Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web root bought today


  • Please log in to reply
7 replies to this topic

#1 fishez

fishez

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 14 April 2014 - 11:38 PM

Attached File  v3.log   306.48KB   4 downloadshello, i really dont want to leave a huge message here but the bottom line is that i bought this product today and I scanned the computer which i had installed a brand new hard drive on yesterday 125 gb ssd along with Windows 8.1. Scan came back with ZERO threats. However as I go ahead and scan different files that i feel are strange, all the sudden there are 20-50 threats found. I have saved 13 log files of these scans and i have not had even one except when I do a full system scan come back as "no threats" as odd as that may seem.[/size]
As of now there is a message telling me that the software can not even stop the malicious process. I know i have had some serious problems with my computers, but I am at my whits end. I have done it all as far as protection goes, and even went out on a limb and bought this WebRoot  Secure Anywhere product today assuming it would help. I believe the process is csrss.exe or something like that. Any help would be grateful. Very sick of this computer running at full throttle alllll the time. I want to throw my computer against the wall! I have added a file of one of the scans that found "malicious files". IMO they are all malicious, however no matter what i do, they just keep coming back. Literally I delete it and boom,....it is back in a minute or 2.

Thanks [/size]

 
-Brendan S[/size]
 
 


Edit: Moved topic from Windows 8 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:43 PM

Posted 15 April 2014 - 01:37 AM

i really dont want to leave a huge message here but the bottom line is that i bought this product today and I scanned the computer which i had installed a brand new hard drive on yesterday 125 gb ssd along with Windows 8.1.

Hello fishez -

Do you have a specific infection problem that you wish us to look at, or are you asking about Webroot Antivirus program.

My opinion, and that of many here, is that Webroot is a very good program, that I would recommend.

 

Would you like us to offer a set of scans to look for specific problems, or are you just "making a point".

Sorry, but it may just be me that has a problem understanding.

 

If you wish, here are our standard first scans to try and find problems -

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

Post the log back here.

 

Important : Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

If you are not quite sure of any programs, post the [R0].txt log here for review.
* NOW :Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.
    Please copy and paste the contents of that file here.


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:43 PM

Posted 15 April 2014 - 01:37 AM

EDITED due to forum error


Edited by noknojon, 15 April 2014 - 05:20 AM.


#4 fishez

fishez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 15 April 2014 - 01:04 PM

Yes absolutely! Sorry for coming off so somber. I have had the worst past few months and either it is really really bad maleware or it is. Some punk doing this for fun. Every time I do a traceroute the same address shows up. They ruin my computer. Basically they make all programs that I install fail with in only hours of installing, add all sorts of stuff that I get access denied and in many occasions my own files become denied. If I download something... boom it is gone before i can even use it and lastly I have two pretty nice printers which will not work as everytime I try to install one, the port doesnt seem to recognize the cable! Just verry irritating and my bad for coming on in that frame of mind. I will do the diagnostics now tho. Thank you


-B

#5 fishez

fishez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 15 April 2014 - 01:27 PM

Results of firs scan CHECKUP.TXT

 

**I have to post individually because I am getting all kinds of error messages, so I am not sure what is happening. I don't think much came of this one though.

 

 

 Results of screen317's Security Check version 0.99.81 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Webroot SecureAnywhere  
Windows Defender        
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

 

 

Mini Toolbox log

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ME (administrator) on 15-04-2014 at 14:28:31
Running from "C:\Users\brendan\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Disconnected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wi-Fi" nexthop=10.0.0.0 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Wi-Fi" address=10.0.0.1 mask=255.0.0.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : delorean
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : buffalo.rr.com
   System Quarantine State . . . . . : Not Restricted

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : buffalo.rr.com
   Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 00-8C-FA-3F-42-1D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2604:6000:cfc0:1d:e164:6870:f133:3c51(Preferred)
   Lease Obtained. . . . . . . . . . : Tuesday, April 15, 2014 1:26:15 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 22, 2014 10:42:03 AM
   Link-local IPv6 Address . . . . . : fe80::a9f2:393d:bba6:dddb%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 76.180.86.239(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.224.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 15, 2014 1:26:19 PM
   Lease Expires . . . . . . . . . . : Wednesday, April 16, 2014 1:26:18 PM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe33:2401%3
                                       76.180.64.1
   DHCP Server . . . . . . . . . . . : 142.254.216.129
   DHCPv6 IAID . . . . . . . . . . . : 50367738
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-DF-27-BF-00-8C-FA-3F-42-1D
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:456:3ed2:b34b:a910(Preferred)
   Link-local IPv6 Address . . . . . : fe80::456:3ed2:b34b:a910%8(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-DF-27-BF-00-8C-FA-3F-42-1D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4006:809::1003
   74.125.226.231
   74.125.226.232
   74.125.226.233
   74.125.226.238
   74.125.226.224
   74.125.226.225
   74.125.226.226
   74.125.226.227
   74.125.226.228
   74.125.226.229
   74.125.226.230

Pinging google.com [2607:f8b0:4006:801::1004] with 32 bytes of data:
Reply from 2607:f8b0:4006:801::1004: time=66ms
Reply from 2607:f8b0:4006:801::1004: time=65ms

Ping statistics for 2607:f8b0:4006:801::1004:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 65ms, Maximum = 66ms, Average = 65ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=91ms TTL=47
Reply from 206.190.36.45: bytes=32 time=93ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 93ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...00 8c fa 3f 42 1d ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      76.180.64.1    76.180.86.239     10
      76.180.64.0    255.255.224.0         On-link     76.180.86.239    266
    76.180.86.239  255.255.255.255         On-link     76.180.86.239    266
    76.180.95.255  255.255.255.255         On-link     76.180.86.239    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     76.180.86.239    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     76.180.86.239    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         10.0.0.0  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    266 ::/0                     fe80::201:5cff:fe33:2401
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:5ef5:79fd:456:3ed2:b34b:a910/128
                                    On-link
  3    266 2604:6000:cfc0:1d:e164:6870:f133:3c51/128
                                    On-link
  3    266 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::456:3ed2:b34b:a910/128
                                    On-link
  3    266 fe80::a9f2:393d:bba6:dddb/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/15/2014 01:01:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: CDAS2PC.exe, version: 1.2.7.15, time stamp: 0x50739b6d
Faulting module name: WRusr.dll, version: 8.0.4.70, time stamp: 0x5348694b
Exception code: 0xc0000005
Fault offset: 0x000184d0
Faulting process id: 0x10e0
Faulting application start time: 0xCDAS2PC.exe0
Faulting application path: CDAS2PC.exe1
Faulting module path: CDAS2PC.exe2
Report Id: CDAS2PC.exe3
Faulting package full name: CDAS2PC.exe4
Faulting package-relative application ID: CDAS2PC.exe5

Error: (04/15/2014 00:14:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/15/2014 10:50:19 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (04/15/2014 02:13:27 PM) (Source: DCOM) (User: DELOREAN)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/15/2014 01:32:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (04/15/2014 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
%%577

Error: (04/15/2014 00:17:51 PM) (Source: volmgr) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (04/15/2014 10:49:21 AM) (Source: Service Control Manager) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/15/2014 10:43:05 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/15/2014 10:42:33 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/15/2014 10:42:05 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/15/2014 10:42:00 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service terminated with the following error:
%%21

Error: (04/15/2014 10:41:57 AM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated with the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (04/15/2014 01:01:27 PM) (Source: Application Error)(User: )
Description: CDAS2PC.exe1.2.7.1550739b6dWRusr.dll8.0.4.705348694bc0000005000184d010e001cf58e57c03a5e4C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exeC:\Windows\SYSTEM32\WRusr.dllb9d19329-c4d8-11e3-824d-008cfa3f421d

Error: (04/15/2014 00:14:06 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/15/2014 10:50:19 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

CodeIntegrity Errors:
===================================
  Date: 2014-04-15 13:32:38.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 13:32:33.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

Common Desktop Agent (Version: 1.62.0)
Intel® Processor Graphics (Version: 10.18.10.3345)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Samsung Easy Document Creator (Version: 1.04.06 (8/7/2012))
Samsung Easy Printer Manager (Version: 1.02.74.00(11/6/2012))
Samsung OCR Software (Version: 1.00.05 (7/10/2012))
Samsung Printer Live Update (Version: 1.01.00.04)
Samsung Scan Process Machine (Version: 1.00.20.02)
Samsung SCX-3400 Series (Version: 1.16 (2/25/2013))
Synaptics Pointing Device Driver (Version: 11.2.4.0)
Webroot SecureAnywhere (Version: 8.0.4.70)

========================= Devices: ================================

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Bluetooth ACPI
Description: Bluetooth ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Toshiba
Service: tosrfec

Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft IPv4 IPv6 Transition Adapter Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport

Name: TOSHIBA Firmware Linkage Driver
Description: TOSHIBA Firmware Linkage Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: FwLnk

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® HD Graphics 4000
Description: Intel® HD Graphics 4000
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic

Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: USB Root Hub (xHCI)
Description: USB Root Hub (xHCI)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3

Name: TSSTcorp CDDVDW SN-208AB
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: KINGSTON SV300S37A120G
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Intel® HM76 Express Chipset LPC Controller - 1E59
Description: Intel® HM76 Express Chipset LPC Controller - 1E59
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: Generic Monitor
Description: Generic Monitor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ

Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name:
Description:
Class Guid:
Manufacturer:
Service:

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid

Name: Intel® USB 3.0 eXtensible Host Controller - 0100 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI

Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Toshiba Hotkey Driver
Description: Toshiba Hotkey Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Toshiba
Service: Thotkey

Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HID-compliant system controller
Description: HID-compliant system controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10
Description: Intel® 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB

Name: Intel® 7 Series/C216 Chipset Family SMBus Host Controller - 1E22
Description: Intel® 7 Series/C216 Chipset Family SMBus Host Controller - 1E22
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: USB Input Device (Logitech Download Assistant)
Description: USB Input Device (Logitech Download Assistant)
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Logitech (x64)
Service: HidUsb

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: 3rd Gen Core processor DRAM Controller - 0154
Description: 3rd Gen Core processor DRAM Controller - 0154
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Speakers (High Definition Audio Device)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: IWD Bus Enumerator
Description: IWD Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: iwdbus

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus

Name: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12
Description: Intel® 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Microphone (High Definition Audio Device)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 8079.3 MB
Available physical RAM: 6255.62 MB
Total Pagefile: 9079.3 MB
Available Pagefile: 7106 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:50 GB) (Free:32.62 GB) NTFS

========================= Users: ========================================

User accounts for \\DELOREAN

Agent Warren             Guest                    ME                      

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

15-04-2014 19:13:32 galactical
15-04-2014 20:17:12 CREATE A POINT

**** End of log ****

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/15/2014 02:31:49 PM in x64 mode.
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * System Policy Removed:  DisableRegistryTools [HKCU]

Backup Registry file created at:
 C:\Users\brendan\Desktop\rkill\rkill-04-15-2014-02-31-50.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * E1G60 [Missing Service]

 

 

 

Adware Cleaner Log....not much on this

 

 

# AdwCleaner v3.023 - Report created 15/04/2014 at 14:37:27
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : ME - DELOREAN
# Running from : C:\Users\brendan\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

*************************

AdwCleaner[R0].txt - [692 octets] - [15/04/2014 14:35:43]
AdwCleaner[R1].txt - [613 octets] - [15/04/2014 14:37:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [672 octets] ##########

 

Thinking that this is the same thing but gonna post still...

 

# AdwCleaner v3.023 - Report created 15/04/2014 at 14:42:30
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : ME - DELOREAN
# Running from : C:\Users\brendan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

*************************

AdwCleaner[R0].txt - [692 octets] - [15/04/2014 14:35:43]
AdwCleaner[R1].txt - [751 octets] - [15/04/2014 14:37:27]
AdwCleaner[S0].txt - [675 octets] - [15/04/2014 14:42:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [734 octets] ##########

 

 

Results for TDSSKiller we're all at an okay status. I should note that previously before my initial posting where I was looking for a pity party :-/, I had run upwards of 15 scans with WebRoot. I was curious about all these VPN programs that were running, such as f5 VPN, Juniper VPN, Checkpoint VPN and something called Sonic Wall. To get to my point, every single executable file with in those folders or .dll files, were all loaded and came up on the scan as malicious. I was just surprised because I had run the scan several times prior to doing my own scans, and not a single thing raised a red flag, and then when I go ahead and check some files on my own, I have literally 15 in a row, all of which were full of infected files.

 

Thank you for your response and helping me out as honestly when it comes to computers, there really is not to many places that you can go and get good advice. Thanks again


Edited by fishez, 15 April 2014 - 02:04 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:43 PM

Posted 15 April 2014 - 07:57 PM

Hi -
If you still have the TDSS Log, are you able to copy that back here, as it may show some processes. (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.

 

 

Adware Cleaner Log will (should) be almost empty since this is almost a fresh install (but we check to be sure)

 

 

Pinging google.com [2607:f8b0:4006:801::1004] with 32 bytes of data:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data: (This is checking your router)
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

From these you are able to get out and get a ping back from them.

 

 

For installed programs, there are almost none so no problems exist there.


Common Desktop Agent (Version: 1.62.0)
 Intel® Processor Graphics (Version: 10.18.10.3345)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
 Samsung Easy Document Creator (Version: 1.04.06 (8/7/2012))
 Samsung Easy Printer Manager (Version: 1.02.74.00(11/6/2012))
 Samsung OCR Software (Version: 1.00.05 (7/10/2012))
 Samsung Printer Live Update (Version: 1.01.00.04)
 Samsung Scan Process Machine (Version: 1.00.20.02)
 Samsung SCX-3400 Series (Version: 1.16 (2/25/2013))
 Synaptics Pointing Device Driver (Version: 11.2.4.0)
 Webroot SecureAnywhere (Version: 8.0.4.70)

I am checking with someone else about this, so I hope to have more later.

 

 

There is now a new version of Malwarebytes Anti-Malware (V2.0.1) This passes V1.75.0.1300

If you wish to scan you will need to remove any old installed versions first.

Please see MBAM Clean Instructions (but you do not seem to have it yet.

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>

----------

** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) -

A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------

** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply

 

 

You said ("I have saved 13 log files of these scans") can you tell us what scans they were, and any results you have please........



#7 Lyon Soldado

Lyon Soldado

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 16 April 2014 - 08:13 AM

There are a some simple things you can try that could help you fix this problem.

  • Update your operating system
  • Increase your browser security settings
  • Activate antivirus protection and a firewall
  • Get an antispyware software protection

The best way to prevent PC problems is to avoid malware infections in the first place.

Products like Web-root Internet Security Essentials and Webroot AntiVirus with Spy Sweeper guard against malware entering your computer and prevent it from slowing your PC through damage to your files and programs.

A good anti-malware  program searches every place on your PC where spyware and viruses can hide and removes every trace to boost your PC performance. While free anti-spyware and antivirus downloads are available, they just can’t keep up with the continuous onslaught of new malware strains. Malware symptoms that have gone undetected can often do the most damage to your PC, so it’s critical to have up-to-the-minute, guaranteed protection.

 

from source:http://www.webroot.com/us/en/home/resources/articles/pc-security/malware-slow-pc

 

if you want to learn more, check out the article.

I hope this helps. :guitar:



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:43 PM

Posted 16 April 2014 - 04:20 PM

@ Lyon Soldado
Please read the topic first, as the poster has just installed Windows 8, then Purchased, activated and installed Webroot Security system.
For this reason I do not understand your reply ??

Update your operating system
Increase your browser security settings
Activate antivirus protection and a firewall
Get an antispyware software protection

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users