ziyabill Posted March 19, 2013 ID:658680 Share Posted March 19, 2013 Hello,Everyday , I am getting Symantec Auto-Protect detection of Trojan.Gen.2 . I am using Symantec at office. Operating system Windows7 Ultimate, 64 bit. Can anyone help me to clean my comp if it is infected, if not help me to get rid of that notification Thank you in advance Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2013 ID:658707 Share Posted March 19, 2013 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)MrCNote:Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
ziyabill Posted March 19, 2013 Author ID:658764 Share Posted March 19, 2013 DDS.txt :DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 8.0.7601.17514Run by ziyabill at 18:10:55 on 2013-03-19Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1049.18.3983.1578 [GMT 4:00].AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Windows\system32\svchost.exe -k iissvcsC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files (x86)\Winamp\winampa.exeC:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Opera\opera.exeC:\Program Files (x86)\Notepad++\notepad++.exeD:\soft\sqldeveloper-3.2.10.09.57\sqldeveloper\sqldeveloper.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXEC:\Windows\explorer.exeC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXEC:\Windows\System32\mstsc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\explorer.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.mail.ru/cnt/7829uProxyServer = proxyip:8080mWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllBHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllEB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizeduRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exemRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: &Экспорт в Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7zip719.default\FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=FF - prefs.js: browser.search.selectedEngine - mail.ru: РџРѕРёСЃРє РІ РнтернетеFF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/7829FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=FF - prefs.js: network.proxy.http - proxyFF - prefs.js: network.proxy.http_port - 8080FF - prefs.js: network.proxy.type - 1FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}FF - Ext: Спутник @Mail.Ru: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D} - %profile%\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}.============= SERVICES / DRIVERS ===============.R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-19 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-19 682344]R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2012-5-12 1822296]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-29 138912]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-29 169752]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-19 24176]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-22 646248]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-11-22 14464].=============== Created Last 30 ================.2013-03-19 13:55:45 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes2013-03-19 13:55:23 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-19 13:55:22 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-19 13:55:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-19 13:53:52 -------- d-----w- C:\Users\User\AppData\Local\Programs2013-03-11 08:36:27 -------- d-----w- C:\ProgramData\MetaQuotes2013-03-11 07:59:54 -------- d-----w- C:\Users\User\AppData\Roaming\IrfanView2013-03-11 07:59:53 -------- d-----w- C:\Program Files (x86)\IrfanView2013-03-04 14:10:36 -------- d-----w- C:\Windows\SysWow64\BestPractices2013-03-04 14:10:28 -------- d-----w- C:\Windows\System32\BestPractices2013-03-04 14:10:26 -------- d-----w- C:\inetpub2013-03-01 10:28:16 -------- d-----w- C:\Users\User\AppData\Local\Microsoft Games2013-02-28 10:28:45 -------- d-----w- C:\Program Files (x86)\application2013-02-27 08:32:18 -------- d-----w- C:\Symantec.==================== Find3M ====================.2013-02-04 13:36:28 963488 ----a-w- C:\Windows\System32\deployJava1.dll2013-02-04 13:36:28 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-02-04 13:36:28 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-02-01 09:57:33 233120 ----a-w- C:\Windows\System32\drivers\wpshelper.sys2013-01-29 10:39:44 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-01-08 13:23:50 277488 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe2013-01-08 13:23:48 511984 ----a-w- C:\Windows\System32\igfxsrvc.exe2013-01-08 13:23:48 172016 ----a-w- C:\Windows\System32\igfxtray.exe2013-01-08 13:23:46 5905904 ----a-w- C:\Windows\System32\GfxUI.exe2013-01-08 13:23:46 441840 ----a-w- C:\Windows\System32\igfxpers.exe2013-01-08 13:23:46 399856 ----a-w- C:\Windows\System32\hkcmd.exe2013-01-08 13:23:46 254960 ----a-w- C:\Windows\System32\igfxext.exe2013-01-08 13:23:44 185840 ----a-w- C:\Windows\System32\difx64.exe.============= FINISH: 18:11:05.84 ===============Attach.txt :.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 11/22/2012 3:21:23 PMSystem Uptime: 3/19/2013 10:40:18 AM (8 hours ago).Motherboard: Foxconn | | 2ABFProcessor: Intel® Core i5-3470 CPU @ 3.20GHz | SOCKET 0 | 3201/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 98 GiB total, 62.647 GiB free.D: is FIXED (NTFS) - 368 GiB total, 350.929 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Tools for .Net 3.5Adobe Flash Player 10 PluginAdobe Reader X (10.1.0) - RussianBlend for Visual Studio 2012Blend for Visual Studio 2012 ENU resourcesDotfuscator and Analytics Community EditionEntity Framework Designer for Visual Studio 2012 - enuGoogle ChromehppLaserJetServicehppP1100P1560P1600SeriesLaserJetServicehppusgP1100P1560P1600SeriesHPSSupplyIIS 8.0 ExpressIIS Express Application Compatibility Database for x64IIS Express Application Compatibility Database for x86Intel® Processor GraphicsIntel® SDK for OpenCL - CPU Only Runtime PackageIrfanView (remove only)Java 7 Update 13 (64-bit)Java SE Development Kit 7 Update 9 (64-bit)K-Lite Mega Codec Pack 7.8.0LiveUpdate 3.3 (Symantec Corporation)LocalESPCLocalESPCui for en-usMalwarebytes Anti-Malware version 1.70.0.1100MarketResearchMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5Microsoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft ASP.NET MVC 3Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools UpdateMicrosoft ASP.NET MVC 4 - Visual Studio 2012 ToolsMicrosoft ASP.NET MVC 4 RuntimeMicrosoft ASP.NET Web PagesMicrosoft ASP.NET Web Pages - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 - Visual Studio 2012 ToolsMicrosoft ASP.NET Web Pages 2 RuntimeMicrosoft Help Viewer 2.0Microsoft LightSwitch for Visual Studio 2012 CoreMicrosoft LightSwitch for Visual Studio 2012 CoreRes - ENUMicrosoft NuGet - Visual Studio 2012Microsoft Office Access MUI (English) 2007Microsoft Office Access MUI (Russian) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Excel MUI (Russian) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove MUI (Russian) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office InfoPath MUI (Russian) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office OneNote MUI (Russian) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office Outlook MUI (Russian) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint MUI (Russian) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Russian) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Ukrainian) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing (Russian) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Publisher MUI (Russian) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (Russian) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (Russian) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Office Word MUI (Russian) 2007Microsoft Portable Library Multi-Targeting PackMicrosoft Portable Library Multi-Targeting Pack Language Pack - enuMicrosoft Report Viewer Add-On for Visual Studio 2012Microsoft SilverlightMicrosoft Silverlight 4 SDKMicrosoft Silverlight 5 SDKMicrosoft SQL Server 2012 Command Line UtilitiesMicrosoft SQL Server 2012 Data-Tier App FrameworkMicrosoft SQL Server 2012 Express LocalDBMicrosoft SQL Server 2012 Management ObjectsMicrosoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native ClientMicrosoft SQL Server 2012 T-SQL Language ServiceMicrosoft SQL Server 2012 Transact-SQL Compiler ServiceMicrosoft SQL Server 2012 Transact-SQL ScriptDomMicrosoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (11.1.20627.00)Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727Microsoft Visual C++ 2012 CompilersMicrosoft Visual C++ 2012 Compilers - ENU ResourcesMicrosoft Visual C++ 2012 Core LibrariesMicrosoft Visual C++ 2012 Extended LibrariesMicrosoft Visual C++ 2012 Microsoft Foundation Class LibrariesMicrosoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2012 DevenvMicrosoft Visual Studio 2012 Devenv ResourcesMicrosoft Visual Studio 2012 IntelliTrace Core amd64Microsoft Visual Studio 2012 IntelliTrace Core x86Microsoft Visual Studio 2012 IntelliTrace Front End x86Microsoft Visual Studio 2012 Performance Collection ToolsMicrosoft Visual Studio 2012 Performance Collection Tools - ENUMicrosoft Visual Studio 2012 PreparationMicrosoft Visual Studio 2012 SharePoint Developer ToolsMicrosoft Visual Studio 2012 SharePoint Developer Tools ENU Language PackMicrosoft Visual Studio 2012 Shell (Minimum)Microsoft Visual Studio 2012 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio 2012 Shell (Minimum) ResourcesMicrosoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENUMicrosoft Visual Studio Premium 2012Microsoft Visual Studio Premium 2012 - ENUMicrosoft Visual Studio Professional 2012Microsoft Visual Studio Professional 2012 - ENUMicrosoft Visual Studio Team Foundation Server 2012 Object ModelMicrosoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 StoryboardingMicrosoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENUMicrosoft Visual Studio Team Foundation Server 2012 Team ExplorerMicrosoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENUMicrosoft Visual Studio Ultimate 2012Microsoft Visual Studio Ultimate 2012 - ENUMicrosoft Visual Studio Ultimate 2012 XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2012 XAML UI Designer enu ResourcesMicrosoft Web Deploy 3.0Microsoft Web Deploy dbSqlPackage Provider - enuMicrosoft Web Developer Tools - Visual Studio 2012Microsoft Web Platform Installer 4.0Mozilla Firefox (3.6.3)MuganBank Trading StationNero 7 EssentialsNotepad++Opera 11.51PreEmptive Analytics Visual Studio ComponentsPrerequisites for SSDTSkype ToolbarsSkype™ 5.0soapUI 4.0.1 4.0.1Symantec Endpoint ProtectionUpdate for (KB2504637)Visual Studio 2012 PrerequisitesVisual Studio 2012 Prerequisites - ENU Language PackVisual Studio Extensions for Windows Library for JavaScriptWCF Data Services 5.0 (for OData v3) Primary ComponentsWCF Data Services Tools for Microsoft Visual Studio 2012WCF RIA Services V1.0 SP2Winamp (remove only)Windows App Certification Kit Native ComponentsWindows App Certification Kit x64Windows Runtime Intellisense Content - en-usWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store AppsWindows Software Development Kit for Windows Store Apps DirectX x64 RemoteWindows Software Development Kit for Windows Store Apps DirectX x86 RemoteWinRAR 4.20 (32-bit).==== Event Viewer Messages From Past Week ========.3/19/2013 6:02:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.3/19/2013 2:19:25 PM, Error: NetBT [4321] - The name "PK :0" could not be registered on the interface with IP address 10.24.17.135. The computer with the IP address 10.24.17.142 did not allow the name to be claimed by this computer.3/19/2013 2:19:24 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{04844B0C-41A2-4A34-804D-EDB9DF8CC94A} because another computer on the network has the same name. The server could not start.3/19/2013 2:19:24 PM, Error: NetBT [4321] - The name "PK :20" could not be registered on the interface with IP address 10.24.17.135. The computer with the IP address 10.24.17.142 did not allow the name to be claimed by this computer.3/19/2013 10:48:16 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.3/19/2013 10:48:16 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.3/19/2013 10:46:44 AM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.3/19/2013 10:41:14 AM, Error: Service Control Manager [7022] - The Application Host Helper Service service hung on starting.3/19/2013 10:39:37 AM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The data is invalid.3/18/2013 5:47:44 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.3/18/2013 1:21:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.3/15/2013 4:53:48 PM, Error: NetBT [4321] - The name "PK :0" could not be registered on the interface with IP address 10.24.17.135. The computer with the IP address 10.24.17.141 did not allow the name to be claimed by this computer.3/15/2013 12:24:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.3/15/2013 12:24:14 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.3/15/2013 12:22:09 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.3/15/2013 12:12:12 PM, Error: NetBT [4321] - The name "PK :20" could not be registered on the interface with IP address 10.24.17.135. The computer with the IP address 10.24.17.141 did not allow the name to be claimed by this computer.3/13/2013 11:34:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.3/13/2013 11:33:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.3/13/2013 11:32:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.3/13/2013 11:26:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.3/12/2013 12:36:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service..==== End Of File =========================== Link to post Share on other sites More sharing options...
ziyabill Posted March 19, 2013 Author ID:658776 Share Posted March 19, 2013 Roquekiller :RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : ziyabill[Admin rights]Mode : Scan -- Date : 03/19/2013 18:25:26| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy:8080) -> FOUND[PROXY FF] g7zip719.default\ proxy:8080 -> FOUND[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++--- User ---[MBR] 3806e1558757d5c8648c9552a88a3490[bSP] 76eeb3e846efb7e70c4cb4c2d8a211b1 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_03192013_02d1825.txt >>RKreport[1]_S_03192013_02d1825.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 19, 2013 ID:658780 Share Posted March 19, 2013 Not much showing....lets run some scans:Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
ziyabill Posted March 20, 2013 Author ID:659004 Share Posted March 20, 2013 Thank you, I will go to office, after 2 or 7 days. Please wait, don't close this topic. I will reply you back as soon as possible. Thank you Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 3, 2013 ID:664309 Share Posted April 3, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts