Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent script-inf infection cleaned but Frequent Freezes, Programs will not load


  • This topic is locked This topic is locked
15 replies to this topic

#1 tjo49770

tjo49770

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 07 April 2014 - 01:20 PM

Recently Avast cleaned script-inf from PC and Malware Bytes cleaned PUPs, but PC has been acting odd for about 2 mos. Used Crap Cleaner also. I am in Safe mode with networking right now as programs often quit responding or are very slow. Often the PC will not shut down and will not launch programs. Other times everything seems to work well for hours or even a day. I may have added to problems by editing the registry and cleaning the registry with Crap Cleaner or by trying to fix this myself. Time to ask for help. Thanks for any help that you can provide. Boot scans with Avast do not show any infections now. Malware Bytes usually comes up clean as well, one or two PUPs have been cleaned in the last month.

 

Avast Boot-time scan 4/2/2014
E:\DELLVOSTRO400\Backup Set 2013-05-11 171358\Backup Files 2013-06-01 152647\Backup files 1.zip|>C\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000574|>{gzip}
Severity High
Status Threat: HTML:Script-inf

 

I have disconnected this external HD E: for now, but I would like to connect it again.

 

I am in regular Windows mode now.

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by TJ at 13:41:54 on 2014-04-07
#Option MBR scan  is disabled.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\alg.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07EFA7D3-A6C7-4DD5-ABB4-5C338B514F4A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\0527169747F6A456375737 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\3486279637A5 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\65562796A7F6E6D2839303C4D214644344 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\75966496253555F53673236363 : DHCPNameServer = 192.168.15.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tj\appdata\roaming\mozilla\firefox\profiles\fpqk75sl.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\citrix\ica client\npURLInterceptorPlugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\tj\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dmvsc;dmvsc
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? AERTFilters;Andrea RT Filters Service
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswStm;aswStm
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? ctxusbm;Citrix USB Monitor Driver
S? Garmin Core Update Service;Garmin Core Update Service
S? netr28u;RT2870 USB Wireless LAN Card Driver for Vista
S? PSI;PSI
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
.
=============== Created Last 30 ================
.
2014-04-06 04:43:11    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5a88694d-7609-4a6c-a90e-1c5d79977715}\offreg.dll
2014-04-05 13:21:36    7969936    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5a88694d-7609-4a6c-a90e-1c5d79977715}\mpengine.dll
2014-03-24 23:44:30    67264    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-03-24 23:44:30    180760    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-24 23:44:28    776976    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-24 23:44:23    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-24 23:44:21    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-24 23:44:19    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-24 23:44:11    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-24 23:33:22    --------    d-----w-    c:\programdata\AVAST Software
2014-03-24 23:32:26    --------    d-----w-    c:\users\tj\appdata\roaming\TrueCrypt
2014-03-24 23:31:58    231760    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2014-03-24 23:31:36    --------    d-----w-    c:\program files\TrueCrypt
2014-03-13 11:52:31    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-13 11:52:30    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 11:52:29    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-13 11:52:28    381440    ----a-w-    c:\windows\system32\wer.dll
.
==================== Find3M  ====================
.
2014-03-13 13:02:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 13:02:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-11 23:47:11    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-01-27 16:46:35    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 13:43:21.37 ===============

 

see attached fileAttached File  attach.txt   18.73KB   1 downloads


Edited by tjo49770, 08 April 2014 - 12:19 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 12 April 2014 - 01:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530281 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 12 April 2014 - 02:13 PM

This may be a Windows 7 or other software being incompatible with Windows 7 issue at this point. I don't think that I can tell the difference between Malware and a Windows problem at this point. Today windows explorer froze became unresponsive, reboot required, often the system hangs when I want to reboot and it will not shut down unless I hold the power button, frequently Media Player becomes unresponsive. I do not have an original Windows CD/DVD. I have a rescue disc and some iso images. The ISO images are on an external drive that may have had infections. 

 

 I will post new DDS reports next. Thank you for any help that you can provide.



#4 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 12 April 2014 - 02:22 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by TJ at 15:18:06 on 2014-04-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3326.2186 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\TJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\tj\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tj\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07EFA7D3-A6C7-4DD5-ABB4-5C338B514F4A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\0527169747F6A456375737 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\3486279637A5 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\65562796A7F6E6D2839303C4D214644344 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6AA78117-2750-4E4D-BCDF-D93BB86BE705}\75966496253555F53673236363 : DHCPNameServer = 192.168.15.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tj\appdata\roaming\mozilla\firefox\profiles\fpqk75sl.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\citrix\ica client\npURLInterceptorPlugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\tj\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-24 180760]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-24 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-24 411552]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2013-9-24 70440]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-10-23 87968]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-24 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-24 50344]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-24 67264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-17 1343400]
.
=============== Created Last 30 ================
.
2014-04-11 09:55:49 96768 ----a-w- c:\windows\system32\drivers\umdf\WUDFUsbccidDriver.dll
2014-04-11 09:55:47 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-11 09:55:47 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-11 09:55:47 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-11 09:55:47 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-11 09:55:45 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-11 09:55:43 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-11 09:54:17 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ff4629af-ec7e-44df-b3c2-e5a08041aa24}\mpengine.dll
2014-03-24 23:44:30 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-24 23:44:30 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-24 23:44:28 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-24 23:44:23 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-24 23:44:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-24 23:44:19 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-24 23:44:11 43152 ----a-w- c:\windows\avastSS.scr
2014-03-24 23:33:22 -------- d-----w- c:\programdata\AVAST Software
2014-03-24 23:32:26 -------- d-----w- c:\users\tj\appdata\roaming\TrueCrypt
2014-03-24 23:31:58 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-03-24 23:31:36 -------- d-----w- c:\program files\TrueCrypt
.
==================== Find3M  ====================
.
2014-03-13 13:02:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 13:02:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-11 23:47:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-27 16:46:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 15:18:33.48 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2012 12:14:59 AM
System Uptime: 4/12/2014 11:22:39 AM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0GN723
Processor: Intel® Core™2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 104.765 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP318: 3/25/2014 8:04:20 PM - Windows Update
RP319: 3/29/2014 11:43:09 AM - Plex Media Server
RP320: 3/29/2014 11:48:05 AM - Windows Backup
RP321: 4/1/2014 5:09:03 AM - Windows Update
RP322: 4/5/2014 9:20:51 AM - Windows Update
RP323: 4/5/2014 1:10:28 PM - Windows Backup
RP324: 4/11/2014 5:53:21 AM - Windows Update
RP325: 4/11/2014 6:15:32 AM - Windows Update
RP326: 4/12/2014 11:33:55 AM - Windows Backup
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1  ads.mcafee.com
Hosts: 127.0.0.1  analytics.microsoft.com
Hosts: 127.0.0.1  metrics.bitdefender.com
Hosts: 127.0.0.1  metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
Hosts: 127.0.0.1  ads.bleepingcomputer.com
Hosts: 127.0.0.1  wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
API - Laborworkx
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
CCleaner
Cerner Desktop - Prod
ChromecastApp
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
DiskAid 5.41
Dropbox
Elevated Installer
ESET Online Scanner v3
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin Update Service
Google Chrome
Google Drive
Google Update Helper
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
Intel® TV Wizard
Java 7 Update 51
Java Auto Updater
K-Lite Codec Pack 8.1.0 (Full)
KeePass Password Safe 1.22
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Neonatal Resuscitation DVD-ROM
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Online Plug-in
OpenOffice.org 3.4.1
PowerChart
QuickTime
Realtek High Definition Audio Driver
Secunia PSI (3.0.0.4001)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Self-service Plug-in
Service Desk
Spectrum Health Insite
System Requirements Lab
theWord
TrueCrypt
WebExtender
.
==== Event Viewer Messages From Past Week ========
.
4/7/2014 6:51:08 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
4/7/2014 6:51:08 AM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/7/2014 2:30:27 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/7/2014 2:27:45 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/7/2014 1:51:50 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/7/2014 1:51:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/7/2014 1:51:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/7/2014 1:50:13 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
4/7/2014 1:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/7/2014 1:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2014 1:50:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/7/2014 1:50:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/7/2014 1:49:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache spldr truecrypt Wanarpv6
4/6/2014 7:30:10 PM, Error: Service Control Manager [7031]  - The Garmin Core Update Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:41:41 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
4/6/2014 2:41:41 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error:  An instance of the service is already running.
4/6/2014 2:41:41 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
4/6/2014 2:40:41 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Internet Connection Sharing (ICS) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Certificate Propagation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 2:39:41 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2014 12:09:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
4/6/2014 12:09:05 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/6/2014 1:09:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/6/2014 1:02:40 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/6/2014 1:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/6/2014 1:02:13 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswVmm CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/6/2014 1:02:13 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/6/2014 1:01:51 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
4/5/2014 9:34:59 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
4/5/2014 9:34:59 AM, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/5/2014 1:33:59 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
4/5/2014 1:33:59 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/12/2014 11:25:45 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/12/2014 11:25:45 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
4/12/2014 10:50:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
4/12/2014 10:49:56 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.
4/12/2014 10:49:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
4/12/2014 10:47:55 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/12/2014 10:38:46 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
4/12/2014 10:38:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
4/12/2014 10:24:59 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
4/12/2014 10:24:59 AM, Error: Service Control Manager [7000]  - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/12/2014 10:24:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
.
==== End Of File ===========================
 


#5 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 12 April 2014 - 02:39 PM

This system has one external USB HD directly connected ( disconnected right now ). Also the wifi Linksys EA4500 router has an external USB drive connected to it and a WD My Cloud 4TB Personal Cloud Storage connected by ethernet. I believe there are several different software programs available or acting as media servers. I don't know how to make the best use of these yet and don't know if there are multiple programs conflicting with each other in the media server category. 



#6 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 12 April 2014 - 02:43 PM

Occasionally I lose sound output, say from music files or even from YouTube videos. A re-boot fixes this. I only use Avast Free Antivirus, but the Grime Fighter tool with Avast claims it sees 13 pieces of Grime on my PC. It states that if I paid for and ran the Grime Fighter tool it would improve my PC's speed by optimizing 13 system settings. I am NOT going to purchase this tool nor use it, just wanted to include that bit of info. So far no problems today. 


Edited by tjo49770, 13 April 2014 - 10:46 AM.


#7 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 15 April 2014 - 10:45 AM

Last night when I would click on an executable program I would get the following message: The service did not respond to the start or control request in a timely fashion. 

 

And then nothing. The desktop looked normal and I do not believe other apps were running or resources were low. Also when clicking on shut down nothing would happen. I did hold the power button and reboot. This seems to fix everything temporarily. 



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:12 PM

Posted 17 April 2014 - 01:41 PM

Hello, and sorry for the delay. My name is Elise and I"ll assist you with this issue.
 
This doesn't look like malware to be honest, but I wonder if you aren't experiencing hardware issues. For that reason lets start with a disk check.

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.
A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 30 April 2014 - 11:14 AM

I will follow your directions. Sorry for the delay. I was on vacation! Thanks for your giving your time to look at this with me.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:12 PM

Posted 30 April 2014 - 12:08 PM

No problem, I hope you had a good time. :)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 04 May 2014 - 10:06 AM

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          4/30/2014 4:15:35 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DellVostro400
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  483328 file records processed.                                         

File verification completed.
  378 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  109 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  528926 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  483328 file SDs/SIDs processed.                                        

Cleaning up 949 unused index entries from index $SII of file 0x9.
Cleaning up 949 unused index entries from index $SDH of file 0x9.
Cleaning up 949 unused security descriptors.
Security descriptor verification completed.
  22800 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37613656 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  483312 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  27050099 free clusters processed.                                        

Free space verification is complete.
Windows has checked the file system and found no problems.

 156186455 KB total disk space.
  47337908 KB in 94606 files.
     55704 KB in 22801 indexes.
         0 KB in bad sectors.
    592443 KB in use by the system.
     65536 KB occupied by the log file.
 108200400 KB available on disk.

      4096 bytes in each allocation unit.
  39046613 total allocation units on disk.
  27050100 allocation units available on disk.

Internal Info:
00 60 07 00 aa ca 01 00 ce 44 03 00 00 00 00 00  .`.......D......
08 02 00 00 6d 00 00 00 00 00 00 00 00 00 00 00  ....m...........
a0 5d 1b 00 50 01 19 00 68 1a 19 00 00 00 19 00  .]..P...h.......

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-04-30T20:15:35.000000000Z" />
    <EventRecordID>30458</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DellVostro400</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  483328 file records processed.                                         

File verification completed.
  378 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  109 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  528926 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  483328 file SDs/SIDs processed.                                        

Cleaning up 949 unused index entries from index $SII of file 0x9.
Cleaning up 949 unused index entries from index $SDH of file 0x9.
Cleaning up 949 unused security descriptors.
Security descriptor verification completed.
  22800 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37613656 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  483312 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  27050099 free clusters processed.                                        

Free space verification is complete.
Windows has checked the file system and found no problems.

 156186455 KB total disk space.
  47337908 KB in 94606 files.
     55704 KB in 22801 indexes.
         0 KB in bad sectors.
    592443 KB in use by the system.
     65536 KB occupied by the log file.
 108200400 KB available on disk.

      4096 bytes in each allocation unit.
  39046613 total allocation units on disk.
  27050100 allocation units available on disk.

Internal Info:
00 60 07 00 aa ca 01 00 ce 44 03 00 00 00 00 00  .`.......D......
08 02 00 00 6d 00 00 00 00 00 00 00 00 00 00 00  ....m...........
a0 5d 1b 00 50 01 19 00 68 1a 19 00 00 00 19 00  .]..P...h.......

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

Thanks for your patience. Just worked three 13 hour shifts in a row. Now I'm off for a few days.


Edited by tjo49770, 04 May 2014 - 10:08 AM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:12 PM

Posted 04 May 2014 - 11:04 AM

It looks as if some minor cleanup was done, how is everything running now?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 04 May 2014 - 11:20 AM

So far, so good.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:12 PM

Posted 04 May 2014 - 11:25 AM

Your logs look clean and updated as well, you have adequate protection (AV, antispyware), and I see you are running Secunia PSI for updates as well, so that really should all be okay. :)

Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    Some more links you might find of interest:Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 tjo49770

tjo49770
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Lakes
  • Local time:05:12 AM

Posted 04 May 2014 - 11:32 AM

Thanks for your help. Sorry if this post turned out to be in the wrong part of the forums.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users