Jump to content

longhorn

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrC, your help is much appreciated. My issue is gone and my computer is now back to normal. I learned a lot along the way. Thanks!!!

  2. Below you will find the Checkup.txt results. Thanks!! ~~~~~~~~ Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (28.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Endpoint Security 10 for Windows avp.exe Kaspersky Lab Kaspersky Endpoint Security 10 for Windows x64 wmi64.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  3. Thanks, the links helped. I cleaned up a few Google Chrome items and also found that I needed to reset Firefox. It looks like the issue is completely resolved. Any last steps? I really appreciate the help. Thanks!!
  4. I have included the Fixlog.txt contents below. It looks like progress was made. I'm not seeing some of the things I was seeing previously. However, the Chrome manual reset didn't seem to work. After resetting, Chrome is still defaulting to Key-Find. Any other things that I can try here? Your patience and help are truly appreciated. Thanks!! ~~~~~~~~ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02 Ran by Ricardo at 2014-04-17 07:26:16 Run:1 Running from C:\Users\Ricardo\Desktop\FRST64 Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\ViewPassword-soft\ViewPasswordFIX158.exe HKLM-x32\...\Run: [] => [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1397417909&from=tugs&uid=SAMSUNGXHM640JJ_S2AQJ1LZC08743C08743&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {AB2EEB4B-DFDF-4207-9E49-F7EB1E187ED9} URL = FF DefaultSearchEngine: key-find FF SelectedSearchEngine: key-find FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\key-find.xml FF Extension: ViewPassword - C:\Program Files (x86)\ViewPassword-soft\158.xpi [2014-04-13] CHR Extension: (ViewPassword) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-13] C:\Program Files (x86)\ViewPassword-soft ***************** C:\Program Files (x86)\ViewPassword-soft\ViewPasswordFIX158.exe => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB2EEB4B-DFDF-4207-9E49-F7EB1E187ED9} => Key deleted successfully. HKCR\CLSID\{AB2EEB4B-DFDF-4207-9E49-F7EB1E187ED9} => Key deleted successfully. Firefox newtab deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key deleted successfully. "FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found. HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key deleted successfully. FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found. C:\Program Files (x86)\mozilla firefox\searchplugins\key-find.xml => Moved successfully. C:\Program Files (x86)\ViewPassword-soft\158.xpi => Moved successfully. C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc => Moved successfully. C:\Program Files (x86)\ViewPassword-soft => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  5. I have attached the following FRST logs: FRST.txt and Addition.txt. Thanks!! FRST.txt Addition.txt
  6. I'm posting the following logs: Rkill, AdwCleaner, JRT, and MBAM. Thanks!! ~~~~~~~~ Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/16/2014 10:21:42 AM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Active Proxy Server Detected * Proxy Disabled. * ProxyOverride value deleted. * ProxyServer value deleted. * AutoConfigURL value deleted. * Proxy settings were backed up to Registry file. Checking Registry for malware related settings: * No issues found in the Registry. Backup Registry file created at: C:\Users\Ricardo\Desktop\rkill\rkill-04-16-2014-10-22-04.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/16/2014 10:25:00 AM Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s) # AdwCleaner v3.023 - Report created 16/04/2014 at 10:32:40 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Ricardo - RALAPORTE # Running from : C:\Users\Ricardo\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v5.0.1 (en-US) [ File : C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\tk1bgsm1.default\prefs.js ] [ File : C:\Users\ralaporte\AppData\Roaming\Mozilla\Firefox\Profiles\mq0ji1m9.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3045 octets] - [15/04/2014 07:16:26] AdwCleaner[R1].txt - [1189 octets] - [15/04/2014 07:43:25] AdwCleaner[R2].txt - [1250 octets] - [15/04/2014 07:48:23] AdwCleaner[R3].txt - [1370 octets] - [15/04/2014 07:53:10] AdwCleaner[R4].txt - [1490 octets] - [16/04/2014 10:30:19] AdwCleaner[s0].txt - [3074 octets] - [15/04/2014 07:24:18] AdwCleaner[s1].txt - [1313 octets] - [15/04/2014 07:49:47] AdwCleaner[s2].txt - [1433 octets] - [15/04/2014 07:54:10] AdwCleaner[s3].txt - [1413 octets] - [16/04/2014 10:32:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1473 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Ricardo on Wed 04/16/2014 at 10:39:27.02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Ricardo\AppData\Roaming\mozilla\firefox\profiles\tk1bgsm1.default\extensions\jcwvkvwbil@jcwvkvwbil.org.xpi [Tracur] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 04/16/2014 at 10:49:06.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.16.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Ricardo :: RALAPORTE [administrator] 4/16/2014 10:56:42 AM mbam-log-2014-04-16 (10-56-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 317181 Time elapsed: 8 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. I have attached the TDSSKiller log, as well as, the ComboFix file. Thanks!! TDSSKillerLog.txt ComboFix.txt
  8. Thanks for the welcome and for the help. I have followed the instructions and I'm posting the requested information below (results from MBAM, DDS, and RogueKiller). ~~~~~~~~ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Ricardo :: RALAPORTE [administrator] 4/15/2014 5:56:11 PM mbam-log-2014-04-15 (17-56-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 308717 Time elapsed: 11 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.51.2 Run by Ricardo at 18:15:14 on 2014-04-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8124.5998 [GMT -7:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe C:\Program Files (x86)\ViewPassword-soft\ViewPasswordFIX158.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mStart Page = www.google.com mDefault_Page_URL = www.google.com mDefault_Search_URL = www.google.com mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [MSCRM] "C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /uninstallpst mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [Diagnostics] rundll32.exe "C:\Users\Ricardo\AppData\Local\Google\Diagnostics\qofbfdk.dll",CreateInstance uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: dell.com TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\54C644F6271646F6 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\65162756C6160244F6271646F60234F6572747 : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\94E46494E4944555D483231303 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\94E46494E4944555D483930323 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\94E6475627E616 : DHCPNameServer = 192.168.1.99 TCP: Interfaces\{A66698C8-4353-4E39-882E-E9A44808D44C}\E4544574541425 : DHCPNameServer = 192.168.5.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\tk1bgsm1.default\ FF - prefs.js: browser.search.selectedEngine - key-find FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 klfde;Kaspersky Lab Full Disk Encryption;C:\Windows\System32\drivers\klfde.sys [2012-12-15 158744] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-14 55280] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-1-14 21616] R1 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\System32\drivers\klfltdev.sys [2012-9-13 32088] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-11-23 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-11-22 54104] R1 klvfs;Kaspersky Lab klvfs;C:\Windows\System32\drivers\klvfs.sys [2013-1-17 215312] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-11-16 178008] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-24 98208] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-14 13336] R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-12 68928] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624] R2 TracSrvWrapper;Check Point Endpoint Security VPN;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2011-3-6 4298256] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-14 2533400] R2 ViewPassword;ViewPassword;C:\Program Files (x86)\ViewPassword-soft\ViewPasswordFIX158.exe [2014-4-13 141824] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-11-24 27760] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-14 175168] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-24 56344] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-24 7689216] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-24 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-24 184968] R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-11-24 29288] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2011-3-6 161256] S2 AVP;Kaspersky Endpoint Security Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [2013-1-20 729744] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/14 04:47:15;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-9-28 254448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-8-8 15768] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-11-24 169048] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-25 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-25 57856] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-26 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2013-11-10 25088] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2014-03-23 18:35:34 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-03-23 18:35:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2014-03-23 18:35:34 67072 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-23 18:35:34 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-23 18:35:34 3960320 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-23 18:35:34 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-23 18:35:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-23 18:35:34 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-23 18:35:34 2241536 ----a-w- C:\Windows\System32\wininet.dll 2014-03-23 18:35:34 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-03-23 18:35:34 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2014-03-23 18:35:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2014-03-03 03:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-03-03 03:02:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-03-03 03:02:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-03-03 03:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-03-03 02:52:27 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2014-03-03 02:52:27 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-03-03 02:52:27 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-03-03 02:52:27 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-03-03 02:50:53 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-17 23:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2014-01-17 23:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 18:17:15.42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/25/2011 7:27:57 PM System Uptime: 4/15/2014 5:51:38 PM (1 hours ago) . Motherboard: Dell Inc. | | 00YWG2 Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 494.227 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP323: 4/15/2014 5:46:48 PM - Cleaning 15-APR-2014 . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Apple Mobile Device Support Bonjour CCleaner Dell Dock Dell Edoc Viewer GoToMeeting 6.2.0.1350 iCloud Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor iTunes Java 6 Update 22 (64-bit) Kaspersky Endpoint Security 10 for Windows Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Office 64-bit Components 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 NVIDIA Display Control Panel NVIDIA Drivers NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application Quickset64 Shared C Run-time for x64 Synaptics Pointing Device Driver Windows Live ID Sign-in Assistant Windows Live Language Selector Windows Live MIME IFilter Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources WinRAR 4.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 4/8/2014 8:15:35 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FUCASA due to the following: The remote procedure call was cancelled. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/8/2014 6:34:47 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FUCASA due to the following: The remote procedure call failed and did not execute. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/8/2014 4:41:54 PM, Error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\Srv2k8.fucasa.local for the domain FUCASA is not responsive. The current RPC call from Netlogon on \\RALAPORTE to \\Srv2k8.fucasa.local has been cancelled. 4/15/2014 9:46:34 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 4/15/2014 7:45:10 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 4/15/2014 7:45:10 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 4/15/2014 7:45:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 4/15/2014 6:08:22 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 4/15/2014 5:53:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 4/15/2014 5:53:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/15/2014 5:53:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 4/15/2014 5:52:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Ricardo\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost. 4/15/2014 5:52:16 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FUCASA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/14/2014 9:16:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache KLFLTDEV KLIF KLIM6 kltdi klvfs kneps NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vsdatant vwififlt Wanarpv6 WfpLwf 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/14/2014 9:16:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/14/2014 10:08:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2014 10:06:22 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 4/14/2014 10:06:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLFLTDEV KLIF klvfs kneps spldr Wanarpv6 4/14/2014 10:06:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/13/2014 7:04:54 PM, Error: Service Control Manager [7034] - The Kaspersky Endpoint Security Service service terminated unexpectedly. It has done this 1 time(s). 4/13/2014 12:40:58 PM, Error: Service Control Manager [7034] - The Search Protect by Conduit Service service terminated unexpectedly. It has done this 1 time(s). 4/13/2014 12:40:02 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\Ricardo\ntuser.dat'. 4/12/2014 7:27:27 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 4/12/2014 7:19:15 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 4/12/2014 1:30:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/12/2014 1:30:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/12/2014 1:24:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 4/12/2014 1:24:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/12/2014 1:24:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/11/2014 8:29:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/11/2014 5:09:17 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\fucasa.local\sysvol\fucasa.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. 4/11/2014 1:25:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8007af2a10, 0xfffff8000566f518, 0xfffffa800ecb9bd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041114-22417-01. 4/10/2014 11:39:19 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536. 4/10/2014 11:36:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8007ae2060, 0xfffff80000ba2748, 0xfffffa800eb3bbd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041014-19796-01. . ==== End Of File =========================== RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ricardo [Admin rights] Mode : Scan -- Date : 04/15/2014 18:23:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM640JJ +++++ --- User --- [MBR] 2505843aa939947e2bfae47555ac832e [bSP] fd634e9fab3a83954d641575909685a5 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 595440 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04152014_182347.txt >>
  9. I somehow picked up PUM.Bad.Proxy while downloading an updated version of CCleaner from Filehippo. I have cleaned out most of the items that were downloaded onto my computer. However, every time I restart my computer, I get PUM.Bad.Proxy back. For now, I have managed to avoid many of the pop ups and redirects manually by going to Internet Explorer > Internet Options > Connections tab > LAN Settings button > Advanced button under proxy server. Once here, I delete the server that shows up next to "HTTP", which is 127.0.0.1 and I also delete the port number that shows up next to the IP address. I do this manual "fix" every time I reboot my computer. Is there anything that can be done to prevent this from reoccurring every time I reboot my computer? I'm trying to avoid something drastic like using DBAN and reinstalling the OS. Any help would be greatly appreciated. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.