I may be infected.. Need advice/assistance please

[Yoo123]

Hello,

 

I am not too savvy when it comes to computer issues including viruses and other malware. I have read some basic guides and still need clarification on whether I am taking the right steps to remove any threats from my computer.

 

I am using a Microsoft Surface Pro 64GB - Please see the picture below for a more detailed description.

 

http://prntscr.com/1i25a4

 

 

This is a picture of my task manager

 

http://prntscr.com/1i23ls

 

http://prntscr.com/1i23th

 

http://prntscr.com/1i23xk

 

http://prntscr.com/1i245r

 

 

This is the result from my malwarebytes full system scan-

 

 

 

 

Database version: v2013.07.28.06

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16580

Yossef :: [administrator]

 

Protection: Enabled

 

7/28/2013 3:20:37 PM

mbam-log-2013-07-28 (15-20-37).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 541081

Time elapsed: 54 minute(s), 33 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

Thanks for any help

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Yoo123]

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Yossef [Admin rights]

Mode : Scan -- Date : 07/28/2013 17:18:11

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] Lightshot.exe -- C:\Users\Yossef\AppData\Local\Skillbrains\lightshot\4.4.1.0\LightShot.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\Yossef\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1526184691-4286644188-3345769814-1001\[...]\Run : LightShot (C:\Users\Yossef\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7][x][x]) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: C400-MTFDDAT064MAM +++++

--- User ---

[MBR] 790ef0a652df2215fe6ddb1bece35940

[bSP] 412f591b093cb4d3703364af67573e50 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: C400-MTFDDAT064MAM +++++

--- User ---

[MBR] 8752273f349251cedf7c6209cdd11aac

[bSP] 804dbf71ce7b1f906f09fbead2fc17a2 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_07282013_171811.txt >>

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2

Run by Yossef at 17:19:49 on 2013-07-28

Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3980.1298 [GMT -4:00]

.

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

D:\AVG\avgfws.exe

D:\AVG\avgidsagent.exe

D:\AVG\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\mvbtrcsvcx64.exe

C:\windows\system32\dashost.exe

D:\Malwarebytes' Anti-Malware\mbamscheduler.exe

D:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

D:\AVG\avgnsa.exe

C:\windows\system32\svchost.exe -k imgsvc

D:\AVG\avgemca.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

D:\AVG\avgcsrva.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

D:\AVG\avgrsa.exe

D:\AVG\avgcsrva.exe

D:\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\windows\Explorer.EXE

D:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\taskhostex.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Yossef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\StikyNot.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Java\jre7\bin\java.exe

D:\AVG\avgui.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

D:\Yo Files\WOW\World of Warcraft\Wow.exe

D:\Yo Files\WOW\World of Warcraft\Utils\WowBrowserProxy.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\msiexec.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit = userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Gadwin PrintScreen Pro] C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash

uRun: [spotify Web Helper] "C:\Users\Yossef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [spotify] "C:\Users\Yossef\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe

uRun: [LightShot] C:\Users\Yossef\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

uRun: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume2

Install Date: 3/17/2013 4:52:02 PM

System Uptime: 7/28/2013 4:53:28 PM (1 hours ago)

.

Motherboard: Microsoft Corporation |  | Surface with Windows 8 Pro

Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 51 GiB total, 1.019 GiB free.

D: is FIXED (NTFS) - 931 GiB total, 865.574 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

avast! Free Antivirus

AVG 2013

Bonjour

D3DX10

Facebook Video Calling 1.2.0.287

Gadwin PrintScreen Professional

Google Chrome

Google Update Helper

Gyazo 1.0

Java 7 Update 25

Java Auto Updater

lightshot-4.4.1.0

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Office 365 Home Premium - en-us

Microsoft Silverlight

Microsoft SkyDrive

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT110

MSVCRT110_amd64

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Photo Common

Skype™ 6.6

Spotify

Spybot - Search & Destroy

SwiftKit

TeamSpeak 3 Client

TeamViewer 8

Visual Studio 2010 x64 Redistributables

WD Drive Utilities

WD Security

WD SmartWare

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

7/28/2013 4:53:48 PM, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.

7/28/2013 4:53:42 PM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

7/28/2013 4:53:29 PM, Error: volmgr [46]  - Crash dump initialization failed!

7/28/2013 4:53:29 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

7/28/2013 4:53:13 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

7/28/2013 3:50:44 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/28/2013 3:32:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

7/28/2013 3:13:24 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-UAC/Operational.

7/25/2013 7:11:03 PM, Error: Tcpip [4294]  - An attempt to clear a packet coalescing filter on the network adapter with hardware address 60-45-BD-91-40-08 has failed (IPv4 0xc0010011 4).

7/25/2013 7:11:03 PM, Error: Tcpip [4294]  - An attempt to clear a packet coalescing filter on the network adapter with hardware address 60-45-BD-91-40-08 has failed (IPv4 0xc0010011 3).

7/24/2013 6:30:24 PM, Error: Tcpip [4294]  - An attempt to clear a packet coalescing filter on the network adapter with hardware address 60-45-BD-91-40-08 has failed (IPv4 0xc0010011 2).

7/24/2013 6:30:24 PM, Error: Tcpip [4294]  - An attempt to clear a packet coalescing filter on the network adapter with hardware address 60-45-BD-91-40-08 has failed (IPv4 0xc0010011 1).

.

==== End Of File ===========================

 

[MrCharlie]

Can you please post the complete DDS log.....MrC

[Yoo123]

sorry- 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2

Run by Yossef at 17:19:49 on 2013-07-28

Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3980.1298 [GMT -4:00]

.

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

D:\AVG\avgfws.exe

D:\AVG\avgidsagent.exe

D:\AVG\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\mvbtrcsvcx64.exe

C:\windows\system32\dashost.exe

D:\Malwarebytes' Anti-Malware\mbamscheduler.exe

D:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

D:\AVG\avgnsa.exe

C:\windows\system32\svchost.exe -k imgsvc

D:\AVG\avgemca.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

D:\AVG\avgcsrva.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

D:\AVG\avgrsa.exe

D:\AVG\avgcsrva.exe

D:\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\windows\Explorer.EXE

D:\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\taskhostex.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Yossef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\StikyNot.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Java\jre7\bin\java.exe

D:\AVG\avgui.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

D:\Yo Files\WOW\World of Warcraft\Wow.exe

D:\Yo Files\WOW\World of Warcraft\Utils\WowBrowserProxy.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\msiexec.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit = userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Gadwin PrintScreen Pro] C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash

uRun: [spotify Web Helper] "C:\Users\Yossef\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [spotify] "C:\Users\Yossef\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe

uRun: [LightShot] C:\Users\Yossef\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

uRun: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "D:\AVG\avgui.exe" /TRAYONLY

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\3486164796C61684F6573756 : DHCPNameServer = 192.168.0.1 205.152.144.23

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\530353530213234303 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\944535F5E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\95F637375666023486164796C6162E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{1A5B857C-8E3C-41DF-AB33-BBE09B548643}\964737 : DHCPNameServer = 192.168.1.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Yossef\AppData\Roaming\Mozilla\Firefox\Profiles\vzhwb5td.default\

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-4-5 65336]

R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-4-5 189936]

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]

R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-4-5 1030952]

R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-4-5 378944]

R1 Avgfwfd;AVG network filter service;C:\windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-6-27 248632]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-4-5 33400]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-4-5 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-26 46808]

R2 avgfws;AVG Firewall;D:\AVG\avgfws.exe [2013-4-10 1428472]

R2 AVGIDSAgent;AVGIDSAgent;D:\AVG\avgidsagent.exe [2013-5-14 4937264]

R2 avgwd;AVG WatchDog;D:\AVG\avgwdsvc.exe [2013-4-18 283136]

R2 Marvell Bluetooth Radio Control Service;Marvell Bluetooth Radio Control Service;C:\windows\System32\mvbtrcsvcx64.exe [2013-1-30 97792]

R2 MBAMScheduler;MBAMScheduler;D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-28 418376]

R2 MBAMService;MBAMService;D:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-28 701512]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-28 1900728]

R2 SBSDWSCService;SBSD Security Center Service;D:\Spybot - Search & Destroy\SDWinSec.exe [2013-7-28 1153368]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-17 3560288]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]

R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-7-28 25928]

R3 mwlu97w8;mwlu97w8;C:\windows\System32\Drivers\mwlu97w8x64.sys [2013-1-30 1528320]

R3 SensorsHIDClassDriver;UMDF Reflector service for SensorsHIDClassDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

R3 SensorsServiceDriver;UMDF Reflector service for SensorsServiceDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

R3 SurfaceAccessoryDevice;Surface Accessory Device Service;C:\windows\System32\Drivers\SurfaceAccessoryDevice.sys [2013-3-22 1612880]

R3 TrackpadSettingsDriver;TrackpadSettingsDriver Service;C:\windows\System32\Drivers\TrackpadSettingsDriver.sys [2013-1-9 36952]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\windows\System32\Drivers\BrSerIb.sys [2013-4-24 95344]

S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\windows\System32\Drivers\BrUsbSib.sys [2013-4-24 21872]

S3 kbfilter;Surface Touch Cover Filter Device Service;C:\windows\System32\Drivers\SurfaceTouchCover.sys [2013-1-9 29256]

S3 Marvell AVASTAR Bluetooth Radio Adapter;Marvell AVASTAR Bluetooth Radio Adapter;C:\windows\System32\mvbtrcsvcx64.exe install --> C:\windows\System32\mvbtrcsvcx64.exe install [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-1-9 243712]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 vmbusr;Virtual Machine Bus Provider;C:\windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-1-9 23552]

.

=============== Created Last 30 ================

.

2013-07-28 19:26:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-07-28 19:25:36 -------- d-----w- C:\Users\Yossef\AppData\Roaming\AVG2013

2013-07-28 19:24:57 -------- d-----w- C:\Users\Yossef\AppData\Roaming\TuneUp Software

2013-07-28 19:24:30 -------- d-----w- C:\ProgramData\AVG2013

2013-07-28 19:20:01 -------- d--h--w- C:\ProgramData\Common Files

2013-07-28 19:20:01 -------- d-----w- C:\Users\Yossef\AppData\Local\MFAData

2013-07-28 19:20:01 -------- d-----w- C:\Users\Yossef\AppData\Local\Avg2013

2013-07-28 19:20:01 -------- d-----w- C:\ProgramData\MFAData

2013-07-28 19:17:18 -------- d-----w- C:\Users\Yossef\AppData\Roaming\Malwarebytes

2013-07-28 19:16:50 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-28 19:16:44 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-07-26 02:42:28 -------- d-----w- C:\Users\Yossef\VanquishCache

2013-07-24 12:45:49 -------- d-----w- C:\Users\Yossef\AppData\Roaming\IObit

2013-07-14 17:11:25 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2013-07-14 17:11:25 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2013-07-14 17:08:50 -------- d-----w- C:\ProgramData\Battle.net

2013-07-13 20:26:27 -------- d-----w- C:\Users\Yossef\.WinAppData

2013-07-05 23:44:15 141824 ----a-w- C:\windows\SysWow64\mctu.dllbak

2013-07-05 23:44:11 13440 ----a-w- C:\windows\System32\drivers\u3hpatch64.sys

2013-07-05 23:44:10 178688 ----a-w- C:\windows\System32\mctux.dllbak

2013-07-05 23:44:10 -------- d-----w- C:\Program Files (x86)\Common Files\MCTWDDM

2013-07-05 23:44:10 -------- d-----w- C:\Program Files (x86)\Common Files\DesktopUtil

2013-07-05 23:43:42 -------- d-----w- C:\Program Files (x86)\MCT Corp

2013-07-05 01:36:38 -------- d-----w- C:\Users\Yossef\AmbitionPKcache1

2013-07-04 20:27:49 -------- d-----w- C:\Users\Yossef\AmbitionPKcache

2013-07-04 14:47:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-07-04 14:46:57 -------- d-----w- C:\Program Files\Bonjour

2013-07-04 14:46:57 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-07-03 21:25:53 -------- d-----w- C:\Program Files (x86)\Skillbrains

2013-07-03 21:25:51 -------- d-----w- C:\Users\Yossef\AppData\Local\Skillbrains

2013-07-03 21:25:47 -------- d-----w- C:\Users\Yossef\AppData\Local\Programs

2013-07-02 14:00:14 -------- d-----w- C:\Users\Yossef\AppData\Roaming\TS3Client

2013-07-01 23:15:38 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-01 21:54:53 -------- d-----w- C:\Users\Yossef\AppData\Local\Western_Digital

2013-07-01 21:54:15 -------- d-----w- C:\Program Files\Western Digital

2013-07-01 21:53:56 -------- d-----w- C:\Program Files (x86)\Western Digital

2013-07-01 21:53:56 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital

2013-07-01 21:53:40 -------- d-----w- C:\ProgramData\Western Digital

.

==================== Find3M  ====================

.

2013-07-01 23:15:33 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-07-01 23:15:33 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-06-27 22:06:32 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-06-27 22:06:32 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-06-27 04:46:36 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys

2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr

2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-02 14:22:04 2274480 ----a-w- C:\windows\System32\coin94.dll

.

============= FINISH: 17:20:14.05 ===============

[MrCharlie]

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

 

You can't have all these anti-virus programs installed and running, they only conflict with each other and provide spotty protection.

Make sure Defender is disabled:

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

Pick AVG or AVAST as your anti-virus and uninstall the other.

---------------------------------------------------------

Not much showing in the logs but lets run some scans........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[Yoo123]

I removed AVAST and ran the scan

 

Here are the logs-

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

 

Database version: v2013.07.28.07

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16580

Yossef :: YOSSEFCHATILA [administrator]

 

7/28/2013 6:35:52 PM

mbar-log-2013-07-28 (18-35-52).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 305012

Time elapsed: 9 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16580

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.696000 GHz

Memory total: 4173066240, free: 1154969600

 

Initializing...

------------ Kernel report ------------

     07/28/2013 18:35:02

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\avgwfpa.sys

\SystemRoot\system32\DRIVERS\avgfwd6a.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\HECIx64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\msgpiowin32.sys

\SystemRoot\System32\drivers\SurfaceAccessoryDevice.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\drivers\dc3d.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\System32\drivers\wdcsam64.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\mwlu97w8x64.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\drivers\TrackpadSettingsDriver.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8004a4e060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000004d\

Lower Device Object: 0xfffffa8004a5eb00

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0Scan Interrupted

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004532060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004532b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004532060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8003af1610, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8003a997f0, DeviceName: \Device\0000003c\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

Scan was aborted.

Downloaded database version: v2013.07.28.07

Downloaded database version: v2013.07.15.01

Initializing...

------------ Kernel report ------------

     07/28/2013 18:35:44

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\avgwfpa.sys

\SystemRoot\system32\DRIVERS\avgfwd6a.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\HECIx64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\msgpiowin32.sys

\SystemRoot\System32\drivers\SurfaceAccessoryDevice.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\drivers\dc3d.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\System32\drivers\wdcsam64.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\mwlu97w8x64.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\drivers\TrackpadSettingsDriver.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004532060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004532b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004532060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8003af1610, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8003a997f0, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: B826BBD0

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 152111554

    GPT Header CurrentLba = 1 BackupLba 125045423

    GPT Header FirstUsableLba 34  LastUsableLba 125045390

    GPT Header Guid e6735213-5793-417a-b061-b2111bbadae1

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 152111554

    Backup GPT header CurrentLba = 125045423 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 125045390

    Backup GPT header Guid e6735213-5793-417a-b061-b2111bbadae1

    Backup GPT header Contains 128 partition entries starting at LBA 125045391

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID b03c17cb-7840-433c-a49a-21c81d3d2e1

    FirstLBA 2048  Last LBA 1230847

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 1e970046-2bcc-4e45-89b7-d8a93fcf732e

    FirstLBA 1230848  Last LBA 1640447

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID a31d3cea-3eaf-4baf-9b14-b8f3922280c4

    FirstLBA 1640448  Last LBA 1902591

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 1038147d-b1b9-4a15-97d5-34518e855a5c

    FirstLBA 1902592  Last LBA 108660735

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 890d0830-cc49-46f2-9464-c25c4e74ab49

    FirstLBA 108660736  Last LBA 125044735

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 64023257088 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8004a4e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004a4eb10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004a4e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8004a5eb00, DeviceName: \Device\0000004d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 23F15

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 1953456128

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 1000170586112 bytes

Sector size: 512 bytes

 

Done!

Read File:  File "c:\programdata\avg2013\chjw\4e1aea7b1aea6007.dat:139d6e11-9a6d-464b-bad2-4e7ea52b475f" is sparse (flags = 32768)

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removal finished

[MrCharlie]

That scan was clean......

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

• Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
• Now click on the Search tab.
• Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[Yoo123]

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 19:51:50

# Updated 19/07/2013 by Xplode

# Operating system : Windows 8 Pro  (64 bits)

# User : Yossef - YOSSEFCHATILA

# Boot Mode : Normal

# Running from : C:\Users\Yossef\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\PRODUCTIVITY\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\USER\AppData\LocalLow\AskToolbar

Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\Yossef\AppData\Roaming\Mozilla\Firefox\Profiles\vzhwb5td.default\prefs.js

 

[OK] File is clean.

 

File : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8v8bhpfg.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Yossef\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Users\PRODUCTIVITY\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2707 octets] - [28/07/2013 19:50:27]

AdwCleaner[R2].txt - [2777 octets] - [28/07/2013 19:51:50]

 

########## EOF - C:\AdwCleaner[R2].txt - [2837 octets] ##########

[MrCharlie]

Some adware found....lets clear it out.....

• Please re-run AdwCleaner
• Click on Delete button.
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Update and run a scan with your AVG, let me know if it finds anything.

MrC

[Yoo123]

I have done the ADWcleaner part however when I restarted my computer AVG does not respond or is offline whenever I attempt to run a scan.

[MrCharlie]

When did this happen?? MrC

[Yoo123]

After this part

Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note- I forgot to add the log file.. Will do this when I return (15-30min typing from my phone)

[MrCharlie]

Malwarebytes Anti-Rootkit creates a system restore point, see if you can use it.

MrC

[Yoo123]

The restore has worked.. as far as the adware log goes is there some place I can find the .txt file? I am scanning my computer with AVG now.

[MrCharlie]

Good....

You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

It may not be there though.

MrC

[Yoo123]

The scan has just finished and found nothing (full system scan) and this is what I found as far as the log goes for ADW

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 20:01:31

# Updated 19/07/2013 by Xplode

# Operating system : Windows 8 Pro  (64 bits)

# User : Yossef - YOSSEFCHATILA

# Boot Mode : Normal

# Running from : C:\Users\Yossef\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\PRODUCTIVITY\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\USER\AppData\LocalLow\AskToolbar

Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\Yossef\AppData\Roaming\Mozilla\Firefox\Profiles\vzhwb5td.default\prefs.js

 

[OK] File is clean.

 

File : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8v8bhpfg.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Yossef\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Users\PRODUCTIVITY\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2707 octets] - [28/07/2013 19:50:27]

AdwCleaner[R2].txt - [2894 octets] - [28/07/2013 19:51:50]

AdwCleaner[R3].txt - [2954 octets] - [28/07/2013 20:00:41]

AdwCleaner[R4].txt - [3073 octets] - [28/07/2013 20:01:12]

AdwCleaner[s1].txt - [302 octets] - [28/07/2013 20:01:03]

AdwCleaner[s2].txt - [3050 octets] - [28/07/2013 20:01:31]

 

########## EOF - C:\AdwCleaner[s2].txt - [3110 octets] ##########

[MrCharlie]

It all looks OK to me....

How's it running?? MrC

[Yoo123]

Seems like it's running a little smoother... I just want to be sure there isn't anything, which it seems like we have solved any issues which may have been present hopefully... 

 

Does it seem like there isn't anything major from these logs we've run? 

[MrCharlie]

No, nothing major....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[Yoo123]

It seems AVG is non-responsive again... This happens every time I restart the system, here is a picture..

 

http://prntscr.com/1i41fn

 

 

Also the txt file- 

 

 Results of screen317's Security Check version 0.99.71  

   x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.224  

 Mozilla Firefox (22.0) 

 Google Chrome 28.0.1500.71  

 Google Chrome 28.0.1500.72  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

[MrCharlie]

Can you re-install or repair AVG?? MrC

[Yoo123]

Repaired it, should be fine now hopefully. Everything is back to normal with AVG 

[MrCharlie]

OK, the other logs look OK.

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

 

Cached version:
http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

 

Good Luck and Thanks for using the forum, MrC

[Yoo123]

Thanks for the help. I have another question which I will message you about.