Jump to content

Recommended Posts

I feel like I've done all I could. I tried using rkill, malwarebytes, rogue killer, and I cant get rid of it. Avast is saying its a malware, located in the svchost.exe. As far as how it's affecting my laptop, when ever i start it up, audio will play, sounds like a bunch of ads and videos playing simultaneously. And every 20 minutes or so, a window will pop up saying "Plug and Play services have terminated unexpectedly" and I'll have to restart my computer.

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.22.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Taylor :: TAYLOR-HP [administrator]

2/22/2014 12:18:57 PM
mbam-log-2014-02-22 (12-18-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 35623
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Taylor\Downloads\flactomp3_setup.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Taylor\Downloads\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer:   BrowserJavaVersion: 10.5.1
Run by Taylor at 12:24:59 on 2014-02-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2149 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.



uProxyServer = 175.44.173.191:6675
uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Bucksbee Loyalty Plugin - Guppy Media: {652B399A-4CE6-ADF4-C9A0-DAE7374EE2FE} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - Guppy Media\BucksBee Loyalty Plugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [spotify Web Helper] "C:\Users\Taylor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [iCall] C:\Program Files (x86)\iCall\iCall.exe
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Taylor\AppData\Local\Akamai\netsession_win.exe"
uRun: [spotify] "C:\Users\Taylor\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Taylor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll



TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4}\1646D696E6 : DHCPNameServer = 208.67.222.222 208.67.220.220 208.67.220.222
TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4}\24162746C65646F6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4}\2456C6B696E6F5E4F575962756C6563737F5131373231393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4}\251667 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9DC58B95-5D2E-478E-A330-8EDA5BA4C6E4}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E05CD4A0-B5B2-44AB-9DD6-4581225173A6} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\4kozumqg.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Taylor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-8 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-8 1129120]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-21 283200]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-11-29 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-2 565352]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-8 167072]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120218.003\IDSviA64.sys [2012-2-22 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-8 190072]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-8 405624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-6 263496]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-6 9216]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-9 2425960]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-8 138272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-29 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-22 138360]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-6 317440]
S3 iscFlash;iscFlash;C:\SWSetup\sp56874\iscflashx64.sys [2012-5-7 49216]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-9 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-8-24 14544]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-2-2 422216]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-22 15:21:07    --------    d-----w-    C:\Users\Taylor\AppData\Local\ElevatedDiagnostics
2014-02-18 20:08:14    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FB918D9-24D7-4D64-BC7A-42FABD1915F8}\mpengine.dll
2014-02-14 11:05:10    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2014-02-18 21:00:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-18 21:00:33    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 17:25:52    267936    ----a-w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:26:41.10 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2011 1:53:41 PM
System Uptime: 2/22/2014 12:10:58 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1671
Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU1 | 2195/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 361.385 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.7 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 0.003 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP345: 2/10/2014 8:22:52 PM - Windows Backup
RP346: 2/14/2014 6:08:01 AM - avast! antivirus system restore point
RP347: 2/16/2014 10:15:50 PM - Windows Backup
RP348: 2/18/2014 3:13:54 PM - Windows Backup
RP349: 2/18/2014 4:20:16 PM - avast! antivirus system restore point
RP350: 2/21/2014 6:12:41 PM - avast! antivirus system restore point
RP351: 2/22/2014 10:15:08 AM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Flash Player 12 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 12.0
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 2.0
AuthenTec TrueAPI
BCool Gadget
Bonjour
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Celtx (2.9.1)
Convert Audio Free FLAC to MP3 version 1.0
CyberLink YouCam
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESU for Microsoft Windows 7 SP1
ffdshow [rev 3154] [2009-12-09]
FL Studio 10
Free YouTube to MP3 Converter version 3.12.13.925
Game Booster 3
GameShadow
Google Chrome
Google Update Helper
Halo 2 for Windows Vista
Hewlett-Packard ACLM.NET v1.2.1.1
Hi-Rez Studios Authenticate and Update Service
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Software Framework
HP Support Assistant
IDT Audio
IL Download Manager
IL Shared Libraries
ImgBurn
Intel® Control Center
Intel® Identity Protection Technology 1.2.22.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
ISO Recorder
iTunes
Java Auto Updater
Java 6 Update 30
Java 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Logitech SetPoint 5.20
LogMeIn Hamachi
LP Recorder Trial
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Magic Bullet Suite 64-bit
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
New Great Effects 1.6 Uninstall
Norton Internet Security
NVIDIA PhysX
OpenAL
Paint.NET v3.5.10
PlayReady PC Runtime x86
PrivitizeVPN
Project64 1.6
PunkBuster Services
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
RescuePRO 4.0
San Andreas Mod Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shop To Win
Skype Click to Call
Skype™ 5.10
Spotify
SUPERAntiSpyware
swMSM
Swords and Sandals 1 1.0
Swords and Sandals 2 2.0
Synaptics TouchPad Driver
TeamSpeak 3 Client
Trapcode Suite 64-bit
Underhell version 1.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VIP Access SDK (1.1.0.4)
WhatPulse 1.7.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.11 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/22/2014 8:46:31 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/22/2014 8:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/22/2014 8:39:10 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/22/2014 8:39:05 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2014 8:39:05 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:05 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:05 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:05 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:04 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 8:39:04 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2014 8:39:04 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2014 8:39:04 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2014 8:39:04 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/22/2014 12:25:42 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
2/22/2014 12:14:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/22/2014 12:14:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/22/2014 12:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/22/2014 12:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/22/2014 12:11:32 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS Wanarpv6
2/22/2014 12:11:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
2/22/2014 12:11:24 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
2/22/2014 10:26:38 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
2/22/2014 10:26:37 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/22/2014 10:26:37 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/22/2014 10:20:21 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS Wanarpv6
2/21/2014 6:39:46 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
2/20/2014 3:50:28 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
2/20/2014 12:04:33 PM, Error: Service Control Manager [7000]  - The Windows Biometric Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/20/2014 12:04:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
2/20/2014 12:04:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Biometric Service service to connect.
2/20/2014 11:30:28 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
2/18/2014 6:36:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
2/18/2014 6:36:49 PM, Error: Service Control Manager [7000]  - The TCP/IP NetBIOS Helper service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:47 PM, Error: Service Control Manager [7001]  - The Portable Device Enumerator Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Windows Process Activation Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Windows Live ID Sign-in Assistant service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Net.Tcp Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Net.Pipe Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The LogMeIn Hamachi Tunneling Engine service depends on the Windows Management Instrumentation service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:36 PM, Error: Service Control Manager [7001]  - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The Server service depends on the Security Accounts Manager service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The Norton Internet Security service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The LMIGuardianSvc service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The Intel® Identity Protection Technology Host Interface Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:35 PM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Audio Endpoint Builder service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Desktop Window Manager Session Manager service to connect.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The WLAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error:  The dependency service or group failed to start.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Extensible Authentication Protocol service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Encrypting File System (EFS) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The CNG Key Isolation service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7001]  - The avast! Antivirus service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Windows Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Windows Audio Endpoint Builder service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Themes service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Network Store Interface Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Diagnostic Policy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:34 PM, Error: Service Control Manager [7000]  - The Desktop Window Manager Session Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/18/2014 6:36:33 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
2/18/2014 5:19:08 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.2.4 with the system having network hardware address A8-54-B2-53-FB-4E. Network operations on this system may be disrupted as a result.
2/18/2014 12:51:10 PM, Error: Service Control Manager [7001]  - The Tablet PC Input Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2014 12:51:06 PM, Error: Service Control Manager [7022]  - The Net.Tcp Port Sharing Service service hung on starting.
2/16/2014 10:34:02 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/15/2014 9:14:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003fffb50, 0xfffff80000ba2740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021514-30591-01.
.
==== End Of File ===========================
 

Link to post
Share on other sites

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Taylor [Admin rights]
Mode : Scan -- Date : 02/22/2014 12:30:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (175.44.173.191:6675 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.Zekos|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1       activate.adobe.com
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6476GSX +++++
--- User ---
[MBR] 7d8a7efdf5ff28f7051ee1395d43e268
[bSP] 167f786979dbbf3206710b60c66203c9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 590468 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1209688064 | Size: 15748 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 92db946c78ff8574ab76b5a7f483bdf6
[bSP] 60235e51158a73027937dd60ef13a7b3 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[0]_S_02222014_123000.txt >>
RKreport[0]_D_02182014_182835.txt;RKreport[0]_S_02182014_182553.txt


 

Link to post
Share on other sites

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

What are you using for your anti-virus?? You can't use both Norton and Defender.

---------------------------------

Did you set this Proxy:

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (175.44.173.191:6675 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> FOUND

 

-------------------------------

Why is this in your host file:

127.0.0.1 activate.adobe.com

---------------------------------

Please uninstall these from your add/remove programs if possible:

PrivitizeVPN

Shop To Win

--------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.