Posted April 1, 201410 yr Hello, I suspect there is unauthorized backdoor access to my computer. A few days ago, security essentials reported a backdoor malware file and deleted it. However, is reporting many errors, and my browser history shows activity and pages visited while I am asleep. I tried to do a third party full drive scan overnight. I expected to wake up to a diagnostics report, but computer had been rebooted. The third party software I saw had no log files. I went to see my browser, and it showed activity to email url, and cloud drive url while I was asleep (I am the only user of this computer). Yesterday I changed all passwords, and requested a disconnect from all open sessions, so I am sure whoever tried to login to account was unable to do so. How can I fix my computer? I have ran security essential but nothing shows up. I deleted a file in C:/Windos/System32/drivers/lvuvc.hs which indicated it had been modified before I woke up. It had no content whatsoever. Does Security Essentials looks for rootkit malware? How can I figure out if somebody is accessing my computer via a connection somehow? I am exhausted. Please help me fix this Here I post some of the errors shown in events viewer since last night (I deleted the meta data text chunks to make it easier to read): Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:20:37 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:20:24 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: System Source: Microsoft-Windows-Kernel-PnP Date: 4/1/2014 5:20:10 AM Event ID: 219 Task Category: (212) Level: Warning Keywords: User: SYSTEM Computer: mycomputer Description: The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#. Log Name: System Source: Microsoft-Windows-Kernel-PnP Date: 4/1/2014 5:20:10 AM Event ID: 219 Task Category: (212) Level: Warning Keywords: User: SYSTEM Computer: mycomputer Description: The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#. Log Name: System Source: Microsoft-Windows-Kernel-PnP Date: 4/1/2014 5:20:09 AM Event ID: 219 Task Category: (212) Level: Warning Keywords: User: SYSTEM Computer: mycomputer Description: The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#. Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:19:10 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: Application Source: Application Virtualization Client Date: 4/1/2014 5:19:02 AM Event ID: 3057 Task Category: (6) Level: Warning Keywords: Classic User: N/A Computer: mycomputer Description: {tid=B64} The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: mycomputer Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: Log Name: Application Source: Application Virtualization Client Date: 4/1/2014 5:18:58 AM Event ID: 3191 Task Category: (3) Level: Warning Keywords: Classic User: N/A Computer: mycomputer Description: {tid=B64} -------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt) Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:18:49 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: System Source: Service Control Manager Date: 4/1/2014 5:18:48 AM Event ID: 7000 Task Category: None Level: Error Keywords: Classic User: N/A Computer: mycomputer Description: The lxdoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Log Name: System Source: Service Control Manager Date: 4/1/2014 5:18:48 AM Event ID: 7009 Task Category: None Level: Error Keywords: Classic User: N/A Computer: mycomputer Description: A timeout was reached (30000 milliseconds) while waiting for the lxdoCATSCustConnectService service to connect. Log Name: System Source: Service Control Manager Date: 4/1/2014 5:18:39 AM Event ID: 7000 Task Category: None Level: Error Keywords: Classic User: N/A Computer: mycomputer Description: The AODDriver4.2 service failed to start due to the following error: The system cannot find the file specified. Log Name: Microsoft-Windows-Kernel-EventTracing/Admin Source: Microsoft-Windows-Kernel-EventTracing Date: 4/1/2014 5:18:25 AM Event ID: 3 Task Category: Session Level: Error Keywords: Session User: SYSTEM Computer: mycomputer Description: Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:17:44 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 5:17:40 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: Application Source: Microsoft-Windows-User Profiles Service Date: 4/1/2014 5:17:36 AM Event ID: 1530 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: mycomputer Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-2988337448-1510076473-2370736219-1000: Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Microsoft\Internet Explorer\Main Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 452 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2988337448-1510076473-2370736219-1000\Software\Policies Log Name: Application Source: Microsoft-Windows-RestartManager Date: 4/1/2014 5:01:21 AM Event ID: 10010 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: mycomputer Description: Application 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' (pid 6140) cannot be restarted - Application SID does not match Conductor SID.. Log Name: Application Source: VSS Date: 4/1/2014 5:00:13 AM Event ID: 12348 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: mycomputer Description: Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{1c4e3884-5b4e-11e2-9350-ed94514e317e}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again. Operation: Removing auto-release shadow copies Loading provider Context: Execution Context: System Provider Log Name: System Source: Microsoft-Windows-DNS-Client Date: 4/1/2014 2:42:50 AM Event ID: 1012 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: mycomputer Description: There was an error while attempting to read the local hosts file. Log Name: Application Source: VSS Date: 3/31/2014 8:23:46 PM Event ID: 12348 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: mycomputer Description: Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{1c4e3884-5b4e-11e2-9350-ed94514e317e}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again. Operation: Removing auto-release shadow copies Loading provider Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.