Jump to content

OSUBeaver

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. OSUBeaver
    MrC, It is not the pro version. The user is able to use his computer now, and I have looked at the firewall and the malware is no longer trying to contact the outside world (I had blocked all traffic to the IP address it was trying to connect to). I will get you the error message this evening.
  2. OSUBeaver
    I am unable to run or install Malwarebytes again. Is there a log created when it fails?
  3. OSUBeaver
    I deleted that entry (Device\Harddisk0\DR0 Here is the combofix log: ComboFix 14-03-24.01 - ed 04/01/2014 17:38:26.4.8 - x64Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12286.10235 [GMT -7:00]Running from: c:\users\ed\Downloads\ComboFix.exeAV: Trend Micro Security Agent *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}SP: Trend Micro Security Agent *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\svchost.exe..((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))..2014-04-02 00:48 . 2014-04-02 00:48 -------- d-----w- c:\users\SetupAdmin\AppData\Local\temp2014-04-02 00:48 . 2014-04-02 00:48 -------- d-----w- c:\users\Public\AppData\Local\temp2014-04-02 00:48 . 2014-04-02 00:48 -------- d-----w- c:\users\mark\AppData\Local\temp2014-04-02 00:48 . 2014-04-02 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp2014-04-02 00:48 . 2014-04-02 00:48 -------- d-----w- c:\users\administrator\AppData\Local\temp2014-04-02 00:14 . 2014-04-02 00:14 -------- d-----w- c:\users\ed\AppData\Local\CrashDumps2014-04-01 22:02 . 2014-04-01 23:58 -------- d-----w- C:\TDSSKiller_Quarantine2014-03-28 21:54 . 2014-04-01 22:55 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-03-28 21:53 . 2014-03-28 21:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-03-28 21:53 . 2014-03-28 21:53 -------- d-----w- c:\programdata\Malwarebytes2014-03-28 21:53 . 2014-03-05 16:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys2014-03-28 21:53 . 2014-03-05 16:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-03-28 21:53 . 2014-03-05 16:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-03-28 21:48 . 2014-03-28 21:48 -------- d-----w- c:\users\ed\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-19 14:11 . 2013-11-26 00:00 578256 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-03-12 15:33 . 2012-08-27 18:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 15:33 . 2012-08-27 18:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-03-03 00:48 . 2014-03-03 00:48 829264 ----a-w- c:\windows\system32\msvcr100.dll2014-03-03 00:48 . 2014-03-03 00:48 608080 ----a-w- c:\windows\system32\msvcp100.dll2014-03-02 23:23 . 2014-03-02 23:23 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll2014-03-02 23:23 . 2014-03-02 23:23 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll2014-01-29 22:45 . 2014-01-29 22:45 103424 ----a-w- c:\windows\SysWow64\CookDLL2005_nat.dll2014-01-29 22:45 . 2014-01-29 22:45 102400 ----a-w- c:\windows\SysWow64\Submittals_nat.dll2014-01-22 00:09 . 2014-01-22 00:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-01-21 21:31 . 2014-01-21 21:32 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2014-01-21 21:31 . 2014-01-21 21:32 312744 ----a-w- c:\windows\system32\javaws.exe2014-01-21 21:31 . 2014-01-21 21:32 189352 ----a-w- c:\windows\system32\javaw.exe2014-01-21 21:31 . 2014-01-21 21:32 189352 ----a-w- c:\windows\system32\java.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 14:11 1728216 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 14:11 1728216 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 14:11 1728216 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Akamai NetSession Interface"="c:\users\ed\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-27 39408]"Lync"="c:\program files\Microsoft Office 15\root\office15\lync.exe" [2014-03-19 18943648].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\users\ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\ed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch Softros Messenger.lnk - c:\program files (x86)\Softros Systems\Softros Messenger\Messenger.exe /hide /wait:5 [2011-10-31 4767088].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"disablecad"= 1 (0x1).R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 CFdesign 2010 Server;CFdesign 2010 Server;c:\program files\CFdesign 2010\CFdServ.exe;c:\program files\CFdesign 2010\CFdServ.exe [x]S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files\CFdesign 2010\smpd.exe;c:\program files\CFdesign 2010\smpd.exe [x]S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 06053519*Deregistered* - 06053519.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]iissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvcAkamai REG_MULTI_SZ Akamai.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-03-15 18:26 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 15:33].2014-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-31 14:50].2014-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-31 14:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-03-19 14:11 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-03-19 14:11 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-03-19 14:11 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\ed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-11-14 219512].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = 192.168.10.150:8080IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105Trusted Zone: sharepoint.com\rwengTrusted Zone: sharepoint.com\rweng-myTCP: DhcpNameServer = 192.168.10.175 192.168.0.250..------- File Associations -------..scr=MicroStation Resource.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)SafeBoot-06053519.sysSafeBoot-10972791.sysSafeBoot-62314010.sysSafeBoot-87304861.sys...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2060346889-1357923563-1757479407-2286\Software\Win7zip]@Denied: (A B 2 3) (Everyone)"Uuid"=hex:3b,c4,f8,d5,c6,0a,4b,40,b4,ab,4e,27,6e,0b,d1,14.[HKEY_USERS\S-1-5-21-2060346889-1357923563-1757479407-2286_Classes\CLSID\{3BC4F8D5-C60A-4B40-B4AB-4E276E0BD114}]@Denied: (A 4) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-04-01 17:50:51ComboFix-quarantined-files.txt 2014-04-02 00:50ComboFix2.txt 2014-03-29 00:05ComboFix3.txt 2014-03-28 21:16ComboFix4.txt 2013-02-01 20:30.Pre-Run: 89,144,389,632 bytes freePost-Run: 88,912,424,960 bytes free.- - End Of File - - E05A16004859342AC6CC17CA2235606DA36C5E4F47E84449FF07ED3517B43A31
  4. OSUBeaver
    Sorry So many logs, it kept crashing upon clean. MalwareBytes fails to run now, am running Combofix now, and will then attach that log to next post in an hour. TDSSKiller.3.0.0.26_01.04.2014_14.38.27_log.txt TDSSKiller.3.0.0.26_01.04.2014_14.38.36_log.txt TDSSKiller.3.0.0.26_01.04.2014_14.42.39_log.txt TDSSKiller.3.0.0.26_01.04.2014_16.01.32_log.txt TDSSKiller.3.0.0.26_01.04.2014_16.03.53_log.txt TDSSKiller.3.0.0.26_01.04.2014_16.54.44_log.txt TDSSKiller.3.0.0.26_01.04.2014_16.56.58_log.txt TDSSKiller.3.0.0.26_01.04.2014_17.00.08_log.txt TDSSKiller.3.0.0.26_01.04.2014_17.05.58_log.txt TDSSKiller.3.0.0.26_01.04.2014_17.15.18_log.txt
  5. OSUBeaver
    Actually, I was mistaken, it was you that responded. I posted the RogueKiller logs, the malware is still present. What is my next step?
  6. OSUBeaver
    Another expert told me to update the software, and then re-run the threat scan. I did this and restarted, it made no difference. What is my next step?
  7. OSUBeaver
    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : ed [Admin rights]Mode : Scan -- Date : 03/31/2014 16:14:48| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [7] -> KILLED [TermProc][sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (192.168.10.150:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD1600HLFS-75G6U1 +++++--- User ---[MBR] 7430bedb1644cad14f968004e50ca354[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MBUser != LL1 ... KO!--- LL1 ---[MBR] 1aff837f17c7867c78f557da9f6fc2f3[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MBUser != LL2 ... KO!--- LL2 ---[MBR] 1aff837f17c7867c78f557da9f6fc2f3[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MB +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD800HLFS-75G6U1 +++++--- User ---[MBR] 382e83752a73841a6eb8ed54f934ab0a[bSP] a4779946e9eb98e0f20ebff7867e4243 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 76277 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_03312014_161448.txt >>RKreport[0]_D_03282014_164905.txt;RKreport[0]_H_03282014_165234.txt;RKreport[0]_S_03282014_164728.txtRKreport[0]_S_03282014_165431.txt;RKreport[0]_S_03282014_165602.txt RogueKiller V8.8.15 [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : ed [Admin rights]Mode : Scan -- Date : 03/31/2014 16:14:48| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [7] -> KILLED [TermProc][sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (192.168.10.150:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD1600HLFS-75G6U1 +++++--- User ---[MBR] 7430bedb1644cad14f968004e50ca354[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MBUser != LL1 ... KO!--- LL1 ---[MBR] 1aff837f17c7867c78f557da9f6fc2f3[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MBUser != LL2 ... KO!--- LL2 ---[MBR] 1aff837f17c7867c78f557da9f6fc2f3[bSP] 0051d2ccc76bb04137a408b9b36da4be : Windows 7/8 MBR CodePartition table:1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 152507 MB +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD800HLFS-75G6U1 +++++--- User ---[MBR] 382e83752a73841a6eb8ed54f934ab0a[bSP] a4779946e9eb98e0f20ebff7867e4243 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16065 | Size: 76277 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_03312014_161448.txt >>RKreport[0]_D_03282014_164905.txt;RKreport[0]_H_03282014_165234.txt;RKreport[0]_S_03282014_164728.txtRKreport[0]_S_03282014_165431.txt;RKreport[0]_S_03282014_165602.txt
  8. OSUBeaver
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.17197 BrowserJavaVersion: 10.51.2Run by ed at 12:06:28 on 2014-03-31Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.12286.9813 [GMT -7:00].AV: Trend Micro Security Agent *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}SP: Trend Micro Security Agent *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\nvvsvc.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exeC:\Program Files\ARX\ARX CryptoKit\utils\arcltsrv.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files\CFdesign 2010\CFdServ.exeC:\Windows\system32\CISVC.EXEC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k ipripsvcC:\Program Files\CFdesign 2010\smpd.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k regsvcC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k iissvcsC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Users\ed\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Microsoft Office 15\root\office15\lync.exeC:\Program Files (x86)\Softros Systems\Softros Messenger\Messenger.exeC:\Users\ed\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\ed\AppData\Local\Akamai\netsession_win.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exeC:\Windows\system32\wbem\wmiprvse.exe\\.\globalroot\systemroot\svchost.exe -netsvcsC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\SysWOW64\MDM.EXEC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files (x86)\Telephony Toolbar\bin\BW_Assistant_Enterprise_SP.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\msiexec.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\splwow64.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = 192.168.10.150:8080uProxyOverride = <local>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1282\6.8000.1119\TmIEPlg32.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllBHO: Telephony Toolbar Services: {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files (x86)\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Telephony Toolbar Call Control: {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files (x86)\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Telephony Toolbar Call Control: {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files (x86)\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dllTB: Telephony Toolbar Services: {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files (x86)\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [Akamai NetSession Interface] "C:\Users\ed\AppData\Local\Akamai\netsession_win.exe"uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Lync] "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkeymRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\ed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ed\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\ed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Program Files (x86)\Softros Systems\Softros Messenger\Messenger.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: disablecad = dword:1IE: &Dial - C:\Program Files (x86)\Telephony Toolbar\conf\dialIE.htmIE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlTCP: NameServer = 192.168.10.175 192.168.0.250TCP: Interfaces\{3EC6E3A2-D227-40A0-BCEE-DC1D59F2B9EE} : DHCPNameServer = 192.168.10.175 192.168.0.250Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1282\6.8000.1119\TmIEPlg32.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1282\6.8000.1119\TmIEPlg.dllx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Trusted Zone: rwcorp_1x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1282\6.8000.1119\TmIEPlg.dllx64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 CFdesign 2010 Server;CFdesign 2010 Server;C:\Program Files\CFdesign 2010\CFdServ.exe [2009-12-15 686960]R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2169016]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Program Files\CFdesign 2010\SMPD.EXE [2009-11-16 1830912]R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-9-20 77184]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-9-20 272816]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-28 1809720]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-28 857912]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-21 1030600]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-28 25816]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-17 1255736].=============== File Associations ===============.FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2014-03-31 18:50:40 20480 ----a-w- C:\Windows\svchost.exe2014-03-29 00:05:59 -------- d-sh--w- C:\$RECYCLE.BIN2014-03-28 21:54:07 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-03-28 21:53:50 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-03-28 21:53:50 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-03-28 21:53:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-03-28 21:53:50 -------- d-----w- C:\ProgramData\Malwarebytes2014-03-28 21:53:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2014-03-28 21:48:03 -------- d-----w- C:\Users\ed\AppData\Local\Programs2014-03-02 23:23:56 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll2014-03-02 23:23:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll.==================== Find3M ====================.2014-03-12 15:33:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 15:33:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-03 00:48:02 829264 ----a-w- C:\Windows\System32\msvcr100.dll2014-03-03 00:48:02 608080 ----a-w- C:\Windows\System32\msvcp100.dll2014-01-29 22:45:12 103424 ----a-w- C:\Windows\SysWow64\CookDLL2005_nat.dll2014-01-29 22:45:06 102400 ----a-w- C:\Windows\SysWow64\Submittals_nat.dll2014-01-22 00:09:27 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2014-01-21 21:31:53 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll.============= FINISH: 12:06:46.84 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2Install Date: 2/21/2010 12:09:58 PMSystem Uptime: 3/31/2014 11:48:48 AM (1 hours ago).Motherboard: Dell Inc. | | 0XPDFKProcessor: Intel® Xeon® CPU W3520 @ 2.67GHz | CPU | 2666/4800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 81.564 GiB free.D: is FIXED (NTFS) - 74 GiB total, 56.298 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Broadcom NetXtreme 57xx Gigabit ControllerDevice ID: PCI\VEN_14E4&DEV_1681&SUBSYS_02931028&REV_10\4&170BFACC&0&00E5Manufacturer: BroadcomName: Broadcom NetXtreme 57xx Gigabit ControllerPNP Device ID: PCI\VEN_14E4&DEV_1681&SUBSYS_02931028&REV_10\4&170BFACC&0&00E5Service: b57nd60a.==== System Restore Points ===================.RP263: 3/17/2014 - Scheduled CheckpointRP264: 3/24/2014 12:00:01 AM - Scheduled CheckpointRP265: 3/28/2014 1:59:29 PM - ComboFix created restore point.==== Installed Programs ======================.64 Bit HP BiDi Channel Components Installer7-Zip 4.65 (x64 edition)Adobe Flash Player 12 ActiveXAdobe Reader 9.3Akamai NetSession InterfaceAkamai NetSession Interface ServiceApple Application SupportApple Mobile Device SupportApple Software UpdateARX CoSign ClientARX CryptoKitARX Office SignaturesARX OmniSign PrinterARX Signature APIAutodesk Design Review 2012Autodesk Design Review Browser Add-on v1.2 Autodesk Revit MEP 2010 x64Autodesk Revit MEP 2010 x64 Update 2Bentley Redline XM Edition 08.09.04.88Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2012Bentley View V8i (SELECTseries 3) 08.11.09.303BonjourCamStudioCamStudio Lossless CodecCDDRV_InstallerCFdesign 2010CFdesign License ManagerCompatibility Pack for the 2007 Office systemCompute-A-Fan 9.2Dell Driver Download ManagerDHTML Editing ComponentDocuments To Go Desktop for iPhoneDropboxDWG TrueView 2010DWG TrueView 2012DWGSee ProerLTEspPlusEspPlus - PumpsEspPlus - TanksEvernote v. 4.6.6GeoDesigner for ClimateMaster Version 3.2.02Google ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToMeeting 4.8.0.723Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)iTime & ExpenseiTunesJava 7 Update 51Java 7 Update 51 (64-bit)Java Auto UpdaterJava 6 Update 19join.meJuniper Networks Host CheckerJuniper Networks Setup ClientKhalInstallWrapperLogitech SetPointMalwarebytes Anti-Malware version 2.00.0.1000Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft IntelliType Pro 8.2Microsoft Office 365 ProPlus - en-usMicrosoft Office Office 64-bit Components 2010Microsoft Office Project MUI (English) 2010Microsoft Office Project Standard 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Project Standard 2010Microsoft SilverlightMicrosoft SQL Server 2008 Management ObjectsMicrosoft SQL Server Compact 3.5 SP1 Design Tools EnglishMicrosoft SQL Server Compact 3.5 SP1 EnglishMicrosoft Visual Basic 2008 Express Edition with SP1 - ENUMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENUMicrosoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)Microsoft Visual Studio Tools for Applications 2.0 - ENUMicrosoft Visual Studio Tools for Applications 2.0 RuntimeMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNotesForExchange Outlook AddIn version 0.7NVIDIA DriversNVIDIA nView Desktop ManagerNVIDIA Performance DriversOffice 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentOverDrive Media ConsolePDF-XChange 3Pdf995PdfEdit995PVSonyDllQuickTimeSignature995Softros LAN MessengerSQL Server System CLR TypesTaco 2002 HX SelectionTelephony Toolbar 17 SP4 (17.4.72.5) MB5Trend Micro Worry-Free Business Security AgentUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Visual Basic for Applications ® CoreVisual Basic for Applications ® Core - EnglishVisual C++ 2008 - x86 (KB958357) - v9.0.30729.177WebExWindows XP Mode.==== Event Viewer Messages From Past Week ========.3/31/2014 11:55:33 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.3/31/2014 11:48:14 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.3/30/2014 6:50:05 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.3/30/2014 6:49:59 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver RICOH Class Driver Plus required for printer RICOH Aficio MP C4000 is unknown. Contact the administrator to install the driver before you log in again.3/30/2014 6:49:58 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.3/30/2014 6:49:58 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Canon MG5400 series Printer required for printer Canon MG5400 series Printer WS is unknown. Contact the administrator to install the driver before you log in again.3/30/2014 6:49:57 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Canon MG5400 series Printer required for printer Canon MG5400 series Printer is unknown. Contact the administrator to install the driver before you log in again.3/28/2014 5:24:53 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.3/28/2014 5:11:29 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .3/28/2014 5:09:18 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).3/28/2014 5:09:14 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain RWE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.3/28/2014 5:04:16 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.3/28/2014 5:03:54 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.3/28/2014 4:58:34 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service..==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.