Jump to content

Infected -- can't get Windows Defender to start


Recommended Posts

I've picked up something nasty and hidden that Malware Bytes can't find, nor can Spybot or something like the Kaspersky rescue disk. The main obvious symptom is that I can't get Windows Defender to start. If I try to start the service, I get an Error 577, and I can't change the service to start automatically.

 

Here's DDS.txt and Attach.txt.

 

--

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16384  BrowserJavaVersion: 10.45.2
Run by Stephen at 20:34:02 on 2013-12-08
Microsoft Windows 8.1  6.3.9600.0.1252.1.1033.18.16331.14253 [GMT -6:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utils\CrashPlan\CrashPlanService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\EscSvc64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\setup.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\skydrive.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\RTFTrack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
C:\Program Files\Utils\CrashPlan\CrashPlanTray.exe
C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - 
TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - 
uRun: [Amazon Cloud Player] C:\Users\Stephen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [Google Update] "C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\Multimedia\iTunes\iTunesHelper.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stephen\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Stephen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CRASHP~1.LNK - C:\Program Files\Utils\CrashPlan\CrashPlanTray.exe
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{506DDF6D-6890-481D-87AB-8A34717F8C7F} : DHCPNameServer = 150.201.1.2
TCP: Interfaces\{F2BFA0CF-E6EC-4018-852F-CFF9FBA69AD2} : DHCPNameServer = 192.168.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: QTTabBar AutoLoader: {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - 
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: QTTabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - 
x64-TB: QTTab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - 
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [synLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [shadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\arww0gjb.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Multimedia\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Stephen\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\WINDOWS\System32\drivers\excsd.sys [2013-5-19 95024]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-5-19 647736]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-11-14 39768]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2013-5-19 39008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 excfs;ExpressCache File System Filter Driver;C:\WINDOWS\System32\drivers\excfs.sys [2013-5-19 23344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-9-30 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-30 1132480]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\Utils\CrashPlan\CrashPlanService.exe [2013-4-8 222720]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2013-6-25 135824]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-19 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-19 166720]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 15125280]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-8-11 1907896]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-29 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-29 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-29 171416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-5-15 33560]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-8-22 224768]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\drivers\btmhsf.sys [2012-10-1 1337216]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 JMCR;JMCR;C:\WINDOWS\System32\drivers\jmcr.sys [2012-7-22 174176]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-8-22 129224]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NETwNe64;@oem65.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew00.sys [2013-9-4 3345376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2013-10-29 39200]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2013-5-19 8230160]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2013-1-21 31032]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2013-8-22 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-19 365376]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 CVShell Service;CVShell Service;C:\Program Files (x86)\ACD Systems\Canvas 12\CVShellSrv.exe [2010-12-23 257400]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2013-11-14 111616]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2013-8-22 924512]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-8-22 146272]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2013-8-22 124256]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2013-8-22 346872]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2013-5-19 102376]
.
=============== Created Last 30 ================
.
2013-12-09 02:29:57 -------- d-sh--w- C:\found.000
2013-11-30 05:02:31 -------- d-----w- C:\Users\Stephen\AppData\Roaming\LavasoftStatistics
2013-11-30 04:47:03 -------- d-----w- C:\Program Files\Lavasoft
2013-11-30 04:44:57 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-11-30 04:36:37 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Malwarebytes
2013-11-30 04:36:09 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-30 04:36:08 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-11-30 04:36:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-30 04:20:55 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2013-11-30 04:07:39 -------- d---a-r- C:\Users\Stephen\SkyDrive
2013-11-29 20:50:55 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{803306A2-EE21-401B-8B76-8F19E8CD66A8}\mpengine.dll
2013-11-28 09:55:26 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-22 03:49:03 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Comic Vine Scraper
2013-11-20 04:19:44 -------- d-----w- C:\Users\Stephen\AppData\Local\NVIDIA Corporation
2013-11-16 14:20:21 -------- d-----w- C:\Users\Stephen\AppData\Local\Deployment
2013-11-16 13:56:41 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
2013-11-16 13:56:41 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2DFFE92-DA69-4FAC-95BC-4CA4D165F479}\gapaengine.dll
2013-11-16 03:10:02 -------- d-----w- C:\Users\Stephen\AppData\Roaming\cYo
2013-11-16 03:10:02 -------- d-----w- C:\Users\Stephen\AppData\Local\cYo
2013-11-16 03:08:48 -------- d-----w- C:\Program Files\ComicRack
2013-11-16 02:43:55 -------- d-----w- C:\Program Files (x86)\Video to Video
2013-11-15 20:04:37 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2013-11-15 02:25:44 10752 ----a-w- C:\WINDOWS\System32\E_GCINST.DLL
2013-11-15 02:25:43 120320 ----a-w- C:\WINDOWS\System32\E_ILMIBA.DLL
2013-11-15 02:25:42 83968 ----a-w- C:\WINDOWS\System32\E_ID4BIBE.DLL
2013-11-15 02:25:42 83968 ----a-w- C:\WINDOWS\System32\E_ID4BIBA.DLL
2013-11-14 17:01:30 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-14 16:23:04 -------- d-sh--w- C:\Recovery
2013-11-14 16:22:53 -------- dc----w- C:\WINDOWS\Panther
2013-11-14 16:22:02 -------- d-----w- C:\Windows.old
2013-11-14 16:21:38 1341288 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-11-14 16:21:38 1067008 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-11-14 16:21:13 19283048 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-14 16:21:13 18673008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-14 16:21:09 872840 ----a-w- C:\WINDOWS\System32\mfplat.dll
2013-11-14 16:21:09 698232 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2013-11-14 16:21:01 977408 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
2013-11-14 16:21:01 294400 ----a-w- C:\WINDOWS\System32\Windows.Devices.Sensors.dll
2013-11-14 16:21:01 225792 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
2013-11-14 16:21:01 1286552 ----a-w- C:\WINDOWS\System32\msctf.dll
2013-11-14 16:21:01 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Streaming.dll
2013-11-14 16:21:01 1018960 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2013-11-14 16:20:39 18577408 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-11-14 16:20:39 13925888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-11-14 16:20:39 13176320 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-11-14 16:20:39 11674112 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-11-14 16:20:16 869888 ----a-w- C:\WINDOWS\SysWow64\twinui.appcore.dll
2013-11-14 16:20:16 2801664 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-11-14 16:20:16 1085952 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
2013-11-14 16:20:16 1019392 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-11-14 16:18:10 828416 ----a-w- C:\WINDOWS\System32\BFE.DLL
2013-11-14 16:18:10 136536 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2013-11-14 16:18:10 1104384 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2013-11-14 16:18:05 1943536 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-11-14 16:18:05 1581968 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-11-14 16:14:38 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-11-14 16:14:38 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-14 16:14:37 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-11-14 16:14:36 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-11-14 16:14:36 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-14 16:14:35 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-11-14 16:14:21 155480 -c--a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
2013-11-14 14:58:53 -------- d---a-r- C:\Users\Stephen\SkyDrive (2).old
2013-11-14 14:26:08 -------- d-----w- C:\Program Files\Realtek
2013-11-14 14:26:07 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2013-11-14 14:25:45 922912 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2013-11-14 14:25:45 6669600 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2013-11-14 14:25:45 63776 ----a-w- C:\WINDOWS\System32\nvshext.dll
2013-11-14 14:25:45 597280 ----a-w- C:\WINDOWS\SysWow64\oemdspif.dll
2013-11-14 14:25:45 3489568 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2013-11-14 14:25:45 2559776 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2013-11-14 14:25:45 219424 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2013-11-14 14:25:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-11-14 14:25:17 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-11-14 14:25:10 -------- d-----w- C:\Program Files\Synaptics
.
==================== Find3M  ====================
.
2013-11-19 10:30:34 267936 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-11-14 16:14:20 41472 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2013-11-14 16:14:20 289792 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcGenral.dll
2013-11-14 16:14:20 2413568 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2013-11-14 16:14:19 442880 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-11-08 20:47:40 1064224 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2013-11-08 20:47:39 955168 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2013-11-07 18:02:30 53248 ----a-w- C:\WINDOWS\SysWow64\zlib.dll
2013-11-05 23:31:26 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-11-05 23:31:26 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 08:02:36 589600 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2013-10-08 12:50:37 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-09-30 04:07:35 1641496 ----a-w- C:\WINDOWS\System32\winload.efi
2013-09-30 04:07:35 1506168 ----a-w- C:\WINDOWS\System32\winload.exe
2013-09-30 04:07:35 1476184 ----a-w- C:\WINDOWS\System32\winresume.efi
2013-09-30 04:07:35 1344984 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-09-30 04:06:41 744448 ----a-w- C:\WINDOWS\System32\SettingSyncCore.dll
2013-09-30 04:06:41 688640 ----a-w- C:\WINDOWS\System32\MrmIndexer.dll
2013-09-30 04:06:41 669184 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2013-09-30 04:06:41 631808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2013-09-30 04:06:41 584192 ----a-w- C:\WINDOWS\SysWow64\SettingSyncCore.dll
2013-09-30 04:06:41 560128 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2013-09-30 04:06:41 515072 ----a-w- C:\WINDOWS\SysWow64\MrmIndexer.dll
2013-09-30 04:06:41 476672 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2013-09-30 03:51:12 788480 ----a-w- C:\WINDOWS\System32\mblctr.exe
2013-09-30 03:47:55 5632 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-09-30 03:47:55 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2013-09-30 03:47:55 11264 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2013-09-30 03:47:54 7680 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2013-09-27 23:01:44 39200 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2013-09-24 00:10:43 108968 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2013-09-24 00:10:41 973736 ----a-w- C:\WINDOWS\System32\deployJava1.dll
2013-09-24 00:10:41 1095080 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll
.
============= FINISH: 20:35:29.19 ===============
 
--
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume3
Install Date: 11/14/2013 8:55:19 AM
System Uptime: 12/8/2013 8:30:29 PM (0 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 884 GiB total, 370.441 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.252 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: NVIDIA GeForce GT 650M 
Device ID: PCI\VEN_10DE&DEV_0FD1&SUBSYS_397217AA&REV_A1\4&249F8FB2&0&0009
Manufacturer: NVIDIA
Name: NVIDIA GeForce GT 650M 
PNP Device ID: PCI\VEN_10DE&DEV_0FD1&SUBSYS_397217AA&REV_A1\4&249F8FB2&0&0009
Service: nvlddmkm
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Audition CS5.5
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5.1
Amazon Cloud Player
Amazon Kindle
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Bonjour
Bulk Rename Utility 2.7.1.2
calibre 64bit
Canvas 12
CCleaner
ComicRack v0.9.175
ComicTagger
CrashPlan
Dropbox
Energy Management
EPSON Scan
EPSON XP-400 Series Printer Uninstall
Evernote v. 5.0.3
Everything 1.2.1.371
ExpressCache
Fade In Professional Screenwriting Software
FEZ
FileZilla Client 3.7.3
foobar2000 v1.2.8
FTL: Faster Than Light
GeForce Experience NvStream Client Components
Google Chrome
Google Talk Plugin
Google Update Helper
Intel AppUp(SM) center
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Java 7 Update 40 (64-bit)
Java 7 Update 45
Java Auto Updater
JMicron Flash Media Controller Driver
K-Lite Codec Pack 9.9.5 (64-bit)
K-Lite Codec Pack 9.9.5 (Full)
LAV Filters 0.55.3
Lenovo EasyCamera
Lenovo OneKey Recovery
Little Inferno
Malwarebytes Anti-Malware version 1.75.0.1300
Mark of the Ninja
MetroTwit Loop
Microsoft Office Home and Student 2013 - en-us
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MKVToolNix 6.3.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
MSVCRT Redists
MusicBrainz Picard
Notepad++
Nullsoft Install System
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Onekey Theater
OpenAL
PDF Settings CS5
PDFCreator
Proteus
PuTTY version 0.62
QTTabBar 1.5.0.0 Beta 2
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
QuickPar 0.9
Realtek High Definition Audio Driver
SABnzbd 0.7.14
ScummVM 1.6.0
Shared C Run-time for x64
SHIELD Streaming
Skype™ 6.5
Software Updater
Space Quest 1-2-3
Spybot - Search & Destroy
Stacking
Steam
SumatraPDF
Synaptics Pointing Device Driver
The Secret of Monkey Island: Special Edition
Torchlight II
Unity Web Player
UserGuide
Vegas Pro 12.0 (64-bit)
Video to Video
VLC media player 2.0.8
WinDirStat 1.1.2
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
WinMerge 2.14.0
WinSCP 5.2.5 beta
XCOM: Enemy Unknown
Xming 6.9.0.31
.
==== Event Viewer Messages From Past Week ========
.
12/8/2013 8:31:36 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume \\?\Volume{6f94e1f5-9c4f-4309-8418-9c21cef10fe4}. A file on the volume is no longer reachable from its parent directory.  The parent file reference number is 0x2000000000002.  The name of the parent directory is "<unable to determine file name>".  The parent index attribute is ":$I30:$INDEX_ALLOCATION".  The file reference number of the file that needs to be reconnected is 0x10000000617e5.  There may be additional files on the volume that also need to be reconnected to this parent directory.
12/8/2013 8:31:28 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{F2BFA0CF-E6EC-4018-852F-CFF9FBA69AD2} because another computer on the network has the same name.  The server could not start.
12/8/2013 8:31:28 PM, Error: NetBT [4321]  - The name "SARGENT        :0" could not be registered on the interface with IP address 192.168.11.39. The computer with the IP address 192.168.11.50 did not allow the name to be claimed by this computer.
12/8/2013 8:31:27 PM, Error: NetBT [4321]  - The name "SARGENT        :20" could not be registered on the interface with IP address 192.168.11.39. The computer with the IP address 192.168.11.50 did not allow the name to be claimed by this computer.
12/8/2013 8:31:13 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=1500) while initializing logging resources for channel System.
12/8/2013 8:30:38 PM, Error: Microsoft-Windows-Ntfs [98]  - Volume \\?\Volume{6f94e1f5-9c4f-4309-8418-9c21cef10fe4} (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

You are runnning Windows 8.1, with that operating system Windows Defender is slightly different to similar versions that run on Windows Vista or Windows 7, with Windows 8.1 Defender also has an Anti-Virus component, exactly the same as Microsoft Security Essentials.

 

There is also a second Security System installed Ad-aware, that is disabled but is a full system, that maybe the reason for WD not starting. Remove Lavasoft Adaware then try WD again...

 

http://www.lavasoft.com/mylavasoft/support/supportcenter/faqs/how-to-uninstall

 

If WD issue is still there run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Post the produced logs...

 

 

fixlist.txt

Link to post
Share on other sites

FRST run. Fixlog.txt follows.

 

--

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 03
Ran by Stephen at 2013-12-09 07:51:28 Run:1
Running from C:\Users\Stephen\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Stephen\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Stephen\SkyDrive (2).old:ms-properties
End
 
 
 
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
"C:\Users\Stephen\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Stephen\SkyDrive (2).old" => ":ms-properties" ADS not found.
 
==== End of Fixlog ====
 
Malwarebytes run with a full scan and with PUPs shown and flagged for removal. No results.
 
Farbar Service Scanner run. FSS.txt follows.
 
--
 
Farbar Service Scanner Version: 05-12-2013
Ran by Stephen (administrator) on 09-12-2013 at 09:07:16
Running from "C:\Users\Stephen\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 07:25] - [2013-08-22 07:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84
 
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-14 10:19] - [2013-11-14 10:19] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A
 
C:\Windows\System32\dnsrslvr.dll
[2013-11-14 10:19] - [2013-11-14 10:19] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9
 
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-14 10:18] - [2013-11-14 10:18] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D
 
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-14 10:19] - [2013-11-14 10:19] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
Link to post
Share on other sites

Select start, in the search box type cmd tap enter right click on the black cmd icon that opens and select run as administartor.

At the command prompt either type or copy paste the following:

sc start WinDefend Enable

Tap enter after that command.

Type exit

Tap enter after that command.

Reboot, does Defender run?
 

Link to post
Share on other sites

No such luck. Services won't let me start Windows Defender. It throws the following error:

 

>sc start WinDefend Enable

[sC] StartService FAILED 577:
 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Link to post
Share on other sites

 

Unfortunately, system file checker wasn't able to fix everything, and Windows Defender still won't start. Below is the console output, and I've attached the information extracted from the cbs.log file generated by my running sfc.

 

--

 

C:\WINDOWS\system32>sfc /scannow

 

Beginning system scan.  This process will take some time.

 

Beginning verification phase of system scan.

Verification 100% complete.

 

Windows Resource Protection found corrupt files but was unable to fix some

of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not

supported in offline servicing scenarios.

 

C:\WINDOWS\system32>sc start WinDefend Enable

[sC] StartService FAILED 577:

 

Windows cannot verify the digital signature for this file. A recent hardware or

software change might have installed a file that is signed incorrectly or damage

d, or that might be malicious software from an unknown source.

 

sfcdetails.txt

Link to post
Share on other sites

Maybe the best option is to either Refresh or use System Restore and go back to a point in time prior to the installation of LavaSoft Ad aware, it look very much like that has given major problem...

 

Have a look/read here: http://windows.microsoft.com/en-gb/windows-8/restore-refresh-reset-pc read instructions fully couple of times or print them off...

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.