Jump to content

Kaspersky continually crashes or gives error saying it didnt launch windows Updater changes settings without my concent


Recommended Posts

Kaspersky runs erratically or stops running in the middle of session.  I am locked out of my adminster settings Windows Updater keeps changing settings to "notify me" then locks me out of changing it saying I need administer privalages when I -am- the administrator.  I think malware or a virus or some kind of trojen maybe involved but am unsure here are my stats.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by matt at 20:10:20 on 2013-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2849 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\TiltWheelMouse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch


FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-06-19 21:56; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736]
.
=============== Created Last 30 ================
.
2013-06-20 22:24:40    --------    d-----w-    C:\Users\matt\AppData\Local\Diagnostics
2013-06-20 02:58:49    --------    d-----w-    C:\Users\matt\AppData\Roaming\LavasoftStatistics
2013-06-20 02:58:49    --------    d-----w-    C:\ProgramData\Ad-Aware Antivirus
2013-06-20 02:57:56    --------    d-----w-    C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-20 02:57:48    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-06-20 02:57:23    --------    d-----w-    C:\ProgramData\Search Protection
2013-06-20 02:57:22    --------    d-----w-    C:\Users\matt\AppData\Local\adawarebp
2013-06-20 02:57:22    --------    d-----w-    C:\ProgramData\blekko toolbars
2013-06-20 02:57:20    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2013-06-20 02:56:45    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2013-06-20 02:56:39    --------    d-----w-    C:\Program Files (x86)\adawaretb
2013-06-20 02:55:53    47496    ----a-w-    C:\Windows\System32\sbbd.exe
2013-06-20 02:55:53    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-20 02:55:52    --------    d-----w-    C:\Users\matt\AppData\Roaming\Ad-Aware Antivirus
2013-06-18 23:34:17    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll
2013-06-17 08:03:34    --------    d-----w-    C:\Games
2013-06-17 07:48:50    --------    d-----w-    C:\qfgcd
2013-06-15 02:52:23    --------    d-----w-    C:\U2M
2013-06-13 03:47:16    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
2013-06-13 03:45:54    --------    d-----w-    C:\Users\matt\AppData\Local\DOSBox
2013-06-12 04:50:44    --------    d-----w-    C:\Users\matt\AppData\Local\Macromedia
2013-06-12 04:50:03    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:50:03    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 04:49:36    --------    d-----w-    C:\Users\matt\AppData\Local\Adobe
2013-06-12 00:03:22    --------    d-----w-    C:\Sierra
2013-06-11 22:17:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-11 22:16:36    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-09 23:38:18    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-06-09 23:37:36    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-06-09 23:37:35    --------    d-----w-    C:\Windows\System32\Wat
2013-06-09 11:35:02    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-06-09 11:35:02    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-06-09 11:35:02    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-06-09 11:35:02    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-09 11:02:22    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-06-09 11:02:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-06-09 11:02:22    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-06-09 11:02:22    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-06-09 11:02:22    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-06-09 11:02:22    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-06-09 11:01:58    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-06-09 11:01:58    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-06-09 11:01:57    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-06-09 11:01:57    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-06-09 11:01:57    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-06-09 11:01:57    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-06-09 11:01:57    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-06-09 11:00:42    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-06-09 11:00:42    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-06-09 11:00:42    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-06-09 08:36:20    --------    d-----w-    C:\Windows\panther
2013-06-09 08:31:53    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-06-09 08:17:43    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-09 07:49:59    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-06-09 07:48:57    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-09 07:48:57    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-06-09 07:48:56    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-06-09 07:48:55    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-06-09 07:48:54    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-06-09 07:48:54    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-06-09 07:48:54    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-06-09 07:48:53    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-06-09 07:48:53    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2013-06-09 07:48:52    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-06-09 07:40:34    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-06-09 07:40:34    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-06-09 06:52:40    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-06-09 06:30:41    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-06-09 06:30:41    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-06-09 06:30:41    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-06-09 06:27:18    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-06-09 06:27:11    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-06-09 06:27:01    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-06-09 06:27:01    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-06-09 06:14:41    --------    d-----w-    C:\Users\matt\AppData\Roaming\Malwarebytes
2013-06-09 06:14:25    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-09 06:14:25    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-09 06:14:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-09 06:14:13    --------    d-----w-    C:\Users\matt\AppData\Local\Programs
2013-06-09 06:00:45    64856    ----a-w-    C:\Windows\System32\klfphc.dll
2013-06-09 06:00:33    --------    d-----w-    C:\Windows\ELAMBKUP
2013-06-09 06:00:31    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-06-09 06:00:31    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-06-09 06:00:27    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-06-09 05:55:45    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2013-06-09 05:55:15    --------    d-sh--w-    C:\Windows\Installer
2013-06-09 05:54:46    --------    d-----w-    C:\Program Files\ATI Technologies
2013-06-09 05:54:44    --------    d-----w-    C:\Program Files\ATI
2013-06-09 05:48:29    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-06-09 05:48:29    --------    d-----w-    C:\Program Files\Realtek
2013-06-09 05:48:23    412264    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-06-09 05:48:22    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-06-09 05:48:22    107624    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-06-09 05:48:19    2578576    ----a-w-    C:\Windows\System32\WavesGUILib.dll
2013-06-09 05:48:04    155888    ----a-w-    C:\Windows\System32\SRSWOW64.dll
2013-06-09 05:48:03    518896    ----a-w-    C:\Windows\System32\SRSTSX64.dll
2013-06-09 05:48:02    332392    ----a-w-    C:\Windows\System32\RtlCPAPI64.dll
2013-06-09 05:48:02    211184    ----a-w-    C:\Windows\System32\SRSTSH64.dll
2013-06-09 05:48:02    198896    ----a-w-    C:\Windows\System32\SRSHP64.dll
.
==================== Find3M  ====================
.
2013-06-18 23:15:28    54368    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-09 06:37:29    178448    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2013-06-09 06:37:28    29528    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-06-09 06:37:28    29016    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH: 20:10:32.17 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2013 12:43:51 AM
System Uptime: 6/20/2013 5:39:18 PM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | H61M-D2P-B3
Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 895.899 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Deskjet 1000 J110 series
Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
Manufacturer:
Name: Deskjet 1000 J110 series
PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
Service:
.
==== System Restore Points ===================
.
RP9: 6/9/2013 1:42:07 PM - Windows Update
RP10: 6/9/2013 5:17:17 PM - Windows Update
RP11: 6/9/2013 6:37:07 PM - Windows Update
RP12: 6/11/2013 5:16:50 PM - Windows Update
RP13: 6/12/2013 1:47:09 AM - Windows Update
RP14: 6/18/2013 6:33:12 PM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 11 Plugin
ATI Catalyst Install Manager
ATI Problem Report Wizard
HydraVision
Intel® Control Center
Intel® Management Engine Components
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable (x64)
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
ON_OFF Charge B11.0110.1
Quest for Glory Collection Series
Quest for Glory V: Dragon Fire
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
.
==== Event Viewer Messages From Past Week ========
.
6/20/2013 4:09:37 PM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

Link to post
Share on other sites

  • Root Admin

Hopefully I think the only problem you may have is too many antivirus products installed and possibly needing some exclusion settings.

The logs show that you have the following antivirus

Ad-Aware Antivirus

Kaspersky Internet Security

It's also showing a GFI Boot Time Operations Driver from VIPRE Antivirus

My recommendation would be to temporarily uninstall ALL versions of antivirus and disable the real time protection of Malwarebytes.

Reboot and make sure there are no issues by running a new DDS log for me.

Then if all is clear go ahead and reinstall the Kaspersky antivirus and reboot and ensure no issues still.

Then if all is still good we'll enable the Protection Module for MBAM and then set exclusions as needed.

Please remove the antivirus portions and disable MBAM realtime and let me know when you've done that and post back a new DDS set of logs.

Thanks

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by matt at 23:15:17 on 2013-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2830 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch


FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736]
.
=============== Created Last 30 ================
.
2013-06-20 22:24:40    --------    d-----w-    C:\Users\matt\AppData\Local\Diagnostics
2013-06-20 02:58:49    --------    d-----w-    C:\Users\matt\AppData\Roaming\LavasoftStatistics
2013-06-20 02:57:48    --------    d-----w-    C:\ProgramData\Downloaded Installations
2013-06-20 02:55:53    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-18 23:34:17    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll
2013-06-17 08:03:34    --------    d-----w-    C:\Games
2013-06-17 07:48:50    --------    d-----w-    C:\qfgcd
2013-06-15 02:52:23    --------    d-----w-    C:\U2M
2013-06-13 03:47:16    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
2013-06-13 03:45:54    --------    d-----w-    C:\Users\matt\AppData\Local\DOSBox
2013-06-12 04:50:44    --------    d-----w-    C:\Users\matt\AppData\Local\Macromedia
2013-06-12 04:50:03    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:50:03    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 04:49:36    --------    d-----w-    C:\Users\matt\AppData\Local\Adobe
2013-06-12 00:03:22    --------    d-----w-    C:\Sierra
2013-06-11 22:17:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-11 22:16:36    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-09 23:38:18    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-06-09 23:37:36    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-06-09 23:37:35    --------    d-----w-    C:\Windows\System32\Wat
2013-06-09 11:35:02    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-06-09 11:35:02    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-06-09 11:35:02    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-06-09 11:35:02    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-09 11:02:22    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-06-09 11:02:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-06-09 11:02:22    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-06-09 11:02:22    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-06-09 11:02:22    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-06-09 11:02:22    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-06-09 11:01:58    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-06-09 11:01:58    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-06-09 11:01:57    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-06-09 11:01:57    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-06-09 11:01:57    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-06-09 11:01:57    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-06-09 11:01:57    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-06-09 11:00:42    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-06-09 11:00:42    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-06-09 11:00:42    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-06-09 08:36:20    --------    d-----w-    C:\Windows\panther
2013-06-09 08:31:53    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-06-09 08:17:43    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-09 07:49:59    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-06-09 07:48:57    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-09 07:48:57    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-06-09 07:48:56    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-06-09 07:48:55    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-06-09 07:48:54    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-06-09 07:48:54    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-06-09 07:48:54    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-06-09 07:48:53    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-06-09 07:48:53    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2013-06-09 07:48:52    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-06-09 07:40:34    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-06-09 07:40:34    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-06-09 06:52:40    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-06-09 06:30:41    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-06-09 06:30:41    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-06-09 06:30:41    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-06-09 06:27:18    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-06-09 06:27:11    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-06-09 06:27:01    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-06-09 06:27:01    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-06-09 06:14:41    --------    d-----w-    C:\Users\matt\AppData\Roaming\Malwarebytes
2013-06-09 06:14:25    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-09 06:14:25    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-06-09 06:14:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-09 06:14:13    --------    d-----w-    C:\Users\matt\AppData\Local\Programs
2013-06-09 05:55:45    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2013-06-09 05:55:15    --------    d-sh--w-    C:\Windows\Installer
2013-06-09 05:54:46    --------    d-----w-    C:\Program Files\ATI Technologies
2013-06-09 05:54:44    --------    d-----w-    C:\Program Files\ATI
2013-06-09 05:48:29    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-06-09 05:48:29    --------    d-----w-    C:\Program Files\Realtek
2013-06-09 05:48:23    412264    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-06-09 05:48:22    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-06-09 05:48:22    107624    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-06-09 05:48:19    2578576    ----a-w-    C:\Windows\System32\WavesGUILib.dll
2013-06-09 05:48:04    155888    ----a-w-    C:\Windows\System32\SRSWOW64.dll
2013-06-09 05:48:03    518896    ----a-w-    C:\Windows\System32\SRSTSX64.dll
2013-06-09 05:48:02    332392    ----a-w-    C:\Windows\System32\RtlCPAPI64.dll
2013-06-09 05:48:02    211184    ----a-w-    C:\Windows\System32\SRSTSH64.dll
2013-06-09 05:48:02    198896    ----a-w-    C:\Windows\System32\SRSHP64.dll
.
==================== Find3M  ====================
.
2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH: 23:15:22.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2013 12:43:51 AM
System Uptime: 6/20/2013 11:10:51 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | H61M-D2P-B3
Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 897.696 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Deskjet 1000 J110 series
Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
Manufacturer:
Name: Deskjet 1000 J110 series
PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
Service:
.
==== System Restore Points ===================
.
RP9: 6/9/2013 1:42:07 PM - Windows Update
RP10: 6/9/2013 5:17:17 PM - Windows Update
RP11: 6/9/2013 6:37:07 PM - Windows Update
RP12: 6/11/2013 5:16:50 PM - Windows Update
RP13: 6/12/2013 1:47:09 AM - Windows Update
RP14: 6/18/2013 6:33:12 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
ATI Catalyst Install Manager
ATI Problem Report Wizard
HydraVision
Intel® Control Center
Intel® Management Engine Components
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable (x64)
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
ON_OFF Charge B11.0110.1
Quest for Glory Collection Series
Quest for Glory V: Dragon Fire
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
.
==== Event Viewer Messages From Past Week ========
.
6/20/2013 4:09:37 PM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

Link to post
Share on other sites

  • Root Admin

Please click on START and type in CMD and when it shows on the START Menu right click over it and choose "Run as administrator" and then type the following and press the Enter key. You should get a success message. If so then restart the computer again.

SC DELETE gfibto

 

Then next run the following.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

MiniToolBox by Farbar  Version: 16-06-2013
Ran by matt (administrator) on 20-06-2013 at 23:57:49
Running from "C:\Users\matt\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : matt-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-E5-49-31-1C-16
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8dee:7624:35b8:2a4a%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 20, 2013 11:54:04 PM
   Lease Expires . . . . . . . . . . : Friday, June 21, 2013 11:54:04 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 240182601
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-45-CF-9A-50-E5-49-31-1C-16
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:287d:1619:9c9b:bba(Preferred)
   Link-local IPv6 Address . . . . . : fe80::287d:1619:9c9b:bba%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  home
Address:  192.168.1.254

Name:    google.com
Addresses:  2001:4860:4002:802::1008
      74.125.227.4
      74.125.227.5
      74.125.227.6
      74.125.227.7
      74.125.227.8
      74.125.227.9
      74.125.227.14
      74.125.227.0
      74.125.227.1
      74.125.227.2
      74.125.227.3


Pinging google.com [74.125.227.131] with 32 bytes of data:
Reply from 74.125.227.131: bytes=32 time=33ms TTL=54
Reply from 74.125.227.131: bytes=32 time=32ms TTL=54

Ping statistics for 74.125.227.131:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server:  home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=43
Reply from 98.139.183.24: bytes=32 time=105ms TTL=43

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 105ms, Maximum = 106ms, Average = 105ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...50 e5 49 31 1c 16 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.69     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.69    276
     192.168.1.69  255.255.255.255         On-link      192.168.1.69    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.69    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.69    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.69    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:287d:1619:9c9b:bba/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::287d:1619:9c9b:bba/128
                                    On-link
 11    276 fe80::8dee:7624:35b8:2a4a/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 04:09:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.1.4210, time stamp: 0x509157b4
Faulting module name: ushata.dll, version: 13.0.1.4313, time stamp: 0x51ac5a4e
Exception code: 0xc0000005
Fault offset: 0x000010cc
Faulting process id: 0x5e4
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (06/20/2013 11:51:36 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/20/2013 11:37:49 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/20/2013 11:09:21 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/20/2013 11:04:43 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/20/2013 05:37:47 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/20/2013 04:09:37 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/19/2013 02:29:47 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/14/2013 10:44:47 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/14/2013 03:13:14 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/14/2013 02:00:06 AM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2013 04:09:23 PM) (Source: Application Error)(User: )
Description: avp.exe13.0.1.4210509157b4ushata.dll13.0.1.431351ac5a4ec0000005000010cc5e401ce6cd51d0ace39C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dllade12db2-d9ed-11e2-8f3f-50e549311c16

Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2013-06-20 20:55:08.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 20:55:08.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 20:55:08.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:38:16.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:38:16.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:38:16.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:37:14.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:37:14.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 19:37:14.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 18:20:30.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
ATI Catalyst Install Manager (Version: 3.0.741.0)
ATI Problem Report Wizard (Version: 3.0.741.0)
HydraVision (Version: 4.2.114.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
ON_OFF Charge B11.0110.1 (Version: 1.00.0001)
Quest for Glory Collection Series  (Version: )
Quest for Glory V: Dragon Fire  (Version: )
Realtek Ethernet Controller Driver (Version: 7.36.1224.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6282)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

========================= Devices: ================================

Name: Deskjet 1000 J110 series
Description: Deskjet 1000 J110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 4079.43 MB
Available physical RAM: 3077.53 MB
Total Pagefile: 8157.04 MB
Available Pagefile: 7047.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.08 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:897.7 GB) NTFS

========================= Users: ========================================

User accounts for \\MATT-PC

Administrator            Guest                    matt                     

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

Link to post
Share on other sites

  • Root Admin

Please run the following

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post
Link to post
Share on other sites

  • Root Admin

Okay. I'm assuming you're no longer having any issues is that correct? If so please go ahead now and reinstall your Kaspersky antivirus, register it, and update it. Then do a Quick System scan with Kaspersky and let me know if it finds anything.

Reboot the computer again and make sure there are still no errors or crashing. You can run it over night and get back to me tomorrow if needed and then we'll go ahead and add in the exclusions for MBAM and get that back up and running again as well.

Link to post
Share on other sites

  • Root Admin

One of our resident spam hunters Daledoc1 pointed me to this article about Kaspersky which may apply to your situation here as well.

Please review the following and if you are running IE10 then it looks like you'll need to drop back to IE9 until they have a fix for this.

http://support.kaspersky.com/9864

Link to post
Share on other sites

when I tried to install Kaspersky it failed and said "my computer could be infected" It told me to download something called KVRT when I did the download failed it stopped in the middle and could not download all the way so I could not install.  I sent a report to Kaspersky I do not know where it went and do not know if it is still present on my PC to send here. The site suggested I reinstall Kaspesky again. So I tried to reinstall Kaspersky again and it refused and prompted me to reboot first. It did not prompt me to reboot the first time I tried to install it. what could that mean?

Link to post
Share on other sites

before I read your last instruction I had managed to go to Kaspersky's website and download KVRT and run it. It crashed to a blue screen PAGE_FAULT_IN_NONPAGED_AREA I had to shut down and restart, sorry about that but was forced to because of the BSOD.

Link to post
Share on other sites

  • Root Admin

Please run the following steps one by one to get KAV reinstalled and working again.

STEP 1

Cleanly uninstall Kaspersky antivirus

STEP 2

If you have any of the following other security software it will need to be removed.

If you install Kaspersky Internet Security, the following products are always detected and suggested to be automatically deleted:

STEP 3

Follow the directions from this page on running a special tool to manually remove left over elements of Kaspersky Lab products

Service articles: Removal tool to uninstall Kaspersky Lab products

STEP 4

Go ahead and run the MBAM CLEAN removal tool again but for now do not reinstall MBAM but make sure you restart the computer.

STEP 5

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop.
STEP 6

Download the lastest installer for your version of Kaspersky antivirus from here

You may already get the Patch H from the installer but if not then check on it to make sure you get it.

Let me know if this routine gets Kaspersky antivirus reinstalled and working or not.

Link to post
Share on other sites

  • Root Admin

They are one of the few that don't appear to have a manual removal tool.

Here is a list of manual removal tools or processes for various software packages.

List of Uninstaller Tools

I'm not a fan of using any Registry Cleaners and they can potentially cause unexpected nuance issues that can break features of other software and most users never realize it was the Registry Cleaner that caused the issue.

I'd try to just ignore the Ad-Aware and move on. If it does fail again then as a last resort maybe use Revo Uninstaller

Link to post
Share on other sites

because I got an email from my friend who forewarded me some informaton about a virus on facebook which takes your bank account number and ss number. then places it on the black market.  I had clicked on some links on that site before I got a warning about "not clicking links on facebook" and did not know if I had the virus or not but wasn't taking any chances so I repartitoined/reinstalled Windows 7.

 

okay I installed Kaspersky with the installer and ran a quick scan(critical system file scan) and came up with no threats.  Have not reinstalled mbam yet. Do you still want to help me with the exclusion list?

Link to post
Share on other sites

  • Root Admin

Please try setting the following exclusions and let me know if you have any further issues or not.

If needed there is a little more information located here: http://forums.malwarebytes.org/index.php?showtopic=123449

 

 

 

To setup exclusions for Kaspersky Anti-Virus and Kaspersky Internet Security

Kaspersky Anti-Virus and Kaspersky Internet Security

Set Exclusions for Malwarebytes' Anti-Malware in Kaspersky Internet Security and Kaspersky Anti-Virus on 32 bit Windows Versions:

  • Open Kaspersky and click on Settings in the upper right-hand corner
  • Click on the right-most icon in the upper left to access Detected Threats and Exclusion Rules
  • Under Exclusions click on Settings...
  • In the Trusted zone window that pops up click on the Trusted applications tab
  • Click on the Add button and select Browse
  • In the browse window that opens navigate to C:\Program Files\Malwarebytes' Anti-Malware
  • Double-click on mbam.exe and in the window that pops up, click the box next to each of the items listed in the window so that they are all checked and click on OK
  • Do the same for each of the following:
    • mbam.exe
    • mbamgui.exe
    • mbamscheduler.exe
    • mbamservice.exe
  • Once that is complete, click on OK to close the exclusions window
  • Click on Apply at the bottom of the Settings window then click on OK
  • Close the Kaspersky main window
Set Exclusions for Malwarebytes' Anti-Malware in Kaspersky Internet Security and Kaspersky Anti-Virus on 64 bit Windows Versions:
  • Open Kaspersky and click on Settings in the upper right-hand corner
  • Click on the right-most icon in the upper left to access Detected Threats and Exclusion Rules
  • Under Exclusions click on Settings...
  • In the Trusted zone window that pops up click on the Trusted applications tab
  • Click on the Add button and select Browse
  • In the browse window that opens navigate to C:\Program Files (x86)\Malwarebytes' Anti-Malware
  • Double-click on mbam.exe and in the window that pops up, click the box next to each of the items listed in the window so that they are all checked and click on OK
  • Do the same for each of the following:
    • mbam.exe
    • mbamgui.exe
    • mbamscheduler.exe
    • mbamservice.exe
  • Once that is complete, click on OK to close the exclusions window
  • Click on Apply at the bottom of the Settings window then click on OK
  • Close the Kaspersky main window
Set Exclusions for Kaspersky Anti-Virus and Kaspersky Internet Security in Malwarebytes' Anti-Malware:
  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Kaspersky Lab and click OK
  • Close Malwarebytes' Anti-Malware
Link to post
Share on other sites

the only issue I had was when I used my back up CD to install mbam it stopped in the middle of the update. It attempted to update serveral times and failed in the middle of the download, it never did this before. Finally it did update but came up with two prompts telling me to install the latest version of mbam I thought it odd it came up twice so I picked the first prompt and discarded the second one.  I don't know if one of them was a fake or just some glitch in a server.  Then I tried to activate my PRO editon and even though I clearly copied and pasted from the numbers on the CD key text file it took serveral tries for mbam to accept it was the correct liscense information.  I don't know why it didn't work the first time as I merely copied and pasted the number repeatedly rather than hand typing it.

Link to post
Share on other sites

I am also going to be busy and may not get back to you as soon as before but here is the log.- it found nothing but I will post it anyway. So far no descernable problems on the PC I did both a quick and full scan with Kaspersky after updating defs and found no threats.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
matt :: MATT-PC [administrator]

Protection: Enabled

6/22/2013 10:02:54 PM
mbam-log-2013-06-22 (22-02-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202812
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.