.540
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-15 08:18:39.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-15 08:18:39.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-15 08:18:39.400
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-07 10:32:17.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-07 10:32:17.544
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 6051.18 MB
Available physical RAM: 2561.81 MB
Total Pagefile: 12100.54 MB
Available Pagefile: 9154.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:325.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDFF1CAD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

FRST.txt

1TDSS Attach.txt

Link to post
Share on other sites

Hello, 
 

Can you provide me guidance on how to do this?

  • Take a screenshot and post the image in your next reply. Instructions on how to take a screenshot can be found in this article.
  • Upload the image to Imgur.com and paste the URL in your next reply. 
     

Consequently I have attached some of the reports rather than pasting them.

That's quite alright. 
 
Those logs are all OK. 
Run this online scan to double-check. 
 
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Attached you will find the images of the "Avast Log."

 

I had to screen print two images as the lengthy size of the log would not accommodate a single image.

 

I ran ESET and the result showed "No Infections" but I did not see "two bullets to skip" and only saw the option to "Finish."

 

I will rerun ESET later today day to confirm I ran it correctly and can provide you with the log that you requested.

 

Thank you

post-62460-0-08117100-1418212850_thumb.j

post-62460-0-52980600-1418212861_thumb.j

Link to post
Share on other sites

This morning something popped up with ADWCleaner.

 

Rogue Killer still shows some things but they are perhaps of no consequence.

 

Other than these potential issues all seems well.

 

# AdwCleaner v4.105 - Report created 10/12/2014 at 11:57:24
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R56].txt - [833 octets] - [22/11/2014 10:36:45]
AdwCleaner[R57].txt - [867 octets] - [22/11/2014 14:20:16]
AdwCleaner[R58].txt - [927 octets] - [23/11/2014 15:53:40]
AdwCleaner[R59].txt - [987 octets] - [24/11/2014 04:43:36]
AdwCleaner[R60].txt - [1047 octets] - [25/11/2014 05:26:20]
AdwCleaner[R61].txt - [1109 octets] - [26/11/2014 06:26:29]
AdwCleaner[R62].txt - [1170 octets] - [30/11/2014 05:48:55]
AdwCleaner[R63].txt - [1232 octets] - [02/12/2014 05:00:29]
AdwCleaner[R64].txt - [1293 octets] - [02/12/2014 12:33:24]
AdwCleaner[R65].txt - [1354 octets] - [02/12/2014 17:36:33]
AdwCleaner[R66].txt - [1415 octets] - [03/12/2014 10:30:23]
AdwCleaner[R67].txt - [1476 octets] - [03/12/2014 16:33:15]
AdwCleaner[R68].txt - [1537 octets] - [08/12/2014 06:16:34]
AdwCleaner[R69].txt - [468 octets] - [08/12/2014 08:15:06]
AdwCleaner[R70].txt - [1658 octets] - [08/12/2014 08:25:09]
AdwCleaner[R71].txt - [1719 octets] - [09/12/2014 10:59:47]
AdwCleaner[R72].txt - [2054 octets] - [10/12/2014 11:54:46]
AdwCleaner[s10].txt - [1919 octets] - [10/12/2014 11:57:24]
AdwCleaner[s9].txt - [894 octets] - [22/11/2014 10:38:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s10].txt - [2039 octets] ##########
 

 

 

post-62460-0-19650300-1418232788_thumb.j

post-62460-0-78597000-1418232803_thumb.j

Link to post
Share on other sites

Hello, 
 
The files flagged by AdwCleaner are of no real concern. 
The process flagged by RogueKiller is a false-positive, and as said earlier, those hooks in the Antirootkit tab are fine. 
 
As far as I'm concerned, your machine isn't infected, and you don't need to worry. 
I can provide instructions to run additional scans if this will ease your mind, but I do not believe it to be necessary. 
 
If you're happy with how things are we can remove the tools used. 
Please let me know.

Link to post
Share on other sites

Excellent. :)

 

All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. smile.png    
Adam

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.