Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Ramnit

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
slohr
Newbie


Joined: 15 May 2016
Last Visit: 18 May 2016
Posts: 2

PostPosted: Mon May 16, 2016 7:50 am    Post subject: Ramnit Reply with quote

hi - new to the forum. I have a synology NAS attached to my network. Anitvirus software on the NAS quarantined a couple of DLL's and identified threat as Ramnit. On the desktop, i've run several scans and nothing has been detected, but i'm seeing symptoms of Ramnit, i.e. security essentials is turned off and i am unable to run any software.

Is there a way to clean this up without a reformat and clean install?

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.18283
Run by sl at 10:41:14 on 2016-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.15143 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: System Shield *Enabled/Updated* {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
SP: System Shield *Enabled/Updated* {EAC013B5-54EC-F474-23D9-D0938EA81F22}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iolo\common\Lib\wscRmd.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lohrfineart.com/
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
uRun: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe" -stealth
uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
uRun: [Dropbox Update] "C:\Users\sl\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[C1].txt
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" /lbstartup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\sl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\sl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\I1PROF~1.LNK - C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{71572CF6-BEC1-4332-A583-F0C68682121E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FB6E3180-CC81-433E-A592-7B8EB1E3582B} : DHCPNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2015-3-12 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-3-12 134432]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2016-3-6 4759600]
R2 vseamps;vseamps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [2014-3-25 122120]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [2014-3-25 119560]
R3 AthDfu;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2015-11-7 55448]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2011-2-18 56160]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2015-3-11 181760]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-3-11 26528]
S1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-12-5 32912]
S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2015-8-20 3996664]
S2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2021592]
S2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2015-8-12 91784]
S2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2014-3-25 174856]
S2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2015-3-11 1728776]
S2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2015-3-14 235712]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-3-18 2911464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2015-11-7 218776]
S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-2-19 1163200]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2015-3-12 70768]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-2-19 1879488]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-2-19 4812736]
S2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2015-3-11 83224]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-9-13 6847712]
S2 SynoDrService;SynoDrService;C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2010-6-2 380928]
S2 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2015-3-12 1058632]
S2 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2015-8-20 248648]
S2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-18 245760]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2015-8-12 20832]
S2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2015-3-5 83312]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 EyeOne;EyeOne;C:\Windows\System32\drivers\i1_x64.sys [2013-1-7 51600]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-4-19 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 133816]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-2-19 26560]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-2-19 6308288]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-2-19 47760]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-4-28 242736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-11-7 981744]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-12 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [2014-3-25 181512]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S4 hasplms;Sentinel LDK License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-19 426040]
.
=============== Created Last 30 ================
.
2016-05-15 17:37:48 -------- d-----w- C:\FRST
2016-05-15 15:27:53 -------- d-----w- C:\AdwCleaner
2016-05-15 14:43:43 -------- d-----w- C:\Users\sl\AppData\Roaming\SUPERAntiSpyware.com
2016-05-15 14:43:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2016-05-13 22:38:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{404C8F46-BDD4-439D-ADFD-7845206F4C3D}\offreg.548.dll
2016-05-08 07:09:39 11695896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{404C8F46-BDD4-439D-ADFD-7845206F4C3D}\mpengine.dll
2016-05-07 12:53:06 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB64BB10-AD4B-4570-8F44-723A0E40EF7C}\gapaengine.dll
2016-05-07 12:52:53 11695896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-07 12:52:48 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-07 12:52:24 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-07 12:52:24 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-07 12:52:24 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-05-07 12:52:24 -------- d-----w- C:\ProgramData\Malwarebytes
2016-05-07 12:52:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-28 11:20:12 407088 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-04-28 11:20:12 242736 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-04-28 11:20:12 18480 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-04-20 19:18:37 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-04-20 19:18:36 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-20 19:18:36 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-04-20 19:18:36 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-04-20 19:18:19 444416 ----a-w- C:\Windows\System32\winhttp.dll
2016-04-20 19:18:19 396800 ----a-w- C:\Windows\System32\webio.dll
2016-04-20 19:18:19 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-04-20 19:18:19 316416 ----a-w- C:\Windows\SysWow64\webio.dll
2016-04-20 19:16:55 353280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-04-20 19:16:55 275456 ----a-w- C:\Windows\System32\InkEd.dll
2016-04-20 19:16:55 274944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-04-20 19:16:55 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2016-04-20 19:16:55 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-04-20 19:16:55 18432 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2016-04-20 19:16:55 169984 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-04-20 19:16:55 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-04-20 19:16:55 1416192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-04-20 19:16:55 126464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-04-19 12:59:50 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
==================== Find3M ====================
.
2016-04-22 07:57:45 453288 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-19 13:54:21 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-04-19 13:54:21 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-03-31 00:40:36 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-03-31 00:40:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-03-31 00:28:08 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-03-31 00:28:00 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-03-31 00:27:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-03-31 00:27:33 417792 ----a-w- C:\Windows\System32\html.iec
2016-03-31 00:27:19 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-03-31 00:25:33 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-03-31 00:17:56 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-03-31 00:17:56 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-03-31 00:17:39 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-03-31 00:11:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-03-31 00:02:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-03-31 00:00:50 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-03-30 23:53:52 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-03-30 23:52:58 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-03-30 23:52:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-03-30 23:52:30 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-03-30 23:52:15 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-03-30 23:45:41 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-03-30 23:45:24 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-03-30 23:42:16 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-03-30 23:42:11 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-03-30 23:34:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-03-30 23:30:51 2596864 ----a-w- C:\Windows\System32\wininet.dll
2016-03-30 23:30:42 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-03-30 23:23:09 2056192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-03-30 23:22:53 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-03-30 23:05:23 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-03-29 17:53:59 3216896 ----a-w- C:\Windows\System32\win32k.sys
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-17 23:04:04 706280 ----a-w- C:\Windows\System32\winload.efi
2016-03-17 23:04:04 5551336 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-03-17 23:04:03 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-03-17 23:04:03 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-03-17 23:01:15 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-03-17 23:01:02 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-03-17 22:58:51 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-03-17 22:58:51 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-03-17 22:58:51 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-03-17 22:58:32 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-03-17 22:58:26 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-03-17 22:58:14 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-03-17 22:58:05 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-03-17 22:58:05 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-03-17 22:58:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-03-17 22:58:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-03-17 22:57:31 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2016-03-17 22:57:26 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-03-17 22:57:24 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-03-17 22:57:21 190464 ----a-w- C:\Windows\System32\rpchttp.dll
2016-03-17 22:57:21 1212928 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:56:19 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-03-17 22:54:55 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-03-17 22:54:51 316416 ----a-w- C:\Windows\System32\msv1_0.dll
2016-03-17 22:54:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-03-17 22:54:27 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-03-17 22:53:23 1464320 ----a-w- C:\Windows\System32\lsasrv.dll
2016-03-17 22:53:15 731136 ----a-w- C:\Windows\System32\kerberos.dll
2016-03-17 22:53:15 419840 ----a-w- C:\Windows\System32\KernelBase.dll
2016-03-17 22:36:28 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-03-17 22:36:28 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-03-17 22:33:29 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-03-17 22:31:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-03-17 22:31:09 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-03-17 22:31:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-03-17 22:31:09 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-03-17 22:30:43 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-03-17 22:30:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-03-17 22:30:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-03-17 22:29:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-03-17 22:29:24 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-03-17 22:29:22 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 22:27:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-03-17 22:27:50 260608 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-03-17 22:27:46 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-03-17 22:27:31 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-03-17 22:26:26 553984 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-03-17 22:25:00 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-03-17 21:53:08 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-03-17 21:52:51 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-03-17 21:52:48 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-03-17 21:51:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-03-17 21:44:54 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-03-17 21:43:20 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-03-17 21:41:01 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-03-17 21:38:06 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-03-17 21:37:14 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-03-17 21:37:11 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-03-17 21:35:42 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-03-17 21:35:33 112640 ----a-w- C:\Windows\System32\smss.exe
2016-03-17 21:30:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
.
============= FINISH: 10:41:21.22 ===============
Back to top
View user's profile Send private message
slohr
Newbie


Joined: 15 May 2016
Last Visit: 18 May 2016
Posts: 2

PostPosted: Mon May 16, 2016 7:52 am    Post subject: Attach.txt Reply with quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/11/2015 3:44:33 PM
System Uptime: 5/16/2016 10:40:47 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8P67 DELUXE
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3411/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 58.114 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 238 GiB total, 220.697 GiB free.
F: is FIXED (NTFS) - 2794 GiB total, 1759.054 GiB free.
G: is FIXED (NTFS) - 2794 GiB total, 370.717 GiB free.
H: is FIXED (NTFS) - 1397 GiB total, 1112.568 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Acronis Snapshots Manager
Device ID: ROOT\LEGACY_SNAPMAN\0000
Manufacturer:
Name: Acronis Snapshots Manager
PNP Device ID: ROOT\LEGACY_SNAPMAN\0000
Service: snapman
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description:
Device ID: NUSB3\ROOT_HUB30\5&174FC82C&0
Manufacturer:
Name:
PNP Device ID: NUSB3\ROOT_HUB30\5&174FC82C&0
Service:
.
Class GUID:
Description:
Device ID: NUSB3\ROOT_HUB30\5&1B89085F&0
Manufacturer:
Name:
PNP Device ID: NUSB3\ROOT_HUB30\5&1B89085F&0
Service:
.
==== System Restore Points ===================
.
RP153: 4/4/2016 4:26:15 PM - Windows Update
RP154: 4/8/2016 4:49:12 PM - Windows Update
RP155: 4/8/2016 5:48:25 PM - Windows Update
RP156: 4/19/2016 7:24:05 AM - Windows Update
RP157: 4/20/2016 2:18:48 PM - Windows Update
RP158: 4/24/2016 9:30:58 AM - Windows Update
RP159: 5/7/2016 7:52:29 AM - Windows Update
RP160: 5/7/2016 8:26:06 AM - Windows Update
.
==== Installed Programs ======================
.
Acronis True Image 2015
Adobe Acrobat Reader DC
Adobe Flash Player 21 ActiveX
Adobe Photoshop CS6
Adobe Refresh Manager
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
AVSDK5
Backblaze
Bonjour
Brother MFL-Pro Suite MFC-7340
Dropbox
EPSON Printer Software
Google Update Helper
i1Profiler
Intel(R) Network Connections 17.3.63.0
iolo technologies' System Mechanic Professional
iTunes
Malwarebytes Anti-Malware version 2.2.1.1043
Microsoft .NET Framework 4.6.1
Microsoft Office File Validation Add-In
Microsoft Office Professional Plus 2016 - en-us
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Nik Collection
NVIDIA 3D Vision Controller Driver 352.65
NVIDIA 3D Vision Driver 361.91
NVIDIA Control Panel 361.91
NVIDIA GeForce Experience 2.9.1.35
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 361.91
NVIDIA HD Audio Driver 1.3.34.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX System Software 9.15.0428
NVIDIA ShadowPlay 2.9.1.35
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 2.9.1.35
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.34
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
Pantone Color Manager 2.1.0
PDF Settings CS6
Perfect Photo Suite 8
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)
SHIELD Streaming
SHIELD Wireless Controller Driver
Synology Assistant (remove only)
Synology Data Replicator 3
System Mechanic 14 Professional
X-Rite Device Services Manager
.
==== Event Viewer Messages From Past Week ========
.
5/16/2016 10:41:02 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/16/2016 10:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/16/2016 10:41:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/16/2016 10:41:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/16/2016 10:40:55 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
5/16/2016 10:40:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/16/2016 10:40:55 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
5/16/2016 10:40:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache HWiNFO32 MpFilter NetBIOS NetBT nsiproxy Psched RawDisk3 rdbss snapman spldr tdx Wanarpv6 WfpLwf ws2ifsl
5/16/2016 10:40:54 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/16/2016 10:40:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/16/2016 10:40:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/16/2016 10:40:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/16/2016 10:40:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7001] - The Active Malware Protection Support Driver service depends on the Active Malware Protection Minifilter Driver service which failed to start because of the following error: The driver was not loaded because the system is booting into safe mode.
5/16/2016 10:40:53 AM, Error: Service Control Manager [7000] - The Active Malware Protection Minifilter Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/16/2016 10:40:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/15/2016 9:52:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/15/2016 9:52:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:52:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:52:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:43:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
5/15/2016 9:42:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/15/2016 9:42:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:42:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:42:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 9:42:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/15/2016 9:32:24 AM, Error: volmgr [46] - Crash dump initialization failed!
5/15/2016 10:29:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/15/2016 10:29:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:29:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:29:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:29:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/15/2016 10:28:31 AM, Error: Service Control Manager [7034] - The vsedsps service terminated unexpectedly. It has done this 1 time(s).
5/15/2016 10:28:31 AM, Error: Service Control Manager [7034] - The vseamps service terminated unexpectedly. It has done this 1 time(s).
5/15/2016 10:28:31 AM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
5/15/2016 10:28:31 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
5/15/2016 10:26:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/15/2016 10:26:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:26:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:26:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:26:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/15/2016 10:13:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
5/15/2016 10:13:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:13:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.1122.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.12706.0&avdelta=1.219.1122.0&asdelta=1.219.1122.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:13:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
5/15/2016 10:13:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
5/13/2016 5:54:21 PM, Error: Service Control Manager [7043] - The Acronis Nonstop Backup Service service did not shut down properly after receiving a preshutdown control.
5/13/2016 5:53:48 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
5/13/2016 5:53:15 PM, Error: Service Control Manager [7043] - The Acronis Scheduler2 Service service did not shut down properly after receiving a preshutdown control.
5/13/2016 5:20:28 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/13/2016 5:16:05 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
5/13/2016 3:27:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800cfb7060, 0xfffff80000b9a3d8, 0xfffffa800cf249d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051316-8377-01.
.
==== End Of File ===========================
Thank you
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 10 Sep 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu May 19, 2016 3:06 am    Post subject: Re: Ramnit Reply with quote

Hi and welcome to the forum.
slohr wrote:
hi - new to the forum. I have a synology NAS attached to my network. Anitvirus software on the NAS quarantined a couple of DLL's and identified threat as Ramnit. On the desktop, i've run several scans and nothing has been detected, but i'm seeing symptoms of Ramnit, i.e. security essentials is turned off and i am unable to run any software.

Is there a way to clean this up without a reformat and clean install

Unfortunately, there is no way to "get rid of" a Ramnit infection on an infected machine, without re-installing Windows.
It is frequently transmitted by an infected flash drive, so if you have any flash drives that have been plugged into this machine, I would discard them. Don't try to fix or reformat them.
-----------------------------------------------------------
Unfortunately, this is a very dangerous, catastrophic infection, with "backdoor" capabilities.
This allows intruders to remotely control the computer, log keystrokes, steal critical system information, and download and execute files of their own.


  • Get this machine OFF the Internet. It can infect others.
  • If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. This would include contacts like your Internet Provider, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups to which you belong.
  • It would be wise to contact any of the financial institutions directly and apprise them of your situation. Failure to notify your financial institutions can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
  • Do NOT change passwords or do any transactions while using the infected computer because the intruder may get the new passwords and transaction information.

How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

Once infected with this type of Trojan or Worm, the ONLY course of action is to completely Re-install the Windows Operating System from scratch. That is my best advice to you.
In this case, the infection is known as a polymorphic file infector.
It corrupts possibly hundreds of system files, so there is NO REMEDY except to either do a COMPLETE RECOVERY, using the Manufacturer's option at bootup, or a complete "reformat/re-install" of Windows.
There is a tutorial here on Remote Access Trojans and Full System Recovery methods: http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=60204

Performing a complete disk reformat and fresh installation of windows will work, if you have a Windows installation disk.
If your machine has a system recovery option at bootup, only an option that puts the machine back into its "as purchased" state will work. Any "Repair install" or similar will fail.

If you don't have a Windows system disk, you may be able to get one at reasonable cost from the manufacturer.
AT THIS TIME, I WOULD NOT ATTEMPT TO USE ANY BACKUPS FOR ANY PURPOSE, EVEN AFTER A COMPLETE RECOVERY.
The only safe programs to re-install would be from original installation CDs.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 10 Sep 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun May 22, 2016 5:12 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group