Computer Hang Problems W/ Malwarebytes

[baseboii22]

Hello all, I've been tinkering with my computer for a while and I noticed some problems when I went to install a game.

 

 

BACKSTORY TO WHERE IT ALL BEGAN:

I had some trouble with my firewall and then when I investigated I realized my firewall had been deactivated (I think because I have Microsoft Security Essentials installed and it has its own firewall).

Anyway, when I tried to change back my firewall to the recommended settings an error message popped up and said I didn't have enough privileges or something along those lines.

I thought it had something to do with having MSE installed so I then proceeded to try to uninstall that. Unfortunately I got a similar message. 
I noted that I often saw an error code x80070091 or x8007____ (I cant remember) when I even tried to re-install MSE after force uninstalling it with Revo Uninstaller.

Anyway, I eventually was able to get my firewall working thanks to some registry fixes (tweaking.com windows repair) and I thought everything was back to normal.

 

WHERE MALWAREBYTES COMES IN:

I wanted to make sure my computer was clean, especially after alot of hassle with administrator access problems. I had looked around on the web and kept seeing "rootkit" as a possible source of the problems.

I then went ahead to install malwarebytes and perform a quick scan to wipe away any potential problems.

It found over 100+ threats. WHen i looked at the list I saw the very words that I suspected : "rootkit" There were also alot of "PUPA something" and multiple trojans.

When I clicked to remove selected threats an URGENT! Restart computer now to take care of threats message popped up, which worried me.

Needless to say, when my computer restarted right after logging in (windows 7) my computer hung on my desktop with nothing loaded but my wallpaper and loading mouse pointer.

I tried multiple reboots and everytime my computer either hung on a black screen right after login or on the loading Welcome screen.

I wondered what went wrong, and eventually decided to system restore to before I installed malwarebytes.

 

Fast forward tinkering around with multiple malwarebyte installs and safe mode uninstalls, I realized that Malwarebytes has somehow caused my computer to have problems.

IMO, this rootkit is dormant when nothing is beind done, but when an anti-malware is installed it goes haywire and initiates self-destruct.

I know the problem isnt Malwarebytes itself but the issue is connected.

 

 

As of now until I can get help from others, I'll just be letting this rootkit sleep in my computer. It has to go though.

 

Can anyone help me with this?

 

 

Here are the logs that have been asked for :
 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer:   BrowserJavaVersion: 10.7.2

Run by James at 18:22:19 on 2013-09-05

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4022.2782 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AppleOSSMgr.exe

C:\Windows\system32\AppleTimeSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [WorkForce 610(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S6CF6.tmp" /EF "HKCU"

uRun: [AdobeBridge] <no file>

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-Explorer: DisallowRun = dword:1

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-DisallowRun: safe eyes.exe = safe eyes.exe

uPolicies-DisallowRun: SafeEyes.exe = SafeEyes.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: DisallowRun = dword:1

mPolicies-DisallowRun: Block SafeEyes = safeeyes.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 10.0.1.1

TCP: Interfaces\{928D5C70-74FB-4126-9A19-6CD6BABC96D9} : DHCPNameServer = 10.0.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-8-15 72024]

R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-8-15 16216]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2013-1-2 26024]

R1 RNDISM2k;RNDISM2k;C:\Windows\System32\drivers\RNDISM2k.sys [2013-1-3 41232]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-1 203264]

R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-8-15 224640]

R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2010-5-3 110904]

R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-8-15 17752]

R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2010-5-3 21048]

R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-10-28 79888]

R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-7-1 18944]

R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-7-1 18432]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2012-7-1 12032]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-25 283200]

R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-7-1 18432]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-11-2 32256]

R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2012-7-1 13312]

S1 hola_net;Hola Fast Internet Adapter;C:\Windows\System32\drivers\hola_net.sys [2013-3-21 86512]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2012-7-1 47104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-7-1 20992]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-8-10 31800]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\System32\drivers\rzdaendpt.sys [2012-5-7 26112]

S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-5-14 94208]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-5-14 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-2 59392]

S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2012-6-11 142848]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-09-05 16:26:02 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes

2013-09-05 16:25:56 -------- d-----w- C:\ProgramData\Malwarebytes

2013-09-05 14:50:57 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2013-09-05 14:24:04 1403104 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO8LP28V\video_downloader[1].exe

2013-09-05 14:22:52 -------- d-----w- C:\RegBackup

2013-09-05 14:21:30 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2013-09-05 03:19:42 -------- d-----w- C:\Users\James\AppData\Local\Ubisoft Game Launcher

2013-09-05 03:10:50 54280 ----a-w- C:\Windows\SysWow64\FirewallInstallHelper.dll

2013-09-05 03:09:47 54280 ----a-w- C:\Windows\System32\FirewallInstallHelper.dll

2013-08-30 05:46:37 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2013-08-21 18:23:12 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-08-15 07:01:12 -------- d-----w- C:\Windows\System32\MRT

2013-08-14 09:49:59 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-14 09:49:59 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-14 09:49:58 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-14 09:49:57 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-14 09:49:57 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-14 09:49:57 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-14 09:49:57 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-14 09:49:57 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-14 09:49:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-14 09:49:56 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll

2013-08-14 09:49:55 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-11 01:54:32 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-08-11 01:45:00 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2013-08-11 01:44:59 -------- d-----w- C:\Program Files\VS Revo Group

2013-08-11 01:30:31 -------- d-----w- C:\Users\James\AppData\Roaming\Riot Games

.

==================== Find3M  ====================

.

2013-09-05 17:59:59 354414429 ----a-w- C:\Windows\SysWow64\Nlscache.dll

2013-09-05 17:59:29 1024 ----a-w- C:\Windows\SysWow64\thunk.dll

2013-09-05 17:59:28 2560 ----a-w- C:\Windows\System32\thunk.dll

2013-08-21 18:23:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 18:23:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

.

============= FINISH: 18:25:37.81 ===============

 

 

 

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume3

Install Date: 7/1/2012 12:56:23 PM

System Uptime: 9/5/2013 1:59:23 PM (5 hours ago)

.

Motherboard: Apple Inc. |  | Mac-F2238AC8

Processor: Intel® Core™ i3 CPU         540  @ 3.07GHz | U2E1 | 1193/133mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

3RVX

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader XI (11.0.03)

Apple Software Update

Boot Camp Services

Borderlands 2

Castle Crashers Demo

CCleaner

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EPSON Scan

EPSON WorkForce 610 Series Printer Uninstall

EpsonNet Print

Google Chrome

HideIt

Java 7 Update 7

Java Auto Updater

Kernel for Windows Data Recovery ver 11.01.01

League of Legends

Micro Visual C 2012 delphi AD

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

Opera 12.02

PDF Settings CS6

PerfectDisk 12 Professional

Photo Common

Razer DeathAdder™ Mouse

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.5.8

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.0

Steam

TI-Nspire™ CAS Student Software

Tom Clancy's Splinter Cell® Blacklist™

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Uplay

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.10.3.9)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10)

Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)

Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)

Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3)

Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)

Windows Driver Package - Apple Inc. Apple Keyboard (03/24/2010 3.1.0.3)

Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)

Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)

Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)

Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)

Windows Driver Package - Apple Inc. System  (08/22/2008 2.1.1.1)

Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)

Windows Driver Package - Broadcom (b57nd60a) Net  (02/09/2010 14.0.0.7)

Windows Driver Package - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (03/24/2010 6.6001.1.24)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)

Windows Driver Package - Intel (e1express) Net  (02/06/2008 9.12.17.0)

Windows Driver Package - Intel (E1G60) Net  (01/08/2008 8.3.9.0)

Windows Driver Package - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)

Windows Driver Package - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)

Windows Driver Package - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)

Windows Driver Package - Intel Net  (02/06/2008 9.12.18.0)

Windows Driver Package - Intel Net  (06/13/2008 9.52.9.0)

Windows Driver Package - Intel Net  (07/22/2008 10.3.45.0)

Windows Driver Package - Intel Net  (08/05/2008 10.3.49.0)

Windows Driver Package - Intel Net  (11/07/2007 8.10.1.0)

Windows Driver Package - Intel System  (07/20/2007 1.2.76.0)

Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

 

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

• The logs can be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Zip any and all of these logs and attach the file to your next reply.
  

[baseboii22]

I am not able to retrieve these logs. I may have not made it clear but I removed every bit and trace of Malwarebytes (so i would assume for the folders as well) with uninstall and mbam.exe because having Malwarebytes on my computer causes the hanging. I can't have it installed, sometimes it freezes at the main menu, sometimes WHILE updating it (after installing it) and sometimes during a scan. Every time it freezes, I am forced to restart my computer and that's where i get stuck at the Welcome screen or have a black desktop after logging in.

[Psychotic]

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

• Double click the mbar.zip file to open it, then 'Extract all files'.
• Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

[baseboii22]

Here it is, 25 malware found... My goodness.

mbar-log-2013-09-10 (20-42-02).txt

[Psychotic]

Don´t panic!

 

 

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

[baseboii22]

Log from initial scan and cleanup

mbar-log-2013-09-11 (17-26-02).txt

[baseboii22]

2nd scan but no problems to cleanup

mbar-log-2013-09-11 (18-13-36).txt

[baseboii22]

Computer seems to be working fine, although on the first bootup after cleanup I did get that same black desktop screen for a couple of seconds then cmd (terminal) popped up and then the black went away.

My computer seems to be working fine. Can I get an OK to install the normal malwarebytes and scan with that?

[Psychotic]

We´re not finished yet.

 

 

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

 

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
    
    
    

  
  [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.
  

[baseboii22]

Update:

Finished the long scan from malwarebytes, ill attach the log.

All of the threats were PUPS.[something], there were about 10.

I selected all to be removed, and then was urged to restart the computer.

 

Once I restarted I faced the same exact problem I had in the beginning =/

Computer takes a long time on the Welcome screen and then a black screen greets me instead of my desktop loading.

I tried rebooting several times and the same thing happened each time.

I decided to go into safe mode and uninstall Malwarebytes because that's the solution i used last time.

Once I restarted computer back into normal mode after uninstalling my computer went back to normal.

HOWEVER, at first the screen was black, then an error message popped up saying it was unable to start the cleanup.dll of malwarebytes. (I'm assuming the PUPS threats were never removed)

 

So, yeah. The problem hasn't been fixed. I'll try running the Farbar scanner now to see what it does.

mbam-log-2013-09-12 (17-24-31).txt

[baseboii22]

Farbar Service Scanner Version: 13-09-2013

Ran by James (administrator) on 13-09-2013 at 15:33:37

Running from "C:\Users\James\Downloads"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

 

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[Psychotic]

Run fixdamage.exe

Navigate to the directory where you extracted mbar to.
Open the plugins folder and run fixdamge.exe by doubleclick.
Reboot and post up a new fss log.

[baseboii22]

Farbar Service Scanner Version: 13-09-2013

Ran by James (administrator) on 15-09-2013 at 15:38:59

Running from "C:\Users\James\Downloads"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

 

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[Psychotic]

Regfix
 
Please download the attached regfix.zip and extract its content to your desktop.
Run PolicyAgent.reg by double click and confirm the messages to merge the information into your registry.
 
When finished, repeat this procedure with the other .reg files.
 
Afterwards, create and post a new log with Farbar´s Service Scanner.

regfix.zip

[baseboii22]

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

[baseboii22]

Farbar Service Scanner Version: 13-09-2013

Ran by James (administrator) on 16-09-2013 at 18:27:40

Running from "C:\Users\James\Downloads"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

***sorry i i didnt copy + paste the whole thing in the last post

[Psychotic]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[baseboii22]

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Y767NGO\WingSearch(20120918)_wingsearch[1].exe a variant of Win32/Adware.Kraddare.GC application

C:\Users\Default\AppData\Roaming\WingSearch\openpotlib.dll a variant of Win32/Adware.Kraddare.GC application

C:\Users\Guest\AppData\Roaming\WingSearch\openpotlib.dll a variant of Win32/Adware.Kraddare.GC application

C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\8ad2ef-525daf42 Win32/TrojanProxy.Bakcorox.A trojan

C:\Users\James\Downloads\cbsidlm-tr1_10a-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application

C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (1).exe Win32/DownloadAdmin.G application

C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733 (2).exe Win32/DownloadAdmin.G application

C:\Users\James\Downloads\cbsidlm-tr1_11-Spyrix_Free_Keylogger-SEO-75708733.exe Win32/DownloadAdmin.G application

C:\Users\James\Downloads\Elite Keylogger 4.9.exe a variant of Win32/InstallCore.BA application

C:\Users\James\Downloads\elite_keylogger.exe Win32/Toggle.D.Gen application

C:\Windows\System32\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application

C:\Windows\SysWOW64\autosvr.exe a variant of Win32/KeyLogger.EliteKeylogger.AB application

E:\Users\James\Downloads\setup.exe a variant of Win32/AirAdInstaller.A application

[Psychotic]

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[baseboii22]

here is the log

combo fix log.txt

[Psychotic]

Full System Scan with Malwarebytes Antimalware

• 
  If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.
  

[baseboii22]

log

combo fix log.txt

[Psychotic]

That´s the wrong log, please post the one from mbam.

[baseboii22]

i didnt save the log when it popped up after the scan..

i pressed the restart button when it urged me to complete the removal process.

however, upon rebooting i got the same black desktop screen with a mouse pointer... the very problem at the beginning.

 

i already had to remove malwarebytes in safe mode so i could restart my computer succesfully.

do you want me to reinstall and do a scan again to save the log but not remove it?
i got the same popup "could not run cleanup.dll from malwarebytes, etc." upon rebooting after uninstallation.