Jump to content

Tracur Again? Please Help.


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428
Run by CVD5013 at 18:08:07 on 2014-01-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8157.7097 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ipsbho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coieplg.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\CVD5013\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\CVD5013\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C8C5F636-BD47-48E3-85FF-4AEECCF9D796} : DHCPNameServer = 192.168.0.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2013-10-31 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2013-10-31 221304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2013-10-31 593544]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20131227.001\IDSviA64.sys [2013-12-27 521944]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2013-10-31 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2013-10-31 451704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2013-10-31 45736]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-31 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-31 701512]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2013-10-31 126400]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-31 25928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-31 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-31 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-31 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== Created Last 30 ================
.
2014-01-07 18:36:34 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38B14AA3-1126-45BB-9332-A8101FF33122}\mpengine.dll
2014-01-07 18:36:08 -------- d-----w- C:\Users\CVD5013\AppData\Roaming\Tific
2014-01-07 18:36:05 -------- d-----w- C:\Users\CVD5013\AppData\Local\Symantec
2014-01-07 18:17:05 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-27 14:52:22 -------- d-----w- C:\ProgramData\Lexmark Pro200-S500 Series
2013-12-13 13:22:13 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 13:22:13 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 13:22:12 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 13:22:12 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-13 13:16:09 -------- d-----w- C:\Windows\Migration
2013-12-13 12:58:28 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E5BF2DD-402D-4455-80B5-8472D62438FC}\gapaengine.dll
2013-12-13 12:58:11 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-13 12:58:11 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-13 12:58:10 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-13 12:58:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-13 12:58:09 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-13 12:58:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-13 12:58:09 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-13 12:58:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-13 12:58:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-13 12:57:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-13 12:57:58 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-13 12:57:58 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-13 12:57:58 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-13 12:57:58 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-13 12:57:58 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-13 12:57:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-13 12:57:58 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-13 12:57:58 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-13 12:57:57 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
==================== Find3M  ====================
.
2013-12-02 12:26:47 983165 ----a-w- C:\ProgramData\SPL9C76.tmp
2013-12-01 17:58:25 162330 ----a-w- C:\ProgramData\SPL3392.tmp
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-31 22:51:21 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 18:08:15.49 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2013 11:25:35 AM
System Uptime: 1/7/2014 12:40:22 PM (54 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | CG5270
Processor: Intel® Core2 Quad CPU    Q8300  @ 2.50GHz | LGA775 | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 879.383 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Vista Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDIV\0000
Manufacturer: 
Name: Symantec Vista Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDIV\0000
Service: SYMTDIv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP34: 12/13/2013 7:06:55 AM - Windows Update
RP35: 12/18/2013 10:04:34 AM - Windows Update
RP36: 12/21/2013 11:50:26 AM - Windows Update
RP37: 12/27/2013 8:22:34 AM - Windows Update
RP38: 12/30/2013 9:43:17 AM - Windows Update
RP39: 1/3/2014 9:43:22 AM - Windows Update
RP40: 1/6/2014 10:24:56 AM - Windows Update
RP41: 1/7/2014 12:12:34 PM - Restore Operation
RP42: 1/7/2014 12:35:58 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
CCleaner
Dropbox
Google Chrome
Google Drive
Google Update Helper
iSEEK AnswerWorks English Runtime
Lexmark Pro200-S500 Series
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Password Administrator 3.0.085
Quicken 2013
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 6:08:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2014 6:06:04 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
1/9/2014 12:50:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1354.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
1/9/2014 12:50:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1354.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
1/9/2014 12:50:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/9/2014 12:43:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/8/2014 12:50:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1354.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
1/8/2014 12:50:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1354.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
1/7/2014 9:08:12 AM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 2 time(s).
1/7/2014 9:08:11 AM, Error: Service Control Manager [7000]  - The Network Connections service failed to start due to the following error:  The pipe has been ended.
1/7/2014 9:08:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/7/2014 9:08:10 AM, Error: Service Control Manager [7000]  - The Windows Audio Endpoint Builder service failed to start due to the following error:  The pipe has been ended.
1/7/2014 2:29:25 PM, Error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
1/7/2014 12:43:18 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/7/2014 12:43:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/7/2014 12:43:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2014 12:40:53 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccHP discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SYMTDIv Wanarpv6
1/7/2014 12:40:49 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7034]  - The Superfetch service terminated unexpectedly.  It has done this 3 time(s).
1/7/2014 12:29:31 PM, Error: Service Control Manager [7034]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 3 time(s).
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:29:31 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2014 12:28:22 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:28:22 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:28:22 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:27:12 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2014 12:25:45 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64
1/7/2014 12:25:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
1/7/2014 12:25:39 PM, Error: Service Control Manager [7000]  - The lxebCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/7/2014 12:24:06 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/7/2014 12:20:56 PM, Error: Service Control Manager [7034]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 3 time(s).
1/7/2014 12:17:15 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
1/7/2014 12:15:19 PM, Error: Service Control Manager [7001]  - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error:  A system shutdown is in progress.
1/7/2014 12:15:19 PM, Error: Service Control Manager [7000]  - The Portable Device Enumerator Service service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:15:19 PM, Error: Service Control Manager [7000]  - The Plug and Play service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:15:19 PM, Error: Service Control Manager [7000]  - The Offline Files service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:15:19 PM, Error: Service Control Manager [7000]  - The Distributed Link Tracking Client service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:15:19 PM, Error: Service Control Manager [7000]  - The Desktop Window Manager Session Manager service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:14:09 PM, Error: Service Control Manager [7000]  - The Human Interface Device Access service failed to start due to the following error:  A system shutdown is in progress.
1/7/2014 12:10:19 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
1/7/2014 12:10:19 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:09:09 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
1/7/2014 12:09:09 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2014 12:08:12 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:  An instance of the service is already running.
1/7/2014 12:07:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
1/7/2014 12:07:01 PM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/7/2014 12:07:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
1/7/2014 11:14:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1270.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/7/2014 11:14:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.1270.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/6/2014 11:15:50 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : CVD5013 [Admin rights]

Mode : Scan -- Date : 01/09/2014 18:59:34

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721010SLA360 ATA Device +++++

--- User ---

[MBR] 74248bdc073f256e6753aa3f914e8b2e

[bSP] a30e87312d9c00bf87853951eb50c640 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++

--- User ---

[MBR] 1bf64611eca13d44f1f3a6525cf3fa9a

[bSP] 6a3157bf95a31641e7f169d046416f51 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo

1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo

2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_01092014_185934.txt >>

RKreport[0]_S_01072014_124906.txt

 

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

There are two Security systems running with antivirus components, that really is counterproductive and will cause major issues for OS. It is essential to remove one ASAP.

Norton is a full suite so i`d recommend you keep that and remove Microsoft Security Essentials.

 

Removal tool available here: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your reply,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.