Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network device sending out SPAM throughout network.


  • This topic is locked This topic is locked
2 replies to this topic

#1 twitterfon231

twitterfon231

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 24 October 2014 - 01:47 PM

Good Afternoon,

 

I come to you today with an interesting situation. My IT services provider contacted me saying that one of the workstations on my network is sending spam out to other client computers. The first thing I could think of was a minor attack but the problem got worse. I took the liberty of running FRST to give you an idea of whats going on. 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by dashburn (administrator) on TVS-WS-2295A on 24-10-2014 13:41:19
Running from C:\Users\dashburn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5288C1N1
Loaded Profiles: User & mgoodwinjr & lmillerjr & Administrator & dashburn (Available profiles: User & mgoodwinjr & lmillerjr & Administrator & dashburn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Voice4Net) C:\Users\dashburn\AppData\Local\Apps\2.0\YZBJ2Y6C.WZ1\E6TNRR5X.3V9\v4sc..tion_7c9662b266742e6a_0006.0001_f6d636412dfb080e\V4ScreenPopDocked.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-04-11] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [45384 2011-08-26] ()
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM Group Policy restriction on software: c:\winnt\system32\sol.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\msn gaming zone\windows\shvlzm.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\msn gaming zone\windows\rvsezm.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\winnt\system32\freecell.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\freecell.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\windows nt\pinball\pinball.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\spider.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\mshearts.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\msn gaming zone\windows\chkrzm.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\msn gaming zone\windows\hrtzzm.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\sol.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\program files\msn gaming zone\windows\bckgzm.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\winnt\system32\winmine.exe <====== ATTENTION
HKLM Group Policy restriction on software: %SystemRoot%\system32\winmine.exe <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-3723070980-2466524458-3437090266-500\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-3723070980-2466524458-3437090266-8765\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3723070980-2466524458-3437090266-8765\...\Policies\Explorer: [NoAutorun] 1
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = 
SearchScopes: HKCU - {08DA683B-D9A4-4001-8E1B-CBE0F87E4BF7} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DialIEBHO Class -> {E14EB96C-AC90-45BE-9FDE-37C5652F1A65} -> C:\Program Files (x86)\Mitel\Unified Communicator Advanced 5.0\DialIE.dll (Mitel Networks Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.3.57 10.10.3.21
 
FireFox:
========
FF ProfilePath: C:\Users\dashburn\AppData\Roaming\Mozilla\Firefox\Profiles\jkyukhmn.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-06-16]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-04-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-04-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-04-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-02-19] (DigitalPersona, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [132600 2013-11-19] (Kaspersky Lab ZAO)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-04-11] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-23] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2013-11-06] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2013-11-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-07-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-04-11] (Dell Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 13:41 - 2014-10-24 13:41 - 00000000 ____D () C:\FRST
2014-10-24 13:26 - 2014-10-24 13:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-23 16:43 - 2014-10-23 16:43 - 00035205 _____ () C:\Users\dashburn\Desktop\Copy of ContactActionList (4).xlsx
2014-10-23 11:12 - 2014-10-24 08:51 - 00022016 _____ () C:\Users\dashburn\Desktop\dawn.xls
2014-10-15 18:55 - 2014-10-15 18:55 - 00066048 _____ () C:\Users\dashburn\Documents\Copy of 10_11_2014check ins.xls
2014-10-15 18:24 - 2014-10-15 18:24 - 00000000 ____D () C:\Users\dashburn\AppData\Local\Microsoft Help
2014-10-09 17:28 - 2014-10-09 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-10-09 17:28 - 2014-10-09 17:28 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-10-09 17:27 - 2014-10-09 17:27 - 02079600 _____ (Coupons.com Incorporated) C:\Users\dashburn\Downloads\CouponPrinterCPS.exe
2014-10-08 15:19 - 2014-10-18 13:56 - 02087424 _____ () C:\Users\dashburn\Desktop\Copy of Contact Notes With No Travel Sept 8-30 (2).xls
2014-09-24 10:17 - 2014-09-24 10:17 - 00082367 _____ () C:\Users\dashburn\Desktop\Dawn Ashburn Scorecard.xlsx
2014-09-24 09:58 - 2014-09-24 09:58 - 00002120 _____ () C:\Users\dashburn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mitel Collaboration Advanced Client.lnk
2014-09-24 09:58 - 2014-09-24 09:58 - 00000000 ____D () C:\Users\dashburn\AppData\Local\Downloaded Installations
2014-09-24 09:56 - 2014-09-24 09:58 - 00000000 ____D () C:\Users\dashburn\AppData\Local\Mitel
2014-09-24 09:56 - 2014-09-24 09:56 - 00002159 _____ () C:\Users\Public\Desktop\Unified Communicator Advanced 5.0.lnk
2014-09-24 09:56 - 2014-09-24 09:56 - 00000000 ____D () C:\Users\dashburn\AppData\Roaming\Mitel
2014-09-24 09:56 - 2014-09-24 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Communicator Advanced 5.0
2014-09-24 09:56 - 2014-09-24 09:56 - 00000000 ____D () C:\Program Files (x86)\Mitel
2014-09-24 09:56 - 2010-02-11 20:29 - 00094208 _____ (Mitel Corporation) C:\Windows\system32\tapiUCA.tsp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 13:35 - 2014-07-29 15:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-24 13:26 - 2014-05-28 00:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 13:25 - 2014-05-28 00:21 - 01761115 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 12:11 - 2014-06-16 11:30 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-10-24 11:16 - 2014-06-16 11:46 - 00000000 ____D () C:\Users\dashburn\Desktop\LHVC Confirmation
2014-10-24 09:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spool
2014-10-23 21:37 - 2014-06-16 15:01 - 00131072 ___SH () C:\CredSED.dat
2014-10-19 07:16 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 07:16 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:10 - 2014-06-16 12:40 - 00000000 ____D () C:\Users\dashburn\AppData\Local\Deployment
2014-10-16 17:19 - 2014-05-28 00:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-16 17:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 17:16 - 2009-07-14 00:51 - 00035832 _____ () C:\Windows\setupact.log
2014-10-16 17:12 - 2014-09-11 13:24 - 01754480 _____ () C:\Users\dashburn\Desktop\VIPDataExtract.xlsm
2014-10-15 18:25 - 2014-06-16 11:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-02 15:53 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-24 01:26 - 2014-05-28 00:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:26 - 2014-05-28 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 01:26 - 2014-05-28 00:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\dashburn\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\dashburn\AppData\Local\Temp\fp_pl_pfs_installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 07:06
 
==================== End Of Log ============================
 
Additional.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by dashburn at 2014-10-24 13:41:57
Running from C:\Users\dashburn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5288C1N1
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
CmgMasterPrerequisites (x32 Version: 1.3.1.545 - Credant Technologies Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (HKLM\...\{A394C5C9-D6B7-45A8-AB57-38DDE6EE578D}) (Version: 8.3.1.1452 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.3.1.545 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.3.1.545 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{CD34D7F5-F1D5-437F-AC5E-DA0D64866C3B}) (Version: 1.3.0.427 - DigitalPersona, Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DigitalPersona TouchChip Driver (Version: 1.6.3.379 - DigitalPersona, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.1.249 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 10.1.249 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mitel Collaboration Advanced Client (HKLM-x32\...\{c2b3b826-1aa9-4e63-8950-66fb4a905ce0}) (Version: 1.2.4.0 - Mitel Networks)
Mitel Unified Communicator Advanced 5.0 (HKLM-x32\...\{3763F938-EF95-406A-A56F-479F9D7B510A}) (Version: 5.0.22.0 - Mitel Networks)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
ScrewDrivers Client v4 (rdp only) (HKLM-x32\...\{5D1210C2-FAD4-4946-88B4-C5F9DC8690E7}) (Version: 4.6.01.09 - triCerat, Inc.)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
SPPSClient (HKCU\...\b5fd2dd967fef584) (Version: 6.1.5.3 - Voice4Net)
Update for Outlook 2007 Junk Email Filter (KB2596560) (HKLM-x32\...\{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{2964DDE1-4925-4DF1-AF2C-0A36B3442228}) (Version:  - Microsoft)
Validity WBF DDK 495 (HKLM\...\{F622E82E-AFFA-4784-A08F-74311F5716CA}) (Version: 4.5.238.0 - Validity Sensors, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-09-2014 06:18:50 Windows Update
24-09-2014 13:55:42 Installed Mitel Unified Communicator Advanced 5.0
24-09-2014 13:58:21 Installed Mitel Collaboration Advanced Client.
30-09-2014 15:22:51 Windows Update
03-10-2014 18:23:13 Windows Update
07-10-2014 13:20:24 Windows Update
14-10-2014 12:05:35 Windows Update
21-10-2014 11:57:45 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {388ECEB5-B619-4D85-B188-9110BC008148} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-11 12:18 - 2014-04-11 12:18 - 00299360 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2007-02-14 05:26 - 2007-02-14 09:26 - 00102912 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hpzpi4wm.DLL
2014-04-11 12:17 - 2014-04-11 12:17 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-04-11 12:18 - 2014-04-11 12:18 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00062816 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00070496 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00036192 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00129376 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00657248 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00869216 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00707424 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00353632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 01496416 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00047968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\FVEProvider.dll
2014-05-28 00:32 - 2013-08-19 10:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-05-28 00:32 - 2013-08-19 10:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-04-11 12:18 - 2014-04-11 12:18 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-04-11 12:18 - 2014-04-11 12:18 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2013-11-27 21:21 - 2013-11-27 21:21 - 01309888 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\kpcengine.2.2.dll
2014-01-14 00:03 - 2014-01-14 00:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-05-28 00:24 - 2013-08-21 19:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-10-05 03:52 - 2011-10-05 03:52 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1564389850-3199386815-229663075-500 - Administrator - Disabled)
Guest (S-1-5-21-1564389850-3199386815-229663075-501 - Limited - Disabled)
User (S-1-5-21-1564389850-3199386815-229663075-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2014 03:59:12 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/23/2014 11:01:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.2, time stamp: 0x540a0407
Faulting module name: ole32.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x000000000000d89e
Faulting process id: 0x9e0
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
 
Error: (10/21/2014 07:59:48 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/17/2014 06:07:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/16/2014 05:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.2.2, time stamp: 0x540a0407
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x6f8
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
 
Error: (10/16/2014 05:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 10:52:52 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/14/2014 08:07:47 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/11/2014 09:00:59 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (10/10/2014 00:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/24/2014 08:43:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: TAN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (10/24/2014 08:43:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (10/23/2014 11:01:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (10/23/2014 11:01:20 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1054) (User: TAN)
Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
 
Error: (10/23/2014 11:01:19 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1054) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
 
Error: (10/21/2014 10:58:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to read the file \\TAN.corp\SysVol\TAN.corp\Policies\{7114E4CD-2D57-4931-9E6F-3A563B121ECA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 
a) Name Resolution/Network Connectivity to the current domain controller. 
B) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 
c) The Distributed File System (DFS) client has been disabled.
 
Error: (10/21/2014 07:41:30 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: TAN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (10/21/2014 07:41:30 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (10/21/2014 07:41:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/20/2014 08:50:41 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-23 15:59:04.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 15:59:04.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 15:59:04.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 15:58:55.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 15:58:55.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-23 15:58:55.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 07:59:36.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 07:59:36.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 07:59:36.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-21 07:59:23.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 29 October 2014 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553175 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 03 November 2014 - 02:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users