Jump to content

maxmodder

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by maxmodder

  1. Memory still at 50% after waiting the 5 minutes. Max memory on this latop can be upto 16 GB so would another 4GB of Crucial DDR3L 1600 be worth buying for $15? Looks like only one slot is being used.
  2. It's running smoother! Thanks again! Is the memory usage on Microsoft defender and Service host typical given the specs on this rather dated laptop? Image attached.
  3. Here's the security check ran again after the fixlog was complete and the PC restarted. SecurityCheck.txt
  4. I never used sync in google chrome so it's always been turned off. I checked out the instructions and it's clear that it's never been used. Here are the new logs after the virus uninstall, restart, and new scan. Service host local system: (network restricted) (11) seems to take up a good bit of memory. I wonder if my problem relates to that. Addition.txt FRST.txt
  5. If I remove can it be reinstalled with no issues? At this point from the logs that I've posted, is there any red flags?
  6. I downloaded it from the link that was provided. It wasn't the right file and the link provided is not a direct link to the download. I went to majorgeeks.com and found a legit copy. I can't run it however because I need a password for McAfee 8.8 and I do not have the password. Is there a way to disable the virus scanner within the process in windows task manager? Which processes do I stop? Firetray.exe and Mctray.exe? It cannot be disabled by the conventional method becuse the user interface is locked and I do not have the password.
  7. Malewarebytes Anti-Rootkit: When I try to run this, it says "system volume seesm inaccessible or encrypted. Scan can't continue. Combo fix - Downloaded it. Saved it to desktop. Icon says combofix. Publisher is ISFreemium. When I go to install, it asks me if I want to install all this other crap like delta tool bar and get savin. What is this junk? I didn't bother with this and stopped the install of combo fix. Here's the TDSS log. It didn't find anything. 19:27:32.0136 6012 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19 19:27:32.0682 6012 ============================================================ 19:27:32.0682 6012 Current date / time: 2013/07/25 19:27:32.0682 19:27:32.0682 6012 SystemInfo: 19:27:32.0682 6012 19:27:32.0682 6012 OS Version: 6.1.7601 ServicePack: 1.0 19:27:32.0682 6012 Product type: Workstation 19:27:32.0682 6012 ComputerName: USCIMHR9RYN1 19:27:32.0682 6012 UserName: 19:27:32.0682 6012 Windows directory: C:\Windows 19:27:32.0682 6012 System windows directory: C:\Windows 19:27:32.0682 6012 Processor architecture: Intel x86 19:27:32.0682 6012 Number of processors: 4 19:27:32.0682 6012 Page size: 0x1000 19:27:32.0682 6012 Boot type: Normal boot 19:27:32.0682 6012 ============================================================ 19:27:32.0931 6012 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:27:32.0931 6012 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:27:32.0931 6012 ============================================================ 19:27:32.0931 6012 \Device\Harddisk0\DR0: 19:27:32.0931 6012 MBR partitions: 19:27:32.0931 6012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000 19:27:32.0931 6012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0xEDE5000 19:27:32.0931 6012 \Device\Harddisk1\DR1: 19:27:32.0931 6012 MBR partitions: 19:27:32.0931 6012 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0 19:27:32.0931 6012 ============================================================ 19:27:32.0931 6012 C: <-> \Device\Harddisk0\DR0\Partition2 19:27:32.0931 6012 ============================================================ 19:27:32.0931 6012 Initialize success 19:27:32.0931 6012 ============================================================ 19:27:56.0550 4372 ============================================================ 19:27:56.0550 4372 Scan started 19:27:56.0550 4372 Mode: Manual; 19:27:56.0550 4372 ============================================================ 19:27:56.0690 4372 ================ Scan system memory ======================== 19:27:56.0690 4372 System memory - ok 19:27:56.0690 4372 ================ Scan services ============================= 19:27:56.0706 4372 1394ohci - ok 19:27:56.0706 4372 A2DDA - ok 19:27:56.0706 4372 Acceler - ok 19:27:56.0706 4372 ACPI - ok 19:27:56.0721 4372 AcpiPmi - ok 19:27:56.0721 4372 AdobeARMservice - ok 19:27:56.0721 4372 AdobeFlashPlayerUpdateSvc - ok 19:27:56.0721 4372 adp94xx - ok 19:27:56.0721 4372 adpahci - ok 19:27:56.0737 4372 adpu320 - ok 19:27:56.0737 4372 AeLookupSvc - ok 19:27:56.0737 4372 AESTFilters - ok 19:27:56.0737 4372 AFD - ok 19:27:56.0752 4372 agp440 - ok 19:27:56.0752 4372 aic78xx - ok 19:27:56.0752 4372 ALG - ok 19:27:56.0752 4372 aliide - ok 19:27:56.0752 4372 amdagp - ok 19:27:56.0768 4372 amdide - ok 19:27:56.0768 4372 AmdK8 - ok 19:27:56.0768 4372 AmdPPM - ok 19:27:56.0768 4372 amdsata - ok 19:27:56.0768 4372 amdsbs - ok 19:27:56.0768 4372 amdxata - ok 19:27:56.0784 4372 ApfiltrService - ok 19:27:56.0784 4372 AppID - ok 19:27:56.0784 4372 AppIDSvc - ok 19:27:56.0784 4372 Appinfo - ok 19:27:56.0784 4372 AppMgmt - ok 19:27:56.0799 4372 arc - ok 19:27:56.0799 4372 arcsas - ok 19:27:56.0799 4372 aspnet_state - ok 19:27:56.0799 4372 AsyncMac - ok 19:27:56.0815 4372 atapi - ok 19:27:56.0815 4372 AudioEndpointBuilder - ok 19:27:56.0815 4372 Audiosrv - ok 19:27:56.0815 4372 AxInstSV - ok 19:27:56.0830 4372 b06bdrv - ok 19:27:56.0830 4372 b57nd60x - ok 19:27:56.0830 4372 BDESVC - ok 19:27:56.0830 4372 Beep - ok 19:27:56.0830 4372 BFE - ok 19:27:56.0846 4372 BITS - ok 19:27:56.0846 4372 blbdrive - ok 19:27:56.0846 4372 bowser - ok 19:27:56.0846 4372 BrFiltLo - ok 19:27:56.0846 4372 BrFiltUp - ok 19:27:56.0862 4372 Browser - ok 19:27:56.0862 4372 Brserid - ok 19:27:56.0862 4372 BrSerWdm - ok 19:27:56.0862 4372 BrUsbMdm - ok 19:27:56.0862 4372 BrUsbSer - ok 19:27:56.0877 4372 BthEnum - ok 19:27:56.0877 4372 BTHMODEM - ok 19:27:56.0877 4372 BthPan - ok 19:27:56.0877 4372 BTHPORT - ok 19:27:56.0877 4372 BTHprint - ok 19:27:56.0893 4372 bthserv - ok 19:27:56.0893 4372 BTHUSB - ok 19:27:56.0893 4372 BTWAMPFL - ok 19:27:56.0893 4372 btwaudio - ok 19:27:56.0893 4372 btwavdt - ok 19:27:56.0908 4372 btwdins - ok 19:27:56.0908 4372 btwl2cap - ok 19:27:56.0908 4372 btwrchid - ok 19:27:56.0908 4372 CcmExec - ok 19:27:56.0908 4372 cdfs - ok 19:27:56.0924 4372 cdrom - ok 19:27:56.0924 4372 CertPropSvc - ok 19:27:56.0924 4372 circlass - ok 19:27:56.0940 4372 cleanhlp - ok 19:27:56.0940 4372 CLFS - ok 19:27:56.0940 4372 clr_optimization_v2.0.50727_32 - ok 19:27:56.0940 4372 clr_optimization_v4.0.30319_32 - ok 19:27:56.0955 4372 CmBatt - ok 19:27:56.0955 4372 cmdide - ok 19:27:56.0955 4372 CNG - ok 19:27:56.0955 4372 Compbatt - ok 19:27:56.0955 4372 CompositeBus - ok 19:27:56.0955 4372 COMSysApp - ok 19:27:56.0971 4372 crcdisk - ok 19:27:56.0971 4372 CryptSvc - ok 19:27:56.0971 4372 CSC - ok 19:27:56.0971 4372 CscService - ok 19:27:56.0971 4372 cvusbdrv - ok 19:27:56.0986 4372 dcdbas - ok 19:27:56.0986 4372 DcomLaunch - ok 19:27:56.0986 4372 defragsvc - ok 19:27:56.0986 4372 DfsC - ok 19:27:57.0002 4372 Dhcp - ok 19:27:57.0002 4372 discache - ok 19:27:57.0002 4372 Disk - ok 19:27:57.0002 4372 dmvsc - ok 19:27:57.0002 4372 Dnscache - ok 19:27:57.0018 4372 dot3svc - ok 19:27:57.0018 4372 DPS - ok 19:27:57.0018 4372 drmkaud - ok 19:27:57.0018 4372 dsNcAdpt - ok 19:27:57.0018 4372 dsNcService - ok 19:27:57.0033 4372 DwMirror - ok 19:27:57.0033 4372 dwmrcs - ok 19:27:57.0033 4372 dwvkbd - ok 19:27:57.0033 4372 DXGKrnl - ok 19:27:57.0049 4372 e1cexpress - ok 19:27:57.0049 4372 E1G60 - ok 19:27:57.0049 4372 EapHost - ok 19:27:57.0049 4372 ebdrv - ok 19:27:57.0064 4372 EFS - ok 19:27:57.0064 4372 ehRecvr - ok 19:27:57.0064 4372 ehSched - ok 19:27:57.0064 4372 elxstor - ok 19:27:57.0064 4372 enterceptAgent - ok 19:27:57.0064 4372 ErrDev - ok 19:27:57.0080 4372 EventSystem - ok 19:27:57.0080 4372 exfat - ok 19:27:57.0080 4372 fastfat - ok 19:27:57.0080 4372 Fax - ok 19:27:57.0080 4372 fdc - ok 19:27:57.0096 4372 fdPHost - ok 19:27:57.0096 4372 FDResPub - ok 19:27:57.0096 4372 FileInfo - ok 19:27:57.0096 4372 Filetrace - ok 19:27:57.0096 4372 Firehk - ok 19:27:57.0111 4372 FirehkMP - ok 19:27:57.0111 4372 firelm01 - ok 19:27:57.0111 4372 FirePM - ok 19:27:57.0111 4372 FireTDI - ok 19:27:57.0111 4372 flpydisk - ok 19:27:57.0127 4372 FltMgr - ok 19:27:57.0127 4372 FontCache - ok 19:27:57.0127 4372 FontCache3.0.0.0 - ok 19:27:57.0127 4372 FsDepends - ok 19:27:57.0127 4372 Fs_Rec - ok 19:27:57.0142 4372 fvevol - ok 19:27:57.0142 4372 gagp30kx - ok 19:27:57.0142 4372 gpsvc - ok 19:27:57.0142 4372 hcw85cir - ok 19:27:57.0142 4372 HDAudBus - ok 19:27:57.0158 4372 HidBatt - ok 19:27:57.0158 4372 HidBth - ok 19:27:57.0158 4372 HidIr - ok 19:27:57.0158 4372 hidserv - ok 19:27:57.0158 4372 HidUsb - ok 19:27:57.0174 4372 HIPK - ok 19:27:57.0174 4372 HIPPSK - ok 19:27:57.0174 4372 HIPQK - ok 19:27:57.0174 4372 hips - ok 19:27:57.0174 4372 hkmsvc - ok 19:27:57.0189 4372 HomeGroupListener - ok 19:27:57.0189 4372 HomeGroupProvider - ok 19:27:57.0189 4372 HpSAMD - ok 19:27:57.0189 4372 HTTP - ok 19:27:57.0189 4372 hwpolicy - ok 19:27:57.0189 4372 i8042prt - ok 19:27:57.0205 4372 iastor - ok 19:27:57.0205 4372 iaStorV - ok 19:27:57.0205 4372 idsvc - ok 19:27:57.0205 4372 igfx - ok 19:27:57.0220 4372 iirsp - ok 19:27:57.0220 4372 IKEEXT - ok 19:27:57.0220 4372 Impcd - ok 19:27:57.0220 4372 IntcDAud - ok 19:27:57.0236 4372 intelide - ok 19:27:57.0236 4372 intelppm - ok 19:27:57.0236 4372 IPBusEnum - ok 19:27:57.0236 4372 IpFilterDriver - ok 19:27:57.0236 4372 iphlpsvc - ok 19:27:57.0252 4372 IPMIDRV - ok 19:27:57.0252 4372 IPNAT - ok 19:27:57.0252 4372 IRENUM - ok 19:27:57.0252 4372 isapnp - ok 19:27:57.0252 4372 iScsiPrt - ok 19:27:57.0267 4372 kbdclass - ok 19:27:57.0267 4372 kbdhid - ok 19:27:57.0267 4372 KeyIso - ok 19:27:57.0267 4372 KSecDD - ok 19:27:57.0267 4372 KSecPkg - ok 19:27:57.0283 4372 KtmRm - ok 19:27:57.0283 4372 LanmanServer - ok 19:27:57.0283 4372 LanmanWorkstation - ok 19:27:57.0283 4372 lltdio - ok 19:27:57.0283 4372 lltdsvc - ok 19:27:57.0298 4372 lmhosts - ok 19:27:57.0298 4372 LNSUSvc - ok 19:27:57.0298 4372 Lotus Notes Diagnostics - ok 19:27:57.0298 4372 Lotus Notes Single Logon - ok 19:27:57.0314 4372 LSI_FC - ok 19:27:57.0314 4372 LSI_SAS - ok 19:27:57.0314 4372 LSI_SAS2 - ok 19:27:57.0314 4372 LSI_SCSI - ok 19:27:57.0330 4372 luafv - ok 19:27:57.0330 4372 ManageEngine AssetExplorer Agent - ok 19:27:57.0330 4372 ManageEngine AssetExplorer RemoteControl - ok 19:27:57.0330 4372 MBAMAgent - ok 19:27:57.0345 4372 McAfeeFramework - ok 19:27:57.0345 4372 McShield - ok 19:27:57.0345 4372 McTaskManager - ok 19:27:57.0345 4372 Mcx2Svc - ok 19:27:57.0345 4372 megasas - ok 19:27:57.0361 4372 MegaSR - ok 19:27:57.0361 4372 MEI - ok 19:27:57.0361 4372 mfeapfk - ok 19:27:57.0361 4372 mfeavfk - ok 19:27:57.0376 4372 mfeavfk01 - ok 19:27:57.0376 4372 mfebopk - ok 19:27:57.0376 4372 mfehidk - ok 19:27:57.0376 4372 mferkdet - ok 19:27:57.0376 4372 mfetdik - ok 19:27:57.0392 4372 mfevtp - ok 19:27:57.0392 4372 mfewfpk - ok 19:27:57.0392 4372 Microsoft SharePoint Workspace Audit Service - ok 19:27:57.0392 4372 MMCSS - ok 19:27:57.0392 4372 Modem - ok 19:27:57.0408 4372 monitor - ok 19:27:57.0408 4372 mouclass - ok 19:27:57.0408 4372 mouhid - ok 19:27:57.0408 4372 mountmgr - ok 19:27:57.0408 4372 mpio - ok 19:27:57.0423 4372 mpsdrv - ok 19:27:57.0423 4372 MpsSvc - ok 19:27:57.0423 4372 MRxDAV - ok 19:27:57.0423 4372 mrxsmb - ok 19:27:57.0423 4372 mrxsmb10 - ok 19:27:57.0423 4372 mrxsmb20 - ok 19:27:57.0439 4372 msahci - ok 19:27:57.0439 4372 msdsm - ok 19:27:57.0439 4372 MSDTC - ok 19:27:57.0439 4372 Msfs - ok 19:27:57.0454 4372 mshidkmdf - ok 19:27:57.0454 4372 msisadrv - ok 19:27:57.0454 4372 MSiSCSI - ok 19:27:57.0454 4372 msiserver - ok 19:27:57.0470 4372 MSKSSRV - ok 19:27:57.0470 4372 MSPCLOCK - ok 19:27:57.0470 4372 MSPQM - ok 19:27:57.0470 4372 MsRPC - ok 19:27:57.0486 4372 mssmbios - ok 19:27:57.0486 4372 MSTEE - ok 19:27:57.0486 4372 MTConfig - ok 19:27:57.0486 4372 Multi-user Cleanup Service - ok 19:27:57.0486 4372 Mup - ok 19:27:57.0501 4372 napagent - ok 19:27:57.0501 4372 NativeWifiP - ok 19:27:57.0501 4372 NDIS - ok 19:27:57.0501 4372 NdisCap - ok 19:27:57.0501 4372 NdisTapi - ok 19:27:57.0517 4372 Ndisuio - ok 19:27:57.0517 4372 NdisWan - ok 19:27:57.0517 4372 NDProxy - ok 19:27:57.0517 4372 NetBIOS - ok 19:27:57.0517 4372 NetBT - ok 19:27:57.0532 4372 Netlogon - ok 19:27:57.0532 4372 Netman - ok 19:27:57.0532 4372 NetMsmqActivator - ok 19:27:57.0532 4372 NetPipeActivator - ok 19:27:57.0548 4372 netprofm - ok 19:27:57.0548 4372 NetTcpActivator - ok 19:27:57.0548 4372 NetTcpPortSharing - ok 19:27:57.0548 4372 NETwNs32 - ok 19:27:57.0548 4372 nfrd960 - ok 19:27:57.0564 4372 NlaSvc - ok 19:27:57.0564 4372 Npfs - ok 19:27:57.0564 4372 nsi - ok 19:27:57.0564 4372 nsiproxy - ok 19:27:57.0579 4372 Ntfs - ok 19:27:57.0579 4372 Null - ok 19:27:57.0579 4372 nvraid - ok 19:27:57.0579 4372 nvstor - ok 19:27:57.0579 4372 nv_agp - ok 19:27:57.0595 4372 O2FLASH - ok 19:27:57.0595 4372 O2MDFRDR - ok 19:27:57.0595 4372 O2MDRRDR - ok 19:27:57.0595 4372 O2SDJRDR - ok 19:27:57.0610 4372 ohci1394 - ok 19:27:57.0610 4372 ose - ok 19:27:57.0610 4372 osppsvc - ok 19:27:57.0610 4372 p2pimsvc - ok 19:27:57.0610 4372 p2psvc - ok 19:27:57.0626 4372 Parport - ok 19:27:57.0626 4372 partmgr - ok 19:27:57.0626 4372 Parvdm - ok 19:27:57.0626 4372 PcaSvc - ok 19:27:57.0626 4372 pci - ok 19:27:57.0642 4372 pciide - ok 19:27:57.0642 4372 pcmcia - ok 19:27:57.0642 4372 pcw - ok 19:27:57.0642 4372 PEAUTH - ok 19:27:57.0642 4372 PeerDistSvc - ok 19:27:57.0657 4372 pla - ok 19:27:57.0657 4372 PlugPlay - ok 19:27:57.0673 4372 PNRPAutoReg - ok 19:27:57.0673 4372 PNRPsvc - ok 19:27:57.0673 4372 PolicyAgent - ok 19:27:57.0673 4372 Power - ok 19:27:57.0673 4372 PptpMiniport - ok 19:27:57.0688 4372 prepdrvr - ok 19:27:57.0688 4372 Processor - ok 19:27:57.0688 4372 ProfSvc - ok 19:27:57.0688 4372 ProtectedStorage - ok 19:27:57.0704 4372 Psched - ok 19:27:57.0704 4372 ql2300 - ok 19:27:57.0704 4372 ql40xx - ok 19:27:57.0704 4372 QWAVE - ok 19:27:57.0704 4372 QWAVEdrv - ok 19:27:57.0704 4372 RasAcd - ok 19:27:57.0720 4372 RasAgileVpn - ok 19:27:57.0720 4372 RasAuto - ok 19:27:57.0720 4372 Rasl2tp - ok 19:27:57.0720 4372 RasMan - ok 19:27:57.0735 4372 RasPppoe - ok 19:27:57.0735 4372 RasSstp - ok 19:27:57.0735 4372 rdbss - ok 19:27:57.0735 4372 rdpbus - ok 19:27:57.0735 4372 RDPCDD - ok 19:27:57.0751 4372 RDPDR - ok 19:27:57.0751 4372 RDPENCDD - ok 19:27:57.0751 4372 RDPREFMP - ok 19:27:57.0751 4372 RdpVideoMiniport - ok 19:27:57.0766 4372 RDPWD - ok 19:27:57.0766 4372 rdyboost - ok 19:27:57.0766 4372 RemoteAccess - ok 19:27:57.0766 4372 RemoteRegistry - ok 19:27:57.0766 4372 RFCOMM - ok 19:27:57.0782 4372 RpcEptMapper - ok 19:27:57.0782 4372 RpcLocator - ok 19:27:57.0782 4372 RpcSs - ok 19:27:57.0782 4372 rspndr - ok 19:27:57.0798 4372 s3cap - ok 19:27:57.0798 4372 SamSs - ok 19:27:57.0798 4372 sbp2port - ok 19:27:57.0798 4372 SCardSvr - ok 19:27:57.0798 4372 scfilter - ok 19:27:57.0813 4372 Schedule - ok 19:27:57.0813 4372 SCPolicySvc - ok 19:27:57.0813 4372 SDRSVC - ok 19:27:57.0813 4372 secdrv - ok 19:27:57.0813 4372 seclogon - ok 19:27:57.0829 4372 SENS - ok 19:27:57.0829 4372 SensrSvc - ok 19:27:57.0829 4372 Serenum - ok 19:27:57.0829 4372 Serial - ok 19:27:57.0844 4372 sermouse - ok 19:27:57.0844 4372 SessionEnv - ok 19:27:57.0844 4372 sffdisk - ok 19:27:57.0844 4372 sffp_mmc - ok 19:27:57.0860 4372 sffp_sd - ok 19:27:57.0860 4372 sfloppy - ok 19:27:57.0860 4372 SharedAccess - ok 19:27:57.0860 4372 ShellHWDetection - ok 19:27:57.0860 4372 sisagp - ok 19:27:57.0876 4372 SiSRaid2 - ok 19:27:57.0876 4372 SiSRaid4 - ok 19:27:57.0876 4372 Smb - ok 19:27:57.0876 4372 smstsmgr - ok 19:27:57.0891 4372 SNMPTRAP - ok 19:27:57.0891 4372 spldr - ok 19:27:57.0891 4372 Spooler - ok 19:27:57.0891 4372 sppsvc - ok 19:27:57.0907 4372 sppuinotify - ok 19:27:57.0907 4372 srv - ok 19:27:57.0907 4372 srv2 - ok 19:27:57.0907 4372 srvnet - ok 19:27:57.0907 4372 SSDPSRV - ok 19:27:57.0922 4372 SSOManHost - ok 19:27:57.0922 4372 SstpSvc - ok 19:27:57.0922 4372 STacSV - ok 19:27:57.0922 4372 stdcfltn - ok 19:27:57.0938 4372 stexstor - ok 19:27:57.0938 4372 STHDA - ok 19:27:57.0938 4372 StiSvc - ok 19:27:57.0954 4372 storflt - ok 19:27:57.0954 4372 StorSvc - ok 19:27:57.0954 4372 storvsc - ok 19:27:57.0954 4372 swenum - ok 19:27:57.0954 4372 swprv - ok 19:27:57.0969 4372 Synth3dVsc - ok 19:27:57.0969 4372 SysMain - ok 19:27:57.0969 4372 TabletInputService - ok 19:27:57.0969 4372 TapiSrv - ok 19:27:57.0985 4372 TBS - ok 19:27:57.0985 4372 tcm - ok 19:27:57.0985 4372 Tcpip - ok 19:27:57.0985 4372 TCPIP6 - ok 19:27:57.0985 4372 tcpipreg - ok 19:27:58.0000 4372 TDPIPE - ok 19:27:58.0000 4372 TDTCP - ok 19:27:58.0000 4372 tdx - ok 19:27:58.0016 4372 TermDD - ok 19:27:58.0016 4372 terminpt - ok 19:27:58.0016 4372 TermService - ok 19:27:58.0016 4372 Themes - ok 19:27:58.0016 4372 THREADORDER - ok 19:27:58.0032 4372 TPM - ok 19:27:58.0032 4372 TrkWks - ok 19:27:58.0032 4372 TrustedInstaller - ok 19:27:58.0032 4372 tssecsrv - ok 19:27:58.0047 4372 TsUsbFlt - ok 19:27:58.0047 4372 TsUsbGD - ok 19:27:58.0047 4372 tsusbhub - ok 19:27:58.0047 4372 tunnel - ok 19:27:58.0047 4372 uagp35 - ok 19:27:58.0063 4372 udfs - ok 19:27:58.0063 4372 UI0Detect - ok 19:27:58.0063 4372 uliagpkx - ok 19:27:58.0078 4372 umbus - ok 19:27:58.0078 4372 UmPass - ok 19:27:58.0078 4372 UmRdpService - ok 19:27:58.0078 4372 upnphost - ok 19:27:58.0078 4372 usbccgp - ok 19:27:58.0094 4372 usbcir - ok 19:27:58.0094 4372 usbehci - ok 19:27:58.0094 4372 usbhub - ok 19:27:58.0094 4372 usbohci - ok 19:27:58.0110 4372 usbprint - ok 19:27:58.0110 4372 USBSTOR - ok 19:27:58.0110 4372 usbuhci - ok 19:27:58.0110 4372 usbvideo - ok 19:27:58.0110 4372 UxSms - ok 19:27:58.0125 4372 VaultSvc - ok 19:27:58.0125 4372 vdrvroot - ok 19:27:58.0125 4372 vds - ok 19:27:58.0125 4372 vga - ok 19:27:58.0141 4372 VgaSave - ok 19:27:58.0141 4372 VGPU - ok 19:27:58.0141 4372 vhdmp - ok 19:27:58.0141 4372 viaagp - ok 19:27:58.0141 4372 ViaC7 - ok 19:27:58.0156 4372 viaide - ok 19:27:58.0156 4372 vmbus - ok 19:27:58.0156 4372 VMBusHID - ok 19:27:58.0156 4372 volmgr - ok 19:27:58.0156 4372 volmgrx - ok 19:27:58.0172 4372 volsnap - ok 19:27:58.0172 4372 vsmraid - ok 19:27:58.0172 4372 VSS - ok 19:27:58.0172 4372 vwifibus - ok 19:27:58.0188 4372 vwififlt - ok 19:27:58.0188 4372 vwifimp - ok 19:27:58.0188 4372 W32Time - ok 19:27:58.0188 4372 WacomPen - ok 19:27:58.0203 4372 WANARP - ok 19:27:58.0203 4372 Wanarpv6 - ok 19:27:58.0203 4372 WatAdminSvc - ok 19:27:58.0203 4372 wbengine - ok 19:27:58.0219 4372 WbioSrvc - ok 19:27:58.0219 4372 wcncsvc - ok 19:27:58.0219 4372 WcsPlugInService - ok 19:27:58.0219 4372 Wd - ok 19:27:58.0234 4372 Wdf01000 - ok 19:27:58.0234 4372 WdiServiceHost - ok 19:27:58.0234 4372 WdiSystemHost - ok 19:27:58.0234 4372 WebClient - ok 19:27:58.0234 4372 Wecsvc - ok 19:27:58.0250 4372 wercplsupport - ok 19:27:58.0250 4372 WerSvc - ok 19:27:58.0250 4372 WfpLwf - ok 19:27:58.0250 4372 WIMMount - ok 19:27:58.0266 4372 WinDefend - ok 19:27:58.0266 4372 WinHttpAutoProxySvc - ok 19:27:58.0266 4372 Winmgmt - ok 19:27:58.0281 4372 WinRM - ok 19:27:58.0281 4372 WinUsb - ok 19:27:58.0281 4372 Wlansvc - ok 19:27:58.0297 4372 WmiAcpi - ok 19:27:58.0297 4372 wmiApSrv - ok 19:27:58.0297 4372 WMPNetworkSvc - ok 19:27:58.0297 4372 WPCSvc - ok 19:27:58.0312 4372 WPDBusEnum - ok 19:27:58.0312 4372 ws2ifsl - ok 19:27:58.0312 4372 wscsvc - ok 19:27:58.0312 4372 WSDPrintDevice - ok 19:27:58.0328 4372 WSDScan - ok 19:27:58.0328 4372 WSearch - ok 19:27:58.0328 4372 wuauserv - ok 19:27:58.0328 4372 WudfPf - ok 19:27:58.0344 4372 WUDFRd - ok 19:27:58.0344 4372 wudfsvc - ok 19:27:58.0344 4372 WwanSvc - ok 19:27:58.0359 4372 ================ Scan global =============================== 19:27:58.0359 4372 [Global] - ok 19:27:58.0359 4372 ================ Scan MBR ================================== 19:27:58.0359 4372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:27:58.0468 4372 \Device\Harddisk0\DR0 - ok 19:27:58.0468 4372 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 19:27:58.0484 4372 \Device\Harddisk1\DR1 - ok 19:27:58.0484 4372 ================ Scan VBR ================================== 19:27:58.0484 4372 [ D67BBAFBEBA5ADBE3DA700689EE183BB ] \Device\Harddisk0\DR0\Partition1 19:27:58.0484 4372 \Device\Harddisk0\DR0\Partition1 - ok 19:27:58.0484 4372 [ 09C34A4301AD1B05BBE1A23535D078BE ] \Device\Harddisk0\DR0\Partition2 19:27:58.0484 4372 \Device\Harddisk0\DR0\Partition2 - ok 19:27:58.0500 4372 [ 9BFD1BDFEBECFEFA305C9F22C162492B ] \Device\Harddisk1\DR1\Partition1 19:27:58.0500 4372 \Device\Harddisk1\DR1\Partition1 - ok 19:27:58.0500 4372 ============================================================ 19:27:58.0500 4372 Scan finished 19:27:58.0500 4372 ============================================================ 19:27:58.0500 4308 Detected object count: 0 19:27:58.0500 4308 Actual detected object count: 0 19:28:13.0101 3816 Deinitialize success Heres the log from MBAR: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.25.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 papagdi1 :: USCIMHR9RYN1 [administrator] 7/25/2013 7:31:25 PM mbar-log-2013-07-25 (19-31-25).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 0 Time elapsed: 8 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Here's the security check Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x86 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader 10.1.4 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` McAfee VirusScan Enterprise vstskmgr.exe McAfee VirusScan Enterprise mfeann.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  8. I just removed these virus from my PC. I then ran malewarebytes and Emergency kit scanner again in safe mode and then in normal boot mode. Both came back clean. I then ran Mcafee and it was clean. All these to this point had fully updated definitions. I then noticed 3 instances of twain_32.exe being ran in processes taking up 80% CPU usage. ran RogueKiller and it found some more trojans. No twain_32.exe found running in processes now. I knew something was up because PC fans were running loud. I just want to be sure that everything is clean at this point. Here's the DDS and Attach logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7601.17514 Run by admin at 18:30:14 on 2013-07-25 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3241.1691 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Imprivata\OneSign Agent\SSOManHost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Windows\dwrcs\DWRCS.EXE C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe c:\Program Files\IBM\Lotus\Notes\SUService.exe c:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe C:\Windows\system32\conhost.exe C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Windows\system32\mfevtps.exe c:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\CCM\CcmExec.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\msiexec.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\dwrcs\DWRCST.exe C:\Windows\system32\taskhost.exe C:\Program Files\Imprivata\OneSign Agent\ISXAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Windows\System32\mobsync.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uWindow Title = Windows Internet Explorer provided by Omya BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130117173819.dll BHO: SSO Browser Helper Object: {A683EEA9-ECFA-45A2-BCA9-7D9D54AD58AE} - c:\program files\imprivata\onesign agent\ISXBHO.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [DameWare MRC Agent] c:\windows\dwrcs\DWRCST.exe dRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun StartupFolder: c:\users\papagdi1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: DisallowCpl = dword:1 uPolicies-Explorer: NoStartMenuMyGames = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: disablecad = dword:1 mPolicies-System: LocalAccountTokenFilterPolicy = dword:1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm Trusted Zone: omya.com TCP: NameServer = 192.168.0.1 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\07279667164756530303 : DHCPNameServer = 172.26.160.35 172.25.224.31 172.25.224.33 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\275637964656E63656 : DHCPNameServer = 10.71.0.1 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\34F657274797162746D27457563747 : DHCPNameServer = 12.127.17.71 12.127.17.72 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\34F657274797162746F57455543545 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\741627C616E646F505C616E647 : DHCPNameServer = 192.168.201.18 4.2.2.1 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\7457563747 : DHCPNameServer = 66.90.133.117 66.90.130.10 166.102.165.11 TCP: Interfaces\{09CBF180-72B5-42DA-86D8-B158449E4A97}\8497164747 : DHCPNameServer = 4.2.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: OneSign - c:\program files\imprivata\onesign agent\SGLaunch.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL mASetup: Adobe Flash Player 11 ActiveX - msiexec /fa {D01750A5-49E5-4BF4-92CC-F72F5F20DBEC} /qb! mASetup: Adobe_ShockwavePlayer_11.6.3.633_eng - Msiexec /fou {176E6B52-9E39-4AC6-9071-746994344595} /qn mASetup: PDFForge_PDFCreator_1-2-0_Multi - Msiexec /fu {3C8178FD-B30F-4BD0-B3D7-A23F4BAB49ED} /qb mASetup: SAP-GUI_7-20-PL9_DELTA_MUI - c:\programdata\SAP-GUI_7-20-PL9_DELTA_MUI.vbs . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-1-17 461864] R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-1-17 164840] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2013-1-17 17904] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\run\a2ddax86.sys [2013-7-25 22056] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2008-3-13 26624] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-1-17 81920] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-4-13 1506464] R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2013-1-17 35696] R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\program files\ibm\lotus\notes\SUService.exe [2011-9-16 189832] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2011-9-16 4453768] R2 ManageEngine AssetExplorer Agent;ManageEngine AssetExplorer Agent;c:\program files\manageengine\assetexplorer\bin\agentmonitor.exe [2012-1-10 299008] R2 MBAMAgent;BitLocker Management Client Service;c:\program files\microsoft\mdop mbam\MBAMAgent.exe [2012-6-5 184616] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-11-27 132712] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-1-17 166024] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-9-14 209760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-17 148520] R2 SSOManHost;SSO Manager Host;c:\program files\imprivata\onesign agent\SSOManHost.exe [2010-8-16 79184] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2013-1-17 44144] R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-13 50688] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2013-1-17 302120] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-1-17 33832] R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2013-1-17 33832] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2008-3-14 3712] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2013-1-17 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2013-1-17 107928] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2013-1-17 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2013-1-17 35552] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-1-17 269824] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-17 180072] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2013-1-17 7434240] R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2013-1-17 63848] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-25 50208] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2013-1-17 44680] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-1-17 132480] S3 ManageEngine AssetExplorer RemoteControl;ManageEngine AssetExplorer RemoteControl;c:\program files\manageengine\assetexplorer\remotecontrol\Service.exe [2012-1-10 282624] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2013-1-17 41088] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-17 59288] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-1-17 87808] S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2013-1-17 60904] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2013-1-17 62440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184] S3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2013-1-17 12952] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-24 1343400] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] . =============== Created Last 30 ================ . 2013-07-25 22:19:59 -------- d-----w- c:\users\papagdi1\appdata\local\VirtualStore 2013-07-25 22:18:57 40328 ----a-w- c:\windows\system32\HIPIS0e011b8.dll 2013-07-25 13:15:31 0 ----a-w- c:\users\papagdi1\notepad.exe 2013-07-25 13:15:29 147456 ----a-w- c:\users\papagdi1\googleupdate.exe 2013-07-25 12:33:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-25 12:33:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-25 04:42:44 -------- d-----w- C:\EEK 2013-07-25 04:37:21 -------- d-----w- c:\users\papagdi1\appdata\local\Skype™ 5.8 2013-07-25 04:17:19 -------- d-----w- c:\programdata\jrll 2013-07-25 03:45:23 -------- d-----w- c:\users\papagdi1\appdata\roaming\Malwarebytes 2013-07-25 03:44:52 -------- d-----w- c:\programdata\Malwarebytes 2013-07-25 03:44:29 -------- d-----w- c:\users\papagdi1\appdata\local\Programs 2013-07-25 01:19:06 -------- d-----w- c:\users\papagdi1\appdata\local\e6653d6c-00f9-49f9-b9d5-627826c3d56bad 2013-07-23 23:44:30 -------- d-----w- c:\users\papagdi1\appdata\local\Skype 2013-07-12 16:01:56 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2013-07-12 16:01:56 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll 2013-07-12 16:01:56 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-07-12 16:01:56 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL 2013-07-12 16:00:18 680960 ----a-w- c:\program files\windows defender\MpSvc.dll 2013-07-12 16:00:18 392704 ----a-w- c:\program files\windows defender\MpClient.dll 2013-07-12 16:00:18 224768 ----a-w- c:\program files\windows defender\MpCommu.dll 2013-07-11 16:00:18 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-01 23:30:00 -------- d-----w- c:\program files\common files\DivX Shared 2013-07-01 23:27:38 -------- d-----w- c:\program files\DivX 2013-07-01 23:26:36 -------- d-----w- c:\programdata\DivX . ==================== Find3M ==================== . 2013-06-10 13:58:00 140992 ----a-w- c:\windows\system32\KevlarSigs.dll 2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-27 05:02:03 981504 ----a-w- c:\windows\system32\wininet.dll 2013-05-27 03:20:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 04:56:35 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: SAMSUNG_ rev.AXM0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x8360D000]<< >>UNKNOWN [0x8C3B6000]<< >>UNKNOWN [0x8C7DB000]<< >>UNKNOWN [0x8C9E2000]<< >>UNKNOWN [0x8C0A2000]<< >>UNKNOWN [0x83A20000]<< >>UNKNOWN [0x8C227000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x83643BBA] -> \Device\Harddisk0\DR0[0x87CEFAC8] \Driver\Disk[0x87E2F7D8] -> IRP_MJ_CREATE -> 0x8C3BA39F 3 [0x8C3BA59E] -> ntkrnlpa!IofCallDriver[0x83643BBA] -> [0x87CF5860] \Driver\stdcfltn[0x87E217D8] -> IRP_MJ_CREATE -> 0x8C9E261C 5 [0x8C9E3854] -> ntkrnlpa!IofCallDriver[0x83643BBA] -> [0x8608C950] \Driver\ACPI[0x85E96F38] -> IRP_MJ_CREATE -> 0x8C0AB4CC 7 [0x8C0AB3D4] -> ntkrnlpa!IofCallDriver[0x83643BBA] -> \Device\Ide\IAAStorageDevice-1[0x8606A028] \Driver\iastor[0x86079848] -> IRP_MJ_CREATE -> 0x8C24A09C kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 18:30:36.11 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 1/17/2013 6:04:49 PM System Uptime: 7/25/2013 6:18:40 PM (0 hours ago) . Motherboard: Dell Inc. | | 087HK7 Processor: Intel® Core i7-2620M CPU @ 2.70GHz | CPU 1 | 2701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 77.18 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP36: 5/30/2013 9:04:39 AM - Removed AT&T Connect Participant Application v9.5.35. RP37: 5/30/2013 9:05:17 AM - Installed AT&T Connect Participant Application v9.5.35. RP38: 6/13/2013 12:47:07 PM - Windows Update RP39: 7/10/2013 12:00:11 PM - Windows Update RP40: 7/11/2013 12:00:10 PM - Windows Update RP41: 7/12/2013 12:00:10 PM - Windows Update RP42: 7/25/2013 9:35:27 AM - Removed Java 7 Update 7 . ==== Installed Programs ====================== . AccelerometerP11 Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 AT&T Connect Participant Application v9.5.35 Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MX420 series MP Drivers Configuration Manager Client Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Touchpad DHTML Editing Component DivX Setup ECL Viewer Greenshot IDT Audio Imprivata OneSign Agent Intel® Control Center Intel® Processor Graphics Juniper Networks Host Checker Juniper Networks Network Connect 7.2.0 Juniper Networks, Inc. Setup Client Lotus Notes 8.5.3 Malwarebytes Anti-Malware version 1.75.0.1300 ManageEngine AssetExplorer Agent McAfee Agent McAfee Host Intrusion Prevention McAfee VirusScan Enterprise MDOP MBAM Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4.0 redistributable PDFCreator SAP GUI for Windows 7.20 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 5.8 swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 vcredist_x86 WIDCOMM Bluetooth Software Windows Driver Package - OMNIKEY (cxru0wdm) SmartCardReader (04/23/2009 1.2.0.14) XImage . ==== Event Viewer Messages From Past Week ======== . 7/25/2013 9:34:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/25/2013 9:17:34 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s). 7/25/2013 9:17:32 AM, Error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/25/2013 9:17:11 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/25/2013 9:17:09 AM, Error: Microsoft-Windows-Smartcard-Server [602] - WDM Reader driver initialization cannot open reader device: The handle is invalid. 7/25/2013 9:17:03 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/25/2013 9:17:02 AM, Error: Service Control Manager [7031] - The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The SSO Manager Host service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The Multi-user Cleanup Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The ManageEngine AssetExplorer Agent service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The Lotus Notes Smart Upgrade Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The Lotus Notes Diagnostics service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The DameWare Mini Remote Control service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The BitLocker Management Client Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 9:17:01 AM, Error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/25/2013 9:17:00 AM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s). 7/25/2013 8:16:27 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 8:16:24 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 8:16:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 7/25/2013 6:21:32 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 7/25/2013 6:20:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/25/2013 6:19:59 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 7/25/2013 6:18:57 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain EMEA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 7/25/2013 5:58:43 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 7/25/2013 3:33:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/25/2013 12:41:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4. 7/25/2013 12:35:01 AM, Error: Disk [11] - The driver detected a controller error on \...\DR1. 7/25/2013 11:42:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:02:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/25/2013 11:02:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/25/2013 11:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/25/2013 11:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/25/2013 11:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 7/25/2013 11:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 7/25/2013 11:01:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/25/2013 11:01:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/25/2013 11:01:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 7/25/2013 11:01:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache FireTDI mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:40 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 7/25/2013 11:01:37 AM, Error: Microsoft-Windows-BitLocker-Driver [24636] - Bootmgr failed to obtain the BitLocker volume master key from the TPM. 7/24/2013 9:40:36 PM, Error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 7/24/2013 11:59:22 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/24/2013 11:49:15 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s). 7/24/2013 11:48:57 PM, Error: Service Control Manager [7031] - The WMI Performance Adapter service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/24/2013 11:48:57 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/24/2013 11:48:56 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 7/24/2013 11:46:56 PM, Error: Service Control Manager [7031] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/24/2013 11:46:56 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/19/2013 11:22:02 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain EMEA due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 7/19/2013 1:33:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5. 7/19/2013 1:27:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4. . ==== End Of File ===========================
  9. Anything look out of the norm? Does Highjack this need to be ran in safemode? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:27:46 AM, on 6/20/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts file is located at: C:\Windows\System32\drivers\etc\hosts O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ColorDesigner Web Service (ColorDesignerWebService) - Unknown owner - C:\Program Files\X-Rite\ColorDesigner\java\bin\wrapper.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 4052 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.