Jump to content

Zingaro

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Zingaro
    Hi gringo, Thanks for all your help - but this seems like a great deal of effort and time for a system that's basically running properly. Like, what's wrong with these Java updates? uTorrent and jzip are applications that I use. To which I know you'll say, better safe than sorry, but I just don't have the time at the moment to run all these additional tools. I just checked System Restore, and the Restore points are gone again. *sigh* As soon as I'm done the project I'm working on, I'll take another look and repost. Thanks.
  2. Zingaro
    Hi Gringo, Computer still running fine. I can't quite figure out if System Restore is working properly or not. I could only see one Restore Point from yesterday, but I suspect it's because I didn't allow it enough Disk Usage. I've now increased to 2% (1.56 GB) and it looks like it's keeping them. ComboFix mentions it's attempting to create a Restore Point -- should I be able to see one? If so, I'll try running it again. But that's about as much as I'm willing to troubleshoot this problem -- since the computer still runs fine. I think it's time I upgrade to a new system anyways. Have you played with Windows 8 yet? Here's the log you asked for: ComboFix 12-11-22.03 - Zingaro 23/11/2012 9:42.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.1945 [GMT 1:00] Running from: a:\desktop\ComboFix.exe Command switches used :: a:\desktop\cfscript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 23 R6025 - pure virtual function call Access is denied. . . ((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))) . . 2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----r- c:\program files (x86)\Skype 2012-11-22 15:14 . 2012-11-22 19:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\offreg.dll 2012-11-22 13:04 . 2012-11-22 13:04 -------- d-----w- c:\program files (x86)\MindFusion Limited 2012-11-22 12:47 . 2012-11-22 18:09 -------- d-----w- c:\users\Zingaro\AppData\Roaming\FileZilla 2012-11-22 12:47 . 2012-11-22 17:59 -------- d-----w- c:\program files (x86)\FileZilla-3.6.0.1 2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL 2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International 2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL 2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL 2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL 2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE 2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK 2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL 2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes 2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes 2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11 2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro 2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003 2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle 2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle 2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software 2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software 2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal 2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith 2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3 2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN 2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games 2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT 2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games 2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT 2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll 2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll 2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll 2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll 2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs 2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp] @="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}" [HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError] @="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}" [HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp] @="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}" [HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup] @="{2CDD871E-60EB-40BD-9721-A1CB57042F75}" [HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480] Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120] R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549] R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x] R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312] R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x] R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 Kilgray: memoQ update permissions manager. 2595325.;Kilgray: memoQ update permissions manager. 2595325.;c:\program files (x86)\Kilgray\memoQ62\AUClient.exe [2012-11-14 696320] S2 Kilgray: memoQ update permissions manager. 340979.;Kilgray: memoQ update permissions manager. 340979.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-11-14 696320] S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320] S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120] S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928] S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job - c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job - c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03] . 2012-11-19 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job - c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43] . 2012-11-22 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job - c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp] @="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}" [HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError] @="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}" [HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp] @="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}" [HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup] @="{2CDD871E-60EB-40BD-9721-A1CB57042F75}" [HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://webmail.inghams.co.uk/exchange/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.178.1 192.168.0.1 FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\ FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 2595325.] "ImagePath"="c:\program files (x86)\Kilgray\memoQ62\AUClient.exe -PermissionManagerRun" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 340979.] "ImagePath"="c:\program files (x86)\Kilgray\memoQ60\AUClient.exe -PermissionManagerRun" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener] "ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR " . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*] "bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68, 64,6b,69,6a,6c,69,6c,6e,6a,65,00,76 "abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68, 64,6b,69,6a,6c,69,6c,6e,6a,65,00,76 . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c, a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000140 "Therad"=dword:00000025 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81, 51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81, 51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-23 10:09:24 ComboFix-quarantined-files.txt 2012-11-23 09:09 ComboFix2.txt 2012-11-22 10:44 . Pre-Run: 5,740,687,360 bytes free Post-Run: 5,577,252,864 bytes free . - - End Of File - - 347B6AA7B2693C76FE7D3AF914C88665
  3. Zingaro
    Hola gringo, I think it was a false alarm -- I simply didn't have any Restore Points created. I tried creating two manually and they are showing. Not sure if you still wanted me to run the rootkit programs but I decided to. It seems to me the logs are ok. I'm running Daemon Tools (sptd.sys) which flagged both programs, but I'm still pretty sure I'm clean. I await your confirmation. 19:11:02.0381 7460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 19:11:02.0646 7460 ============================================================ 19:11:02.0646 7460 Current date / time: 2012/11/22 19:11:02.0646 19:11:02.0646 7460 SystemInfo: 19:11:02.0646 7460 19:11:02.0646 7460 OS Version: 6.1.7601 ServicePack: 1.0 19:11:02.0646 7460 Product type: Workstation 19:11:02.0646 7460 ComputerName: ZINGARO-PC 19:11:02.0647 7460 UserName: Zingaro 19:11:02.0647 7460 Windows directory: C:\Windows 19:11:02.0647 7460 System windows directory: C:\Windows 19:11:02.0647 7460 Running under WOW64 19:11:02.0647 7460 Processor architecture: Intel x64 19:11:02.0647 7460 Number of processors: 2 19:11:02.0647 7460 Page size: 0x1000 19:11:02.0647 7460 Boot type: Normal boot 19:11:02.0647 7460 ============================================================ 19:11:04.0885 7460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:11:04.0895 7460 ============================================================ 19:11:04.0895 7460 \Device\Harddisk0\DR0: 19:11:04.0895 7460 MBR partitions: 19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x9C40033 19:11:04.0945 7460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC384000, BlocksNum 0x188CE000 19:11:04.0945 7460 ============================================================ 19:11:05.0037 7460 C: <-> \Device\Harddisk0\DR0\Partition2 19:11:05.0076 7460 A: <-> \Device\Harddisk0\DR0\Partition3 19:11:05.0139 7460 ============================================================ 19:11:05.0139 7460 Initialize success 19:11:05.0139 7460 ============================================================ 19:11:08.0150 3408 ============================================================ 19:11:08.0150 3408 Scan started 19:11:08.0150 3408 Mode: Manual; 19:11:08.0150 3408 ============================================================ 19:11:12.0698 3408 ================ Scan system memory ======================== 19:11:12.0698 3408 System memory - ok 19:11:12.0708 3408 ================ Scan services ============================= 19:11:12.0919 3408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:11:12.0928 3408 1394ohci - ok 19:11:12.0980 3408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:11:12.0999 3408 ACPI - ok 19:11:13.0017 3408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:11:13.0019 3408 AcpiPmi - ok 19:11:13.0218 3408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:11:13.0222 3408 AdobeARMservice - ok 19:11:13.0404 3408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:11:13.0425 3408 adp94xx - ok 19:11:13.0444 3408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:11:13.0469 3408 adpahci - ok 19:11:13.0487 3408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:11:13.0492 3408 adpu320 - ok 19:11:13.0537 3408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:11:13.0540 3408 AeLookupSvc - ok 19:11:13.0596 3408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:11:13.0605 3408 AFD - ok 19:11:13.0700 3408 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 19:11:13.0735 3408 AgereSoftModem - ok 19:11:13.0769 3408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:11:13.0771 3408 agp440 - ok 19:11:13.0820 3408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:11:13.0820 3408 ALG - ok 19:11:13.0851 3408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:11:13.0852 3408 aliide - ok 19:11:13.0972 3408 ALSysIO - ok 19:11:14.0003 3408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:11:14.0005 3408 amdide - ok 19:11:14.0037 3408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:11:14.0040 3408 AmdK8 - ok 19:11:14.0056 3408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 19:11:14.0059 3408 AmdPPM - ok 19:11:14.0107 3408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:11:14.0111 3408 amdsata - ok 19:11:14.0157 3408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 19:11:14.0162 3408 amdsbs - ok 19:11:14.0192 3408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:11:14.0195 3408 amdxata - ok 19:11:14.0242 3408 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 19:11:14.0246 3408 androidusb - ok 19:11:14.0342 3408 [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe 19:11:14.0346 3408 Apache2.2 - ok 19:11:14.0428 3408 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 19:11:14.0479 3408 AppHostSvc - ok 19:11:14.0556 3408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:11:14.0569 3408 AppID - ok 19:11:14.0621 3408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:11:14.0627 3408 AppIDSvc - ok 19:11:14.0756 3408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:11:14.0766 3408 Appinfo - ok 19:11:15.0080 3408 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:11:15.0080 3408 Apple Mobile Device - ok 19:11:15.0120 3408 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 19:11:15.0130 3408 AppMgmt - ok 19:11:15.0160 3408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 19:11:15.0170 3408 arc - ok 19:11:15.0190 3408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:11:15.0228 3408 arcsas - ok 19:11:15.0412 3408 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:11:15.0424 3408 aspnet_state - ok 19:11:15.0484 3408 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 19:11:15.0484 3408 aswFsBlk - ok 19:11:15.0646 3408 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 19:11:15.0648 3408 aswMonFlt - ok 19:11:15.0678 3408 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 19:11:15.0678 3408 aswRdr - ok 19:11:15.0749 3408 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 19:11:15.0775 3408 aswSnx - ok 19:11:15.0820 3408 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 19:11:15.0834 3408 aswSP - ok 19:11:15.0902 3408 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 19:11:15.0902 3408 aswTdi - ok 19:11:15.0932 3408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:11:15.0932 3408 AsyncMac - ok 19:11:15.0952 3408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:11:15.0952 3408 atapi - ok 19:11:16.0032 3408 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys 19:11:16.0067 3408 athr - ok 19:11:16.0124 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:11:16.0154 3408 AudioEndpointBuilder - ok 19:11:16.0194 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:11:16.0194 3408 AudioSrv - ok 19:11:16.0296 3408 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 19:11:16.0306 3408 avast! Antivirus - ok 19:11:16.0346 3408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:11:16.0346 3408 AxInstSV - ok 19:11:16.0387 3408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 19:11:16.0387 3408 b06bdrv - ok 19:11:16.0407 3408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:11:16.0417 3408 b57nd60a - ok 19:11:16.0440 3408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:11:16.0443 3408 BDESVC - ok 19:11:16.0465 3408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:11:16.0468 3408 Beep - ok 19:11:16.0509 3408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:11:16.0529 3408 BFE - ok 19:11:16.0579 3408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 19:11:16.0631 3408 BITS - ok 19:11:16.0681 3408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:11:16.0681 3408 blbdrive - ok 19:11:16.0753 3408 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:11:16.0763 3408 Bonjour Service - ok 19:11:16.0809 3408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:11:16.0812 3408 bowser - ok 19:11:16.0839 3408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 19:11:16.0840 3408 BrFiltLo - ok 19:11:16.0860 3408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 19:11:16.0861 3408 BrFiltUp - ok 19:11:16.0895 3408 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 19:11:16.0895 3408 BridgeMP - ok 19:11:16.0935 3408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:11:16.0935 3408 Browser - ok 19:11:16.0965 3408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:11:16.0965 3408 Brserid - ok 19:11:16.0984 3408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:11:16.0986 3408 BrSerWdm - ok 19:11:17.0007 3408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:11:17.0010 3408 BrUsbMdm - ok 19:11:17.0019 3408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:11:17.0021 3408 BrUsbSer - ok 19:11:17.0064 3408 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 19:11:17.0066 3408 BthEnum - ok 19:11:17.0077 3408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:11:17.0077 3408 BTHMODEM - ok 19:11:17.0117 3408 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:11:17.0121 3408 BthPan - ok 19:11:17.0169 3408 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 19:11:17.0199 3408 BTHPORT - ok 19:11:17.0252 3408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:11:17.0258 3408 bthserv - ok 19:11:17.0351 3408 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 19:11:17.0351 3408 BTHUSB - ok 19:11:17.0421 3408 catchme - ok 19:11:17.0441 3408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:11:17.0454 3408 cdfs - ok 19:11:17.0488 3408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:11:17.0492 3408 cdrom - ok 19:11:17.0533 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:11:17.0543 3408 CertPropSvc - ok 19:11:17.0576 3408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 19:11:17.0578 3408 circlass - ok 19:11:17.0611 3408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:11:17.0618 3408 CLFS - ok 19:11:17.0665 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:11:17.0665 3408 clr_optimization_v2.0.50727_32 - ok 19:11:17.0775 3408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:11:17.0785 3408 clr_optimization_v2.0.50727_64 - ok 19:11:17.0866 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:11:17.0867 3408 clr_optimization_v4.0.30319_32 - ok 19:11:17.0887 3408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:11:17.0897 3408 clr_optimization_v4.0.30319_64 - ok 19:11:17.0927 3408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:11:17.0927 3408 CmBatt - ok 19:11:17.0947 3408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:11:17.0947 3408 cmdide - ok 19:11:17.0999 3408 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:11:18.0013 3408 CNG - ok 19:11:18.0035 3408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:11:18.0038 3408 Compbatt - ok 19:11:18.0059 3408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 19:11:18.0059 3408 CompositeBus - ok 19:11:18.0079 3408 COMSysApp - ok 19:11:18.0099 3408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:11:18.0099 3408 crcdisk - ok 19:11:18.0151 3408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:11:18.0151 3408 CryptSvc - ok 19:11:18.0191 3408 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 19:11:18.0201 3408 CSC - ok 19:11:18.0221 3408 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 19:11:18.0258 3408 CscService - ok 19:11:18.0303 3408 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 19:11:18.0313 3408 ctxusbm - ok 19:11:18.0363 3408 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 19:11:18.0373 3408 dc3d - ok 19:11:18.0425 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:11:18.0448 3408 DcomLaunch - ok 19:11:18.0485 3408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:11:18.0505 3408 defragsvc - ok 19:11:18.0545 3408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:11:18.0555 3408 DfsC - ok 19:11:18.0600 3408 dgderdrv - ok 19:11:18.0641 3408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:11:18.0647 3408 Dhcp - ok 19:11:18.0677 3408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:11:18.0687 3408 discache - ok 19:11:18.0729 3408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 19:11:18.0729 3408 Disk - ok 19:11:18.0864 3408 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys 19:11:18.0868 3408 DKbFltr - ok 19:11:18.0891 3408 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 19:11:18.0891 3408 dmvsc - ok 19:11:18.0931 3408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:11:18.0941 3408 Dnscache - ok 19:11:18.0978 3408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:11:18.0985 3408 dot3svc - ok 19:11:19.0030 3408 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys 19:11:19.0034 3408 dot4 - ok 19:11:19.0053 3408 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 19:11:19.0053 3408 Dot4Print - ok 19:11:19.0083 3408 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 19:11:19.0093 3408 dot4usb - ok 19:11:19.0116 3408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:11:19.0122 3408 DPS - ok 19:11:19.0145 3408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:11:19.0155 3408 drmkaud - ok 19:11:19.0195 3408 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe 19:11:19.0205 3408 DsiWMIService - ok 19:11:19.0263 3408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:11:19.0287 3408 DXGKrnl - ok 19:11:19.0337 3408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:11:19.0347 3408 EapHost - ok 19:11:19.0509 3408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 19:11:19.0571 3408 ebdrv - ok 19:11:19.0623 3408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:11:19.0633 3408 EFS - ok 19:11:19.0673 3408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:11:19.0699 3408 ehRecvr - ok 19:11:19.0713 3408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:11:19.0716 3408 ehSched - ok 19:11:19.0835 3408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:11:19.0863 3408 elxstor - ok 19:11:19.0887 3408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:11:19.0897 3408 ErrDev - ok 19:11:19.0947 3408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:11:19.0975 3408 EventSystem - ok 19:11:20.0010 3408 ew_hwusbdev - ok 19:11:20.0039 3408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:11:20.0044 3408 exfat - ok 19:11:20.0079 3408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:11:20.0079 3408 fastfat - ok 19:11:20.0131 3408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:11:20.0161 3408 Fax - ok 19:11:20.0201 3408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 19:11:20.0212 3408 fdc - ok 19:11:20.0263 3408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:11:20.0263 3408 fdPHost - ok 19:11:20.0283 3408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:11:20.0293 3408 FDResPub - ok 19:11:20.0324 3408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:11:20.0325 3408 FileInfo - ok 19:11:20.0345 3408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:11:20.0345 3408 Filetrace - ok 19:11:20.0365 3408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 19:11:20.0365 3408 flpydisk - ok 19:11:20.0395 3408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:11:20.0395 3408 FltMgr - ok 19:11:20.0455 3408 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:11:20.0488 3408 FontCache - ok 19:11:20.0557 3408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:11:20.0557 3408 FontCache3.0.0.0 - ok 19:11:20.0597 3408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:11:20.0597 3408 FsDepends - ok 19:11:20.0659 3408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:11:20.0661 3408 Fs_Rec - ok 19:11:20.0699 3408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:11:20.0709 3408 fvevol - ok 19:11:20.0729 3408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:11:20.0743 3408 gagp30kx - ok 19:11:20.0781 3408 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:11:20.0781 3408 GEARAspiWDM - ok 19:11:20.0811 3408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:11:20.0845 3408 gpsvc - ok 19:11:20.0913 3408 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:11:20.0923 3408 gusvc - ok 19:11:20.0943 3408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:11:20.0943 3408 hcw85cir - ok 19:11:20.0991 3408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:11:21.0013 3408 HdAudAddService - ok 19:11:21.0055 3408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:11:21.0055 3408 HDAudBus - ok 19:11:21.0075 3408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 19:11:21.0075 3408 HidBatt - ok 19:11:21.0098 3408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:11:21.0101 3408 HidBth - ok 19:11:21.0126 3408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 19:11:21.0131 3408 HidIr - ok 19:11:21.0157 3408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 19:11:21.0157 3408 hidserv - ok 19:11:21.0192 3408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:11:21.0195 3408 HidUsb - ok 19:11:21.0232 3408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:11:21.0237 3408 hkmsvc - ok 19:11:21.0270 3408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:11:21.0277 3408 HomeGroupListener - ok 19:11:21.0369 3408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:11:21.0389 3408 HomeGroupProvider - ok 19:11:21.0409 3408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:11:21.0409 3408 HpSAMD - ok 19:11:21.0447 3408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:11:21.0477 3408 HTTP - ok 19:11:21.0509 3408 huawei_cdcacm - ok 19:11:21.0511 3408 huawei_enumerator - ok 19:11:21.0558 3408 hwdatacard - ok 19:11:21.0588 3408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:11:21.0592 3408 hwpolicy - ok 19:11:21.0644 3408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:11:21.0648 3408 i8042prt - ok 19:11:21.0703 3408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:11:21.0713 3408 iaStorV - ok 19:11:21.0783 3408 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 19:11:21.0793 3408 IDriverT - ok 19:11:21.0849 3408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:11:21.0885 3408 idsvc - ok 19:11:22.0065 3408 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 19:11:22.0187 3408 igfx - ok 19:11:22.0225 3408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:11:22.0233 3408 iirsp - ok 19:11:22.0289 3408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:11:22.0329 3408 IKEEXT - ok 19:11:22.0382 3408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:11:22.0385 3408 intelide - ok 19:11:22.0487 3408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:11:22.0489 3408 intelppm - ok 19:11:22.0523 3408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:11:22.0523 3408 IPBusEnum - ok 19:11:22.0553 3408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:11:22.0563 3408 IpFilterDriver - ok 19:11:22.0608 3408 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:11:22.0619 3408 iphlpsvc - ok 19:11:22.0655 3408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:11:22.0659 3408 IPMIDRV - ok 19:11:22.0675 3408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:11:22.0675 3408 IPNAT - ok 19:11:22.0807 3408 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:11:22.0842 3408 iPod Service - ok 19:11:22.0883 3408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:11:22.0886 3408 IRENUM - ok 19:11:22.0939 3408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:11:22.0939 3408 isapnp - ok 19:11:22.0984 3408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:11:22.0993 3408 iScsiPrt - ok 19:11:23.0028 3408 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 19:11:23.0036 3408 k57nd60a - ok 19:11:23.0065 3408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:11:23.0068 3408 kbdclass - ok 19:11:23.0095 3408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:11:23.0098 3408 kbdhid - ok 19:11:23.0111 3408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:11:23.0121 3408 KeyIso - ok 19:11:23.0283 3408 Kilgray: memoQ update permissions manager. 2595325. - ok 19:11:23.0335 3408 Kilgray: memoQ update permissions manager. 340979. - ok 19:11:23.0355 3408 Kilgray: memoQ update permissions manager. 979430. - ok 19:11:23.0401 3408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:11:23.0405 3408 KSecDD - ok 19:11:23.0427 3408 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:11:23.0427 3408 KSecPkg - ok 19:11:23.0447 3408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:11:23.0447 3408 ksthunk - ok 19:11:23.0487 3408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:11:23.0504 3408 KtmRm - ok 19:11:23.0548 3408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 19:11:23.0557 3408 LanmanServer - ok 19:11:23.0575 3408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:11:23.0583 3408 LanmanWorkstation - ok 19:11:23.0630 3408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:11:23.0633 3408 lltdio - ok 19:11:23.0671 3408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:11:23.0679 3408 lltdsvc - ok 19:11:23.0699 3408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:11:23.0699 3408 lmhosts - ok 19:11:23.0741 3408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:11:23.0744 3408 LSI_FC - ok 19:11:23.0768 3408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:11:23.0771 3408 LSI_SAS - ok 19:11:23.0813 3408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 19:11:23.0816 3408 LSI_SAS2 - ok 19:11:23.0840 3408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:11:23.0845 3408 LSI_SCSI - ok 19:11:23.0869 3408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:11:23.0872 3408 luafv - ok 19:11:23.0921 3408 [ A13AC35BCDA983ACB8EF6FF025830508 ] Macro Expert c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe 19:11:23.0921 3408 Macro Expert - ok 19:11:23.0941 3408 [ 83BE0A161C995BCC42362311243905AA ] MacroExpertDirectIo c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys 19:11:23.0941 3408 MacroExpertDirectIo - ok 19:11:24.0022 3408 [ 87BF49F946C465C95A9ECCB9E97240E0 ] MAUSBMOBILEPRE C:\Windows\system32\DRIVERS\MAudioMobilePre.sys 19:11:24.0023 3408 MAUSBMOBILEPRE - ok 19:11:24.0078 3408 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 19:11:24.0083 3408 MBAMProtector - ok 19:11:24.0135 3408 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:11:24.0145 3408 MBAMScheduler - ok 19:11:24.0188 3408 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:11:24.0200 3408 MBAMService - ok 19:11:24.0227 3408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:11:24.0232 3408 Mcx2Svc - ok 19:11:24.0247 3408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 19:11:24.0247 3408 megasas - ok 19:11:24.0267 3408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 19:11:24.0281 3408 MegaSR - ok 19:11:24.0419 3408 [ AA017F00565A6DFAB7194E43EBA77312 ] Memopal Crawler C:\Program Files\Memopal\MemopalCrawler.exe 19:11:24.0479 3408 Memopal Crawler - ok 19:11:24.0514 3408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:11:24.0519 3408 MMCSS - ok 19:11:24.0541 3408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:11:24.0541 3408 Modem - ok 19:11:24.0613 3408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:11:24.0613 3408 monitor - ok 19:11:24.0663 3408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:11:24.0663 3408 mouclass - ok 19:11:24.0693 3408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:11:24.0693 3408 mouhid - ok 19:11:24.0723 3408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:11:24.0723 3408 mountmgr - ok 19:11:24.0823 3408 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:11:24.0829 3408 MozillaMaintenance - ok 19:11:24.0861 3408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:11:24.0865 3408 mpio - ok 19:11:24.0901 3408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:11:24.0904 3408 mpsdrv - ok 19:11:24.0945 3408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:11:24.0975 3408 MpsSvc - ok 19:11:25.0017 3408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:11:25.0017 3408 MRxDAV - ok 19:11:25.0057 3408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:11:25.0067 3408 mrxsmb - ok 19:11:25.0109 3408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:11:25.0118 3408 mrxsmb10 - ok 19:11:25.0159 3408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:11:25.0159 3408 mrxsmb20 - ok 19:11:25.0189 3408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:11:25.0189 3408 msahci - ok 19:11:25.0229 3408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:11:25.0229 3408 msdsm - ok 19:11:25.0281 3408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:11:25.0281 3408 MSDTC - ok 19:11:25.0338 3408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:11:25.0344 3408 Msfs - ok 19:11:25.0363 3408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:11:25.0363 3408 mshidkmdf - ok 19:11:25.0383 3408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:11:25.0383 3408 msisadrv - ok 19:11:25.0422 3408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:11:25.0430 3408 MSiSCSI - ok 19:11:25.0435 3408 msiserver - ok 19:11:25.0465 3408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:11:25.0465 3408 MSKSSRV - ok 19:11:25.0475 3408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:11:25.0485 3408 MSPCLOCK - ok 19:11:25.0500 3408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:11:25.0502 3408 MSPQM - ok 19:11:25.0527 3408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:11:25.0533 3408 MsRPC - ok 19:11:25.0572 3408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:11:25.0574 3408 mssmbios - ok 19:11:25.0647 3408 MSSQL$ACROSS - ok 19:11:25.0709 3408 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 19:11:25.0719 3408 MSSQLServerADHelper - ok 19:11:25.0749 3408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:11:25.0749 3408 MSTEE - ok 19:11:25.0759 3408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 19:11:25.0759 3408 MTConfig - ok 19:11:25.0779 3408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:11:25.0779 3408 Mup - ok 19:11:25.0831 3408 MySQL55 - ok 19:11:25.0913 3408 [ 086DA58F38AB4C690D594D223F6C4BC4 ] NalServ C:\Windows\SysWOW64\nalserv.exe 19:11:25.0923 3408 NalServ - ok 19:11:25.0953 3408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:11:25.0973 3408 napagent - ok 19:11:26.0016 3408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:11:26.0026 3408 NativeWifiP - ok 19:11:26.0165 3408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:11:26.0205 3408 NDIS - ok 19:11:26.0257 3408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:11:26.0260 3408 NdisCap - ok 19:11:26.0347 3408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:11:26.0357 3408 NdisTapi - ok 19:11:26.0447 3408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:11:26.0447 3408 Ndisuio - ok 19:11:26.0487 3408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:11:26.0487 3408 NdisWan - ok 19:11:26.0529 3408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:11:26.0532 3408 NDProxy - ok 19:11:26.0589 3408 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 19:11:26.0592 3408 Netaapl - ok 19:11:26.0599 3408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:11:26.0609 3408 NetBIOS - ok 19:11:26.0629 3408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:11:26.0640 3408 NetBT - ok 19:11:26.0661 3408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:11:26.0665 3408 Netlogon - ok 19:11:26.0711 3408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:11:26.0731 3408 Netman - ok 19:11:26.0811 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:11:26.0821 3408 NetMsmqActivator - ok 19:11:26.0851 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:11:26.0851 3408 NetPipeActivator - ok 19:11:26.0880 3408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:11:26.0903 3408 netprofm - ok 19:11:26.0913 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:11:26.0915 3408 NetTcpActivator - ok 19:11:26.0926 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:11:26.0929 3408 NetTcpPortSharing - ok 19:11:26.0953 3408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:11:26.0956 3408 nfrd960 - ok 19:11:27.0083 3408 [ BEEBF29E6F01D2810313B0FD89EC933B ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe 19:11:27.0103 3408 NitroDriverReadSpool - ok 19:11:27.0173 3408 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:11:27.0183 3408 NlaSvc - ok 19:11:27.0213 3408 [ 23688F610A5A16DD8B4D93D2F7BD44F6 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE 19:11:27.0253 3408 nlsX86cc - ok 19:11:27.0305 3408 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys 19:11:27.0305 3408 NPF - ok 19:11:27.0325 3408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:11:27.0325 3408 Npfs - ok 19:11:27.0367 3408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:11:27.0372 3408 nsi - ok 19:11:27.0407 3408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:11:27.0407 3408 nsiproxy - ok 19:11:27.0479 3408 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:11:27.0532 3408 Ntfs - ok 19:11:27.0581 3408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:11:27.0587 3408 Null - ok 19:11:27.0649 3408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:11:27.0652 3408 nvraid - ok 19:11:27.0724 3408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:11:27.0734 3408 nvstor - ok 19:11:27.0774 3408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:11:27.0774 3408 nv_agp - ok 19:11:27.0976 3408 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:11:27.0996 3408 odserv - ok 19:11:28.0016 3408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:11:28.0019 3408 ohci1394 - ok 19:11:28.0340 3408 [ C869AF1D8CA9DF8BD2591C87F738F22A ] OracleDBConsoleorcl C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe 19:11:28.0350 3408 OracleDBConsoleorcl - ok 19:11:28.0360 3408 OracleJobSchedulerORCL - ok 19:11:28.0407 3408 [ DDF3E95F80DCD49D44AB6B88D55D5C60 ] OracleOraDb10g_home1iSQL*Plus C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe 19:11:28.0410 3408 OracleOraDb10g_home1iSQL*Plus - ok 19:11:28.0442 3408 OracleOraDb10g_home1TNSListener - ok 19:11:28.0462 3408 OracleServiceORCL - ok 19:11:28.0502 3408 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:11:28.0514 3408 ose - ok 19:11:28.0664 3408 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:11:28.0766 3408 osppsvc - ok 19:11:28.0818 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:11:28.0848 3408 p2pimsvc - ok 19:11:28.0878 3408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:11:28.0894 3408 p2psvc - ok 19:11:28.0929 3408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 19:11:28.0932 3408 Parport - ok 19:11:28.0981 3408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:11:28.0985 3408 partmgr - ok 19:11:29.0013 3408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:11:29.0022 3408 PcaSvc - ok 19:11:29.0048 3408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:11:29.0053 3408 pci - ok 19:11:29.0081 3408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:11:29.0092 3408 pciide - ok 19:11:29.0112 3408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:11:29.0122 3408 pcmcia - ok 19:11:29.0142 3408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:11:29.0142 3408 pcw - ok 19:11:29.0176 3408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:11:29.0204 3408 PEAUTH - ok 19:11:29.0380 3408 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:11:29.0406 3408 PeerDistSvc - ok 19:11:29.0446 3408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:11:29.0462 3408 PerfHost - ok 19:11:29.0595 3408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:11:29.0658 3408 pla - ok 19:11:29.0718 3408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:11:29.0748 3408 PlugPlay - ok 19:11:29.0768 3408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:11:29.0778 3408 PNRPAutoReg - ok 19:11:29.0807 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:11:29.0813 3408 PNRPsvc - ok 19:11:29.0846 3408 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 19:11:29.0848 3408 Point64 - ok 19:11:29.0883 3408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:11:29.0905 3408 PolicyAgent - ok 19:11:29.0930 3408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:11:29.0940 3408 Power - ok 19:11:29.0976 3408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:11:29.0980 3408 PptpMiniport - ok 19:11:30.0002 3408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 19:11:30.0005 3408 Processor - ok 19:11:30.0052 3408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:11:30.0062 3408 ProfSvc - ok 19:11:30.0092 3408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:11:30.0092 3408 ProtectedStorage - ok 19:11:30.0164 3408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:11:30.0164 3408 Psched - ok 19:11:30.0204 3408 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 19:11:30.0214 3408 PxHlpa64 - ok 19:11:30.0264 3408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:11:30.0294 3408 ql2300 - ok 19:11:30.0314 3408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:11:30.0324 3408 ql40xx - ok 19:11:30.0353 3408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:11:30.0356 3408 QWAVE - ok 19:11:30.0376 3408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:11:30.0376 3408 QWAVEdrv - ok 19:11:30.0414 3408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:11:30.0417 3408 RasAcd - ok 19:11:30.0454 3408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:11:30.0457 3408 RasAgileVpn - ok 19:11:30.0477 3408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:11:30.0484 3408 RasAuto - ok 19:11:30.0499 3408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:11:30.0504 3408 Rasl2tp - ok 19:11:30.0550 3408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:11:30.0569 3408 RasMan - ok 19:11:30.0629 3408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:11:30.0632 3408 RasPppoe - ok 19:11:30.0664 3408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:11:30.0667 3408 RasSstp - ok 19:11:30.0690 3408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:11:30.0699 3408 rdbss - ok 19:11:30.0715 3408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:11:30.0718 3408 rdpbus - ok 19:11:30.0730 3408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:11:30.0733 3408 RDPCDD - ok 19:11:30.0781 3408 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:11:30.0786 3408 RDPDR - ok 19:11:30.0828 3408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:11:30.0828 3408 RDPENCDD - ok 19:11:30.0878 3408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:11:30.0878 3408 RDPREFMP - ok 19:11:30.0946 3408 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:11:30.0949 3408 RdpVideoMiniport - ok 19:11:30.0997 3408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:11:31.0003 3408 RDPWD - ok 19:11:31.0033 3408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:11:31.0039 3408 rdyboost - ok 19:11:31.0050 3408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:11:31.0060 3408 RemoteAccess - ok 19:11:31.0086 3408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:11:31.0094 3408 RemoteRegistry - ok 19:11:31.0132 3408 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:11:31.0142 3408 RFCOMM - ok 19:11:31.0182 3408 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 19:11:31.0182 3408 RimUsb - ok 19:11:31.0264 3408 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 19:11:31.0274 3408 RimVSerPort - ok 19:11:31.0294 3408 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 19:11:31.0304 3408 ROOTMODEM - ok 19:11:31.0404 3408 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe 19:11:31.0414 3408 rpcapd - ok 19:11:31.0444 3408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:11:31.0454 3408 RpcEptMapper - ok 19:11:31.0514 3408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:11:31.0514 3408 RpcLocator - ok 19:11:31.0544 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:11:31.0544 3408 RpcSs - ok 19:11:31.0593 3408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:11:31.0597 3408 rspndr - ok 19:11:31.0621 3408 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:11:31.0624 3408 s3cap - ok 19:11:31.0642 3408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:11:31.0645 3408 SamSs - ok 19:11:31.0687 3408 [ 742112CE7ABB11DC17A561B4291BE9C6 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys 19:11:31.0692 3408 SbieDrv - ok 19:11:31.0722 3408 [ 2419ED7E333B2BC2F81E50A6F5923FC6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe 19:11:31.0726 3408 SbieSvc - ok 19:11:31.0768 3408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:11:31.0772 3408 sbp2port - ok 19:11:31.0796 3408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:11:31.0806 3408 SCardSvr - ok 19:11:31.0828 3408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:11:31.0832 3408 scfilter - ok 19:11:31.0868 3408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:11:31.0898 3408 Schedule - ok 19:11:32.0018 3408 [ CB7166B04F774E2E2705E561E48FE023 ] SCPDFReadSpool C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe 19:11:32.0025 3408 SCPDFReadSpool - ok 19:11:32.0061 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:11:32.0063 3408 SCPolicySvc - ok 19:11:32.0090 3408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:11:32.0100 3408 SDRSVC - ok 19:11:32.0140 3408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:11:32.0140 3408 secdrv - ok 19:11:32.0160 3408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:11:32.0160 3408 seclogon - ok 19:11:32.0222 3408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 19:11:32.0222 3408 SENS - ok 19:11:32.0232 3408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:11:32.0242 3408 SensrSvc - ok 19:11:32.0262 3408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 19:11:32.0262 3408 Serenum - ok 19:11:32.0287 3408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 19:11:32.0290 3408 Serial - ok 19:11:32.0311 3408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:11:32.0313 3408 sermouse - ok 19:11:32.0354 3408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:11:32.0354 3408 SessionEnv - ok 19:11:32.0395 3408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:11:32.0398 3408 sffdisk - ok 19:11:32.0415 3408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:11:32.0418 3408 sffp_mmc - ok 19:11:32.0427 3408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:11:32.0430 3408 sffp_sd - ok 19:11:32.0443 3408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:11:32.0445 3408 sfloppy - ok 19:11:32.0501 3408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:11:32.0536 3408 SharedAccess - ok 19:11:32.0634 3408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:11:32.0650 3408 ShellHWDetection - ok 19:11:32.0660 3408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 19:11:32.0670 3408 SiSRaid2 - ok 19:11:32.0680 3408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:11:32.0691 3408 SiSRaid4 - ok 19:11:32.0748 3408 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:11:32.0753 3408 SkypeUpdate - ok 19:11:32.0840 3408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:11:32.0861 3408 Smb - ok 19:11:32.0937 3408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:11:32.0943 3408 SNMPTRAP - ok 19:11:32.0961 3408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:11:32.0964 3408 spldr - ok 19:11:33.0003 3408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:11:33.0020 3408 Spooler - ok 19:11:33.0102 3408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:11:33.0184 3408 sppsvc - ok 19:11:33.0214 3408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:11:33.0236 3408 sppuinotify - ok 19:11:33.0336 3408 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys 19:11:33.0336 3408 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2 19:11:33.0336 3408 sptd ( LockedFile.Multi.Generic ) - warning 19:11:33.0336 3408 sptd - detected LockedFile.Multi.Generic (1) 19:11:33.0488 3408 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 19:11:33.0488 3408 SQLBrowser - ok 19:11:33.0580 3408 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:11:33.0586 3408 SQLWriter - ok 19:11:33.0655 3408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:11:33.0664 3408 srv - ok 19:11:33.0700 3408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:11:33.0712 3408 srv2 - ok 19:11:33.0750 3408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:11:33.0756 3408 srvnet - ok 19:11:33.0802 3408 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 19:11:33.0812 3408 ssadbus - ok 19:11:33.0832 3408 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 19:11:33.0832 3408 ssadmdfl - ok 19:11:33.0852 3408 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 19:11:33.0862 3408 ssadmdm - ok 19:11:33.0894 3408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:11:33.0894 3408 SSDPSRV - ok 19:11:33.0934 3408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:11:33.0941 3408 SstpSvc - ok 19:11:33.0964 3408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 19:11:33.0968 3408 stexstor - ok 19:11:34.0013 3408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:11:34.0044 3408 stisvc - ok 19:11:34.0074 3408 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:11:34.0077 3408 storflt - ok 19:11:34.0096 3408 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:11:34.0096 3408 storvsc - ok 19:11:34.0116 3408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:11:34.0116 3408 swenum - ok 19:11:34.0206 3408 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:11:34.0216 3408 SwitchBoard - ok 19:11:34.0262 3408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:11:34.0270 3408 swprv - ok 19:11:34.0302 3408 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 19:11:34.0305 3408 Synth3dVsc - ok 19:11:34.0333 3408 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:11:34.0338 3408 SynTP - ok 19:11:34.0388 3408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:11:34.0428 3408 SysMain - ok 19:11:34.0458 3408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:11:34.0458 3408 TabletInputService - ok 19:11:34.0492 3408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:11:34.0512 3408 TapiSrv - ok 19:11:34.0552 3408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:11:34.0568 3408 TBS - ok 19:11:34.0632 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:11:34.0684 3408 Tcpip - ok 19:11:34.0776 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:11:34.0800 3408 TCPIP6 - ok 19:11:34.0836 3408 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:11:34.0839 3408 tcpipreg - ok 19:11:34.0868 3408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:11:34.0868 3408 TDPIPE - ok 19:11:34.0908 3408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:11:34.0908 3408 TDTCP - ok 19:11:34.0928 3408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:11:34.0928 3408 tdx - ok 19:11:35.0058 3408 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 19:11:35.0120 3408 TeamViewer7 - ok 19:11:35.0166 3408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:11:35.0169 3408 TermDD - ok 19:11:35.0194 3408 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys 19:11:35.0222 3408 terminpt - ok 19:11:35.0392 3408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:11:35.0412 3408 TermService - ok 19:11:35.0432 3408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:11:35.0432 3408 Themes - ok 19:11:35.0460 3408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:11:35.0464 3408 THREADORDER - ok 19:11:35.0491 3408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:11:35.0497 3408 TrkWks - ok 19:11:35.0534 3408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:11:35.0544 3408 TrustedInstaller - ok 19:11:35.0580 3408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:11:35.0583 3408 tssecsrv - ok 19:11:35.0608 3408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:11:35.0611 3408 TsUsbFlt - ok 19:11:35.0632 3408 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 19:11:35.0636 3408 TsUsbGD - ok 19:11:35.0658 3408 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 19:11:35.0662 3408 tsusbhub - ok 19:11:35.0695 3408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:11:35.0698 3408 tunnel - ok 19:11:35.0717 3408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:11:35.0720 3408 uagp35 - ok 19:11:35.0747 3408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:11:35.0755 3408 udfs - ok 19:11:35.0800 3408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:11:35.0806 3408 UI0Detect - ok 19:11:35.0846 3408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:11:35.0846 3408 uliagpkx - ok 19:11:35.0866 3408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:11:35.0876 3408 umbus - ok 19:11:35.0886 3408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 19:11:35.0886 3408 UmPass - ok 19:11:35.0911 3408 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 19:11:35.0920 3408 UmRdpService - ok 19:11:35.0948 3408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:11:35.0973 3408 upnphost - ok 19:11:36.0017 3408 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 19:11:36.0021 3408 USBAAPL64 - ok 19:11:36.0076 3408 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:11:36.0080 3408 usbaudio - ok 19:11:36.0128 3408 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:11:36.0138 3408 usbccgp - ok 19:11:36.0188 3408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:11:36.0188 3408 usbcir - ok 19:11:36.0228 3408 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:11:36.0228 3408 usbehci - ok 19:11:36.0280 3408 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:11:36.0290 3408 usbhub - ok 19:11:36.0300 3408 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:11:36.0310 3408 usbohci - ok 19:11:36.0334 3408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:11:36.0352 3408 usbprint - ok 19:11:36.0392 3408 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:11:36.0392 3408 usbscan - ok 19:11:36.0432 3408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:11:36.0432 3408 USBSTOR - ok 19:11:36.0452 3408 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:11:36.0452 3408 usbuhci - ok 19:11:36.0472 3408 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:11:36.0487 3408 usbvideo - ok 19:11:36.0524 3408 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 19:11:36.0524 3408 usb_rndisx - ok 19:11:36.0554 3408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:11:36.0564 3408 UxSms - ok 19:11:36.0590 3408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:11:36.0594 3408 VaultSvc - ok 19:11:36.0633 3408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:11:36.0643 3408 vdrvroot - ok 19:11:36.0686 3408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:11:36.0706 3408 vds - ok 19:11:36.0736 3408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:11:36.0746 3408 vga - ok 19:11:36.0778 3408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:11:36.0778 3408 VgaSave - ok 19:11:36.0798 3408 VGPU - ok 19:11:36.0839 3408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 19:11:36.0844 3408 vhdmp - ok 19:11:36.0870 3408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:11:36.0870 3408 viaide - ok 19:11:36.0910 3408 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:11:36.0910 3408 vmbus - ok 19:11:36.0930 3408 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:11:36.0930 3408 VMBusHID - ok 19:11:36.0940 3408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:11:36.0950 3408 volmgr - ok 19:11:36.0981 3408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:11:36.0991 3408 volmgrx - ok 19:11:37.0022 3408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:11:37.0029 3408 volsnap - ok 19:11:37.0056 3408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:11:37.0062 3408 vsmraid - ok 19:11:37.0172 3408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:11:37.0182 3408 VSS - ok 19:11:37.0223 3408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:11:37.0231 3408 vwifibus - ok 19:11:37.0274 3408 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:11:37.0274 3408 vwififlt - ok 19:11:37.0314 3408 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 19:11:37.0324 3408 vwifimp - ok 19:11:37.0354 3408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:11:37.0374 3408 W32Time - ok 19:11:37.0444 3408 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 19:11:37.0454 3408 W3SVC - ok 19:11:37.0464 3408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:11:37.0464 3408 WacomPen - ok 19:11:37.0500 3408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:11:37.0505 3408 WANARP - ok 19:11:37.0515 3408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:11:37.0517 3408 Wanarpv6 - ok 19:11:37.0536 3408 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 19:11:37.0540 3408 WAS - ok 19:11:37.0585 3408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:11:37.0601 3408 wbengine - ok 19:11:37.0651 3408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:11:37.0656 3408 WbioSrvc - ok 19:11:37.0700 3408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:11:37.0758 3408 wcncsvc - ok 19:11:37.0830 3408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:11:37.0840 3408 WcsPlugInService - ok 19:11:37.0870 3408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 19:11:37.0870 3408 Wd - ok 19:11:37.0922 3408 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:11:37.0952 3408 Wdf01000 - ok 19:11:37.0990 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:11:37.0997 3408 WdiServiceHost - ok 19:11:38.0037 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:11:38.0043 3408 WdiSystemHost - ok 19:11:38.0063 3408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:11:38.0073 3408 WebClient - ok 19:11:38.0094 3408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:11:38.0108 3408 Wecsvc - ok 19:11:38.0130 3408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:11:38.0137 3408 wercplsupport - ok 19:11:38.0164 3408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:11:38.0174 3408 WerSvc - ok 19:11:38.0214 3408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:11:38.0224 3408 WfpLwf - ok 19:11:38.0256 3408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:11:38.0259 3408 WIMMount - ok 19:11:38.0276 3408 WinDefend - ok 19:11:38.0329 3408 WinHttpAutoProxySvc - ok 19:11:38.0377 3408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:11:38.0382 3408 Winmgmt - ok 19:11:38.0468 3408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:11:38.0510 3408 WinRM - ok 19:11:38.0613 3408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:11:38.0616 3408 WinUsb - ok 19:11:38.0655 3408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:11:38.0681 3408 Wlansvc - ok 19:11:38.0762 3408 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:11:38.0762 3408 wlcrasvc - ok 19:11:38.0874 3408 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:11:38.0924 3408 wlidsvc - ok 19:11:38.0980 3408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 19:11:38.0982 3408 WmiAcpi - ok 19:11:39.0036 3408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:11:39.0041 3408 wmiApSrv - ok 19:11:39.0074 3408 WMPNetworkSvc - ok 19:11:39.0095 3408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:11:39.0101 3408 WPCSvc - ok 19:11:39.0123 3408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:11:39.0131 3408 WPDBusEnum - ok 19:11:39.0148 3408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:11:39.0151 3408 ws2ifsl - ok 19:11:39.0170 3408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 19:11:39.0178 3408 wscsvc - ok 19:11:39.0188 3408 WSearch - ok 19:11:39.0286 3408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:11:39.0346 3408 wuauserv - ok 19:11:39.0408 3408 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:11:39.0478 3408 WudfPf - ok 19:11:39.0518 3408 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:11:39.0518 3408 WUDFRd - ok 19:11:39.0564 3408 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:11:39.0572 3408 wudfsvc - ok 19:11:39.0597 3408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:11:39.0607 3408 WwanSvc - ok 19:11:39.0691 3408 ================ Scan global =============================== 19:11:39.0711 3408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:11:39.0755 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 19:11:39.0772 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 19:11:39.0830 3408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:11:39.0882 3408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:11:39.0902 3408 [Global] - ok 19:11:39.0902 3408 ================ Scan MBR ================================== 19:11:39.0912 3408 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0 19:11:39.0992 3408 \Device\Harddisk0\DR0 - ok 19:11:39.0996 3408 ================ Scan VBR ================================== 19:11:40.0006 3408 [ B503E589A32D80A0DD6EAF807DFDB8A1 ] \Device\Harddisk0\DR0\Partition1 19:11:40.0008 3408 \Device\Harddisk0\DR0\Partition1 - ok 19:11:40.0020 3408 [ 0413212A10E90186F0593B5000B38309 ] \Device\Harddisk0\DR0\Partition2 19:11:40.0023 3408 \Device\Harddisk0\DR0\Partition2 - ok 19:11:40.0046 3408 [ 056695688656D284A15371AF353DA51C ] \Device\Harddisk0\DR0\Partition3 19:11:40.0049 3408 \Device\Harddisk0\DR0\Partition3 - ok 19:11:40.0050 3408 ============================================================ 19:11:40.0050 3408 Scan finished 19:11:40.0050 3408 ============================================================ 19:11:40.0086 7536 Detected object count: 1 19:11:40.0086 7536 Actual detected object count: 1 19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-22 19:13:34 ----------------------------- 19:13:34.753 OS Version: Windows x64 6.1.7601 Service Pack 1 19:13:34.753 Number of processors: 2 586 0x170A 19:13:34.754 ComputerName: ZINGARO-PC UserName: Zingaro 19:13:37.040 Initialize success 19:13:38.385 AVAST engine defs: 12112200 19:14:10.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:14:10.941 Disk 0 Vendor: ST9320421ASG SD13 Size: 305245MB BusType: 11 19:14:11.033 Disk 0 MBR read successfully 19:14:11.043 Disk 0 MBR scan 19:14:11.043 Disk 0 unknown MBR code 19:14:11.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 19:14:11.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80000 MB offset 208845 19:14:11.073 Disk 0 Partition - 00 05 Extended 225142 MB offset 164050942 19:14:11.093 Disk 0 Partition 3 00 83 Linux 20000 MB offset 164050944 19:14:11.103 Disk 0 Partition - 00 05 Extended 4025 MB offset 616898560 19:14:11.163 Disk 0 scanning C:\Windows\system32\drivers 19:14:26.890 Service scanning 19:14:49.349 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 19:14:56.911 Modules scanning 19:14:56.931 Disk 0 trace - called modules: 19:14:56.951 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 19:14:56.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5c0d0] 19:14:56.970 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046f5060] 19:14:56.979 \Driver\atapi[0xfffffa80046a8da0] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0 19:14:57.524 AVAST engine scan C:\Windows 19:15:00.402 AVAST engine scan C:\Windows\system32 19:18:42.751 AVAST engine scan C:\Windows\system32\drivers 19:18:56.849 AVAST engine scan C:\Users\Zingaro 19:19:56.741 Disk 0 MBR has been saved successfully to "A:\Desktop\MBR.dat" 19:19:56.902 The log file has been saved successfully to "A:\Desktop\aswMBR.txt"
  4. Zingaro
    Hi Gringo, Sorry about my last post -- no idea why it did that, it looked fine before I posted it. I appreciate your help so far. After 5 days, I can fairly confidently confirm this problem has disappeared. I didn't reply because I run a lot of programs so it's not easy for me to reboot unless I absolutely have to. I finally managed some time to do that today and run ComboFix. However, I noticed that an old problem, unrelated to this one, is back: my computer won't create System Restore points. This happened after I re-enabled UAC. chris helped me with this issue last July. http://forums.malwarebytes.org/index.php?showtopic=88903 Shall I start a new thread? Thanks again, Marc Here, as you requested, the ComboFix log: ComboFix 12-11-22.02 - Zingaro 22/11/2012 11:27:55.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.2678 [GMT 1:00] Running from: a:\downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . a:\documents\Readiris.DUS c:\programdata\ZeoBIT c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 ))))))))))))))))))))))))))))))) . . 2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL 2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International 2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL 2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL 2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL 2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE 2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK 2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL 2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes 2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes 2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11 2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro 2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003 2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle 2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle 2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software 2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software 2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal 2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith 2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3 2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN 2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games 2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT 2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games 2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT 2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll 2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll 2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll 2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll 2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs 2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 08:21 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 08:21 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp] @="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}" [HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError] @="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}" [HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp] @="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}" [HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup] @="{2CDD871E-60EB-40BD-9721-A1CB57042F75}" [HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}] 2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480] Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120] R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549] R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x] R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312] R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x] R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320] S2 Kilgray: memoQ update permissions manager. 9841208.;Kilgray: memoQ update permissions manager. 9841208.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-08-27 696320] S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120] S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928] S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job - c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03] . 2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job - c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp] @="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}" [HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError] @="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}" [HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp] @="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}" [HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup] @="{2CDD871E-60EB-40BD-9721-A1CB57042F75}" [HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}] 2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://webmail.inghams.co.uk/exchange/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.178.1 192.168.0.1 FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\ FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com . . ------- File Associations ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) URLSearchHooks-{e5b66461-19eb-4da5-bbf7-df2d266d975b} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.] "ImagePath"="c:\program files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 9841208.] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener] "ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR " . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*] "bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68, 64,6b,69,6a,6c,69,6c,6e,6a,65,00,76 "abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68, 64,6b,69,6a,6c,69,6c,6e,6a,65,00,76 . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c, a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000140 "Therad"=dword:00000025 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81, 51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81, 51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-22 11:44:10 ComboFix-quarantined-files.txt 2012-11-22 10:44 . Pre-Run: 3,343,519,744 bytes free Post-Run: 5,908,033,536 bytes free . - - End Of File - - FBA5CD2EB1B9ECC02AC233A6CF58538E
  5. Zingaro
    <p>Ok sure,</p> <p> </p> <div>Here are the logs you've asked for, in order. Would you mind confirming which app "fixed" it? Was it roguekiller as I suspected?</div> <div> </div> <div> Results of screen317's Security Check version 0.99.54 </div> <div> Windows 7 Service Pack 1 x64 (UAC is disabled!) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div>avast! Antivirus </div> <div> Antivirus up to date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Malwarebytes Anti-Malware version 1.65.1.1000 </div> <div> JavaFX 2.1.1 </div> <div> Java 6 Update 24 </div> <div> Java 6 Update 32 </div> <div> Java 7 Update 7 </div> <div> Java version out of Date! </div> <div> Adobe Flash Player 11.4.402.287 </div> <div> Mozilla Firefox (16.0.2) </div> <div> Google Chrome 21.0.1180.79 </div> <div> Google Chrome 21.0.1180.89 </div> <div> Google Chrome 22.0.1229.79 </div> <div> Google Chrome 22.0.1229.92 </div> <div> Google Chrome 22.0.1229.94 </div> <div> Google Chrome 23.0.1271.64 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> Malwarebytes Anti-Malware mbamservice.exe </div> <div> Malwarebytes Anti-Malware mbamgui.exe </div> <div> Malwarebytes' Anti-Malware mbamscheduler.exe </div> <div> AVAST Software Avast AvastUI.exe </div> <div> AVAST Software Avast AvastSvc.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 5% </div> <div>````````````````````End of Log`````````````````````` </div> <div> </div> <div> </div> <div> </div> <div># AdwCleaner v2.008 - Logfile created 11/18/2012 at 04:17:57</div> <div># Updated 17/11/2012 by Xplode</div> <div># Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)</div> <div># User : Zingaro - ZINGARO-PC</div> <div># Boot Mode : Normal</div> <div># Running from : A:\Downloads\adwcleaner.exe</div> <div># Option [Delete]</div> <div> </div> <div> </div> <div>***** [services] *****</div> <div> </div> <div> </div> <div>***** [Files / Folders] *****</div> <div> </div> <div>File Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\searchplugins\Conduit.xml</div> <div>Folder Deleted : C:\Program Files (x86)\Conduit</div> <div>Folder Deleted : C:\Users\Zingaro\AppData\Local\Conduit</div> <div>Folder Deleted : C:\Users\Zingaro\AppData\Local\TempDir</div> <div>Folder Deleted : C:\Users\Zingaro\AppData\LocalLow\Conduit</div> <div>Folder Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\ConduitCommon</div> <div> </div> <div>***** [Registry] *****</div> <div> </div> <div>Key Deleted : HKCU\Software\Ask&Record</div> <div>Key Deleted : HKCU\Software\Conduit</div> <div>Key Deleted : HKCU\Software\Softonic</div> <div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div> <div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933</div> <div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3019965</div> <div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}</div> <div>Key Deleted : HKLM\Software\Conduit</div> <div>Key Deleted : HKLM\Software\Freeze.com</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}</div> <div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div> <div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div> <div> </div> <div>***** [internet Browsers] *****</div> <div> </div> <div>-\\ Internet Explorer v9.0.8112.16421</div> <div> </div> <div>[OK] Registry is clean.</div> <div> </div> <div>-\\ Mozilla Firefox v16.0.2 (en-US)</div> <div> </div> <div>Profile name : default </div> <div>File : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\prefs.js</div> <div> </div> <div>Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]</div> <div>Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");</div> <div>Deleted : user_pref("CT1060933.ValidationData_Toolbar", 0);</div> <div>Deleted : user_pref("CT3019965..clientLogIsEnabled", false);</div> <div>Deleted : user_pref("CT3019965..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]</div> <div>Deleted : user_pref("CT3019965..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]</div> <div>Deleted : user_pref("CT3019965.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</div> <div>Deleted : user_pref("CT3019965.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</div> <div>Deleted : user_pref("CT3019965.CTID", "CT3019965");</div> <div>Deleted : user_pref("CT3019965.CurrentServerDate", "21-2-2012");</div> <div>Deleted : user_pref("CT3019965.DSInstall", false);</div> <div>Deleted : user_pref("CT3019965.DialogsAlignMode", "LTR");</div> <div>Deleted : user_pref("CT3019965.DialogsGetterLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.DownloadReferralCookieData", "");</div> <div>Deleted : user_pref("CT3019965.FirstServerDate", "21-2-2012");</div> <div>Deleted : user_pref("CT3019965.FirstTime", true);</div> <div>Deleted : user_pref("CT3019965.FirstTimeFF3", true);</div> <div>Deleted : user_pref("CT3019965.FixPageNotFoundErrors", true);</div> <div>Deleted : user_pref("CT3019965.GroupingServerCheckInterval", 1440);</div> <div>Deleted : user_pref("CT3019965.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</div> <div>Deleted : user_pref("CT3019965.HPInstall", false);</div> <div>Deleted : user_pref("CT3019965.HasUserGlobalKeys", true);</div> <div>Deleted : user_pref("CT3019965.Initialize", true);</div> <div>Deleted : user_pref("CT3019965.InitializeCommonPrefs", true);</div> <div>Deleted : user_pref("CT3019965.InstallationAndCookieDataSentCount", 1);</div> <div>Deleted : user_pref("CT3019965.InstallationType", "UnknownIntegration");</div> <div>Deleted : user_pref("CT3019965.InstalledDate", "Tue Feb 21 2012 14:01:36 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.InvalidateCache", false);</div> <div>Deleted : user_pref("CT3019965.IsGrouping", false);</div> <div>Deleted : user_pref("CT3019965.IsInitSetupIni", true);</div> <div>Deleted : user_pref("CT3019965.IsMulticommunity", false);</div> <div>Deleted : user_pref("CT3019965.IsOpenThankYouPage", false);</div> <div>Deleted : user_pref("CT3019965.IsOpenUninstallPage", false);</div> <div>Deleted : user_pref("CT3019965.LanguagePackLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.LanguagePackReloadIntervalMM", 1440);</div> <div>Deleted : user_pref("CT3019965.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]</div> <div>Deleted : user_pref("CT3019965.LastLogin_3.9.0.3", "Tue Feb 21 2012 14:01:38 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.LatestVersion", "3.9.0.3");</div> <div>Deleted : user_pref("CT3019965.Locale", "en");</div> <div>Deleted : user_pref("CT3019965.MCDetectTooltipHeight", "83");</div> <div>Deleted : user_pref("CT3019965.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</div> <div>Deleted : user_pref("CT3019965.MCDetectTooltipWidth", "295");</div> <div>Deleted : user_pref("CT3019965.MyStuffEnabledAtInstallation", true);</div> <div>Deleted : user_pref("CT3019965.OriginalFirstVersion", "3.9.0.3");</div> <div>Deleted : user_pref("CT3019965.RadioIsPodcast", false);</div> <div>Deleted : user_pref("CT3019965.RadioLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.RadioLastUpdateIPServer", "3");</div> <div>Deleted : user_pref("CT3019965.RadioLastUpdateServer", "129553465309070000");</div> <div>Deleted : user_pref("CT3019965.RadioMediaID", "21917990");</div> <div>Deleted : user_pref("CT3019965.RadioMediaType", "Media Player");</div> <div>Deleted : user_pref("CT3019965.RadioMenuSelectedID", "EBRadioMenu_CT301996521917990");</div> <div>Deleted : user_pref("CT3019965.RadioShrinkedFromSetup", false);</div> <div>Deleted : user_pref("CT3019965.RadioStationName", "California%20Rock%20-%20Rock");</div> <div>Deleted : user_pref("CT3019965.RadioStationURL", "hxxp://www.feedlive.net/california.asx");</div> <div>Deleted : user_pref("CT3019965.SearchCaption", "Free Media Recorder Customized Web Search");</div> <div>Deleted : user_pref("CT3019965.SearchFromAddressBarIsInit", true);</div> <div>Deleted : user_pref("CT3019965.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]</div> <div>Deleted : user_pref("CT3019965.SearchInNewTabEnabled", true);</div> <div>Deleted : user_pref("CT3019965.SearchInNewTabIntervalMM", 1440);</div> <div>Deleted : user_pref("CT3019965.SearchInNewTabLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]</div> <div>Deleted : user_pref("CT3019965.SendProtectorDataViaLogin", true);</div> <div>Deleted : user_pref("CT3019965.ServiceMapLastCheckTime", "Tue Feb 21 2012 14:00:45 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.SettingsLastCheckTime", "Tue Feb 21 2012 14:00:46 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.SettingsLastUpdate", "1326723880");</div> <div>Deleted : user_pref("CT3019965.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3019965&SearchSource=13");</div> <div>Deleted : user_pref("CT3019965.ThirdPartyComponentsInterval", 504);</div> <div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastCheck", "Tue Feb 21 2012 14:00:45 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastUpdate", "1312887586");</div> <div>Deleted : user_pref("CT3019965.ToolbarShrinkedFromSetup", false);</div> <div>Deleted : user_pref("CT3019965.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3019965");</div> <div>Deleted : user_pref("CT3019965.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]</div> <div>Deleted : user_pref("CT3019965.UserID", "UN99461317577814585");</div> <div>Deleted : user_pref("CT3019965.ValidationData_Toolbar", 2);</div> <div>Deleted : user_pref("CT3019965.alertChannelId", "1411551");</div> <div>Deleted : user_pref("CT3019965.appApproved.129550210578713658", true);</div> <div>Deleted : user_pref("CT3019965.backendstorage.hxxp://cdn_freemediarecorder_com/toolbar.downloadtype", "6264");</div> <div>Deleted : user_pref("CT3019965.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]</div> <div>Deleted : user_pref("CT3019965.globalFirstTimeInfoLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.homepageProtectorEnableByLogin", true);</div> <div>Deleted : user_pref("CT3019965.initDone", true);</div> <div>Deleted : user_pref("CT3019965.isAppTrackingManagerOn", true);</div> <div>Deleted : user_pref("CT3019965.isFirstRadioInstallation", false);</div> <div>Deleted : user_pref("CT3019965.myStuffEnabled", true);</div> <div>Deleted : user_pref("CT3019965.myStuffPublihserMinWidth", 400);</div> <div>Deleted : user_pref("CT3019965.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]</div> <div>Deleted : user_pref("CT3019965.myStuffServiceIntervalMM", 1440);</div> <div>Deleted : user_pref("CT3019965.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]</div> <div>Deleted : user_pref("CT3019965.revertSettingsEnabled", true);</div> <div>Deleted : user_pref("CT3019965.searchProtectorDialogDelayInSec", 10);</div> <div>Deleted : user_pref("CT3019965.searchProtectorEnableByLogin", true);</div> <div>Deleted : user_pref("CT3019965.testingCtid", "");</div> <div>Deleted : user_pref("CT3019965.toolbarAppMetaDataLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.toolbarContextMenuLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div> <div>Deleted : user_pref("CT3019965.usagesFlag", 2);</div> <div>Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]</div> <div>Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3019965/CT3019965[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1411551/1407207/AT", "\"0\"[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3019965", [...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3019965",[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]</div> <div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]</div> <div>Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Zingaro\\AppData\\Roaming\\Mozilla\[...]</div> <div>Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");</div> <div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.freemediarecorder.com/toolbar/video.html"[...]</div> <div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x2[...]</div> <div>Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");</div> <div>Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3019965");</div> <div>Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3019965");</div> <div>Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3019965");</div> <div>Deleted : user_pref("CommunityToolbar.globalUserId", "7763a81b-e744-4d3f-877d-ef80f0a296c2");</div> <div>Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</div> <div>Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</div> <div>Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3019965");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 21 2012 13:50:0[...]</div> <div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);</div> <div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 21 2012 14:01:37 GMT+010[...]</div> <div>Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</div> <div>Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 21 2012 13:49:58 GMT+0100");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</div> <div>Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</div> <div>Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</div> <div>Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</div> <div>Deleted : user_pref("CommunityToolbar.notifications.userId", "681d2f37-ee21-4b30-aa12-86e0a518e71a");</div> <div>Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");</div> <div>Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]</div> <div>Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");</div> <div>Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]</div> <div> </div> <div>-\\ Google Chrome v23.0.1271.64</div> <div> </div> <div>File : C:\Users\Zingaro\AppData\Local\Google\Chrome\User Data\Default\Preferences</div> <div> </div> <div>[OK] File is clean.</div> <div> </div> <div>*************************</div> <div> </div> <div>AdwCleaner[R1].txt - [15994 octets] - [18/11/2012 04:16:36]</div> <div>AdwCleaner[s1].txt - [16129 octets] - [18/11/2012 04:17:57]</div> <div> </div> <div>########## EOF - C:\AdwCleaner[s1].txt - [16190 octets] ##########</div> <div> </div> <div> </div> <div> </div> <div>RogueKiller V8.3.0 [Nov 17 2012] by Tigzy</div> <div>mail: tigzyRK<at>gmail<dot>com</div> <div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div> <div>Website: http://tigzy.geekstogo.com/roguekiller.php</div> <div>Blog: http://tigzyrk.blogspot.com</div> <div> </div> <div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div> <div>Started in : Normal mode</div> <div>User : Zingaro [Admin rights]</div> <div>Mode : Remove -- Date : 11/18/2012 04:26:42</div> <div> </div> <div>¤¤¤ Bad processes : 0 ¤¤¤</div> <div> </div> <div>¤¤¤ Registry Entries : 5 ¤¤¤</div> <div>[sTARTUP][sUSP PATH] securityfix.exe @Zingaro : C:\Users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\securityfix.exe -> DELETED</div> <div>[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)</div> <div>[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)</div> <div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div> <div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div> <div> </div> <div>¤¤¤ Particular Files / Folders: ¤¤¤</div> <div> </div> <div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div> <div> </div> <div>¤¤¤ HOSTS File: ¤¤¤</div> <div>--> C:\Windows\system32\drivers\etc\hosts</div> <div> </div> <div>0.0.0.0 localhost </div> <div>127.0.0.1 www.greenoise.altervisa.com</div> <div> </div> <div>¤¤¤ MBR Check: ¤¤¤</div> <div> </div> <div>+++++ PhysicalDrive0: ST9320421ASG ATA Device +++++</div> <div>--- User ---</div> <div>[MBR] 5686910f4c6546009854e1531587cee3</div> <div>[bSP] 3507d5d683fc3bd400f597e2dd1dcafe : Linux MBR Code</div> <div>Partition table:</div> <div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div> <div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 80000 Mo</div> <div>2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 164050942 | Size: 225142 Mo</div> <div>User = LL1 ... OK!</div> <div>User = LL2 ... OK!</div> <div> </div> <div>Finished : << RKreport[2]_D_11182012_02d0426.txt >></div> <div>RKreport[1]_S_11182012_02d0426.txt ; RKreport[2]_D_11182012_02d0426.txt</div>
  6. Zingaro
    Dear gringo, I followed your steps and you fixed it. Not sure which of the three it was that did it, I suspect Roguekiller. Do you still want me to post the logs? Marc
  7. Zingaro
    Dear antivirus knights: This is a minor problem - actually I've rerouted the site to 127.0.0.1 in my hosts file and created a small "window.close()" javascript so the site closes everytime it's invoked (every 10 minutes or so)... but I still can't figure out what bloody service/process is calling the site to show up in the first place. I ran avast virus scanner and Malwarebytes full search, nothing was found. As instructed, here are DDS.txt and Attach.txt. I eagerly await your instructions/suggestions, and hope this is an easy one! Thank you, Marc dds.txt attach.txt
  8. Zingaro
    AMAZING! Thank you Chris! Those steps completely solved the problem. Adobe Acrobat and Flash? I wish I had some inkling of an idea how you could infer this from these logs. Is there anyway I can donate a small token of my very heartfelt gratitude and appreciation (paypal?) for your generous free help? Many many thanks! -Marc
  9. Zingaro
    Hi screen317, Thanks for your ongoing help. The System Restore issue is still present. In addition, something else has creeped up: I can't update my virus definitions from Microsoft Security Essentials. I get the following error code: "Virus and spyware definitions update failed. Security Essentials could not check for virus and spyware definition updates due to an Internet or network connectivity issue. Click Help for more information about this problem." Error code: 0x800703fa Error description: Security Essentials couldn't install the definition updates. Please try again later. When I click help, I see in a popup window: "http://go.microsoft.com/fwlink/?LinkID=200822&mkt=en-us Illegal operation attempted on a registry key that has been marked for deletion." As requested, here's the ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=caf2115eb486ea459b5b7f3b4e6c9f61 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-26 07:49:08 # local_time=2011-07-26 12:49:08 (-0800, Pacific Daylight Time) # country="Canada" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 51106432 51106432 0 0 # compatibility_mode=5893 16776574 100 94 946213 63202006 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=344946 # found=3 # cleaned=3 # scan_time=7991 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\messenger.exe.vir NSIS/TrojanDownloader.Agent.NFN trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Zingapuro\AppData\Local\Temp\NODEAD6.tmp a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C And here, screencheck: Results of screen317's Security Check version 0.99.7 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Out of date Java installed! Adobe Flash Player 10.1.102.64 Adobe Reader 9.4.5 MUI Out of date Adobe Reader installed! Mozilla Firefox (3.6.13) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log```````````` Thanks again. Marc
  10. Zingaro
    Hi, Sorry for the delay in replying. The situation remains the same: Microsoft Security Essentials is running well - but my System Restore is still messed up. As requested, I tried to post here the MBAM Quick Scan log, followed by the DDS log, followed by the ComboFix log, but the forum complained my post was too long. So here are just the first two, with the rest attached, I hope that works, please let me know if you need anything else. Thank you for your kind help. -Zingaro mbam-log-2011-07-21 (16-30-32).txt Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7224 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21/07/2011 16:30:32 mbam-log-2011-07-21 (16-30-32).txt Scan type: Quick scan Objects scanned: 193943 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Zingapuro at 19:34:09 on 2011-07-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2159 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LSI SoftModem\agr64svc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Activ Software\ActivDriver\activmgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gmail.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\1455259423D2553425 : DhcpNameServer = 163.178.88.2 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.72.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO-X64: Conduit Engine - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO-X64: One Hour Translation - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO-X64: Google Gears Helper - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?] R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?] R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?] R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?] R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-21 366640] R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160] R3 ActivHidSerMini;Promethean Serial Board Driver;C:\Windows\system32\DRIVERS\activhidsermini.sys --> C:\Windows\system32\DRIVERS\activhidsermini.sys [?] R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 prmvmouse;Promethean HID Mouse Service;C:\Windows\system32\DRIVERS\activmouse.sys --> C:\Windows\system32\DRIVERS\activmouse.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664] S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?] S3 ACTIVhidmini;Promethean USB Board Driver;C:\Windows\system32\DRIVERS\ACTIVhidmini.sys --> C:\Windows\system32\DRIVERS\ACTIVhidmini.sys [?] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?] S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2011-07-21 23:02:36 -------- d-----w- C:\$RECYCLE.BIN 2011-07-21 22:40:40 -------- d-----w- C:\Combo-Fix29103C 2011-07-21 22:16:54 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{994AB1F6-2AFD-414C-BC91-BA5A60838AF1}\mpengine.dll 2011-07-19 16:40:12 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2011-07-19 16:40:10 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll 2011-07-19 16:40:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll 2011-07-19 16:40:10 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll 2011-07-19 16:40:10 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll 2011-07-19 16:40:10 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll 2011-07-19 16:40:10 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll 2011-07-19 15:33:02 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Promethean 2011-07-19 15:28:54 -------- d-----w- C:\ProgramData\Promethean 2011-07-19 15:28:23 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\ACTIV Software 2011-07-19 15:28:23 -------- d-----w- C:\Program Files (x86)\Common Files\Activ Software 2011-07-19 15:28:19 -------- d-----w- C:\ProgramData\Activ Software 2011-07-19 15:28:19 -------- d-----w- C:\Program Files\Activ Software 2011-07-14 19:43:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-14 19:43:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-07-06 20:10:49 -------- d-----w- C:\Program Files (x86)\Prolific 2011-07-06 20:08:56 -------- d-----w- C:\Program Files (x86)\PicoBlocks en Español 2011-07-06 19:04:23 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-06 16:34:20 -------- d-----w- C:\Users\Zingapuro\AppData\Local\FlickrNet 2011-07-06 16:33:37 -------- d-----w- C:\Program Files (x86)\Flickr Downloadr 2011-07-06 15:51:05 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1 2011-07-05 20:29:34 -------- d-----w- C:\Users\Zingapuro\AppData\Local\Trusteer 2011-07-05 20:27:49 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2011-07-05 20:27:42 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Trusteer 2011-07-05 20:27:14 -------- d-----w- C:\Program Files (x86)\Trusteer 2011-07-05 20:26:37 -------- d-----w- C:\ProgramData\Trusteer 2011-07-05 14:25:09 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll 2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe 2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe 2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe 2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe 2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix 2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software 2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software 2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes 2011-07-05 08:23:33 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview 2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders 2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll 2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll 2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll . ==================== Find3M ==================== . 2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe 2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe . ============= FINISH: 19:34:48.53 =============== Attachments.zip
  11. Zingaro
    Please remove this post - reposted with attachment.
  12. Zingaro
    Good day, I've been suffering similar symptoms to this post http://forums.malwar...showtopic=71178 I tried debugging all day yesterday, installed 3 antivirus including Kapernsky and MalwareBytes, tried http://windowsxp.mvp...g/wscsvcfix.htm, but the problem persisted. Finally I found this forum and decided to try ComboFix (forgive me!) and lo-and-behold it seems to have improved the issue. I can currently run 2 of 3 services: Security Center and Microsoft Antimalware Service, but Windows Defender still gives following error: The Windows Defender Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. However, more troubling and not mentioned in any of my research, is that I still can't properly run System Restore. I see the correct window flash up for 2 milliseconds and then it's immediately replaced by the window "System Protection is turned off." Of course, my System Restore is turned On. At this point, in order to seek assistance from you I've followed the instructions on http://forums.malwar...?showtopic=9573 I am very grateful for your time and suggestions and will wait for your instructions before proceeding any further. Thank you very much. -Zingaro (As per instructions, attached Attach.txt and ark.txt and below a copy of DDS.txt) Attach.zip . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17 Run by Zingapuro at 17:22:50 on 2011-07-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2553 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LSI SoftModem\agr64svc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxext.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\taskmgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbengine.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\systempropertiesprotection.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gmail.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: DhcpNameServer = 192.168.178.1 192.168.0.1 TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.178.1 192.168.0.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.24.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO-X64: Conduit Engine - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO-X64: One Hour Translation - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO-X64: Google Gears Helper - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?] R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?] R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?] R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 366640] R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160] R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664] S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664] S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?] S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2011-07-05 14:25:09 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll 2011-07-05 14:17:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FFAFCE4-D2BA-4EDE-8ED9-13A99C748CCC}\mpengine.dll 2011-07-05 12:30:19 -------- d-----w- C:\$RECYCLE.BIN 2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe 2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe 2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe 2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe 2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix 2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software 2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software 2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes 2011-07-05 08:23:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview 2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders 2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll 2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll 2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-06-19 09:35:30 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-06-07 10:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe 2011-07-05 07:59:43 404560 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe 2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-05-26 14:32:41 106496 --sha-r- C:\Windows\SysWow64\DWWIND.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-18 11:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys 2011-04-18 11:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe . ============= FINISH: 17:23:58.50 ===============
  13. Zingaro
    Good day, I've been suffering similar symptoms to this post http://forums.malwarebytes.org/index.php?showtopic=71178 I tried debugging all day yesterday, installed 3 antivirus including Kapernsky and MalwareBytes, tried http://windowsxp.mvps.org/wscsvcfix.htm, but the problem persisted. Finally I found this forum and decided to try ComboFix (forgive me!) and lo-and-behold it seems to have improved the issue. I can currently run 2 of 3 services: "Security Center" and "Microsoft Antimalware Service", but "Windows Defender" still gives following error: "The Windows Defender Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs." However, more troubling and not mentioned in any of my research, is that I still can't properly run the System Restore. I see the correct window flash up for 2 milliseconds and then it's immediately replaced by "System Protection is turned off." Of course, my System Restore is turned On. At this point, in order to seek assistance from you I've followed the instructions on http://forums.malwarebytes.org/index.php?showtopic=9573 I am very grateful for your time and suggestions and will wait for your instructions before proceeding any further. Thank you very much. -Zingaro (As per instructions, attached Attach.txt and ark.txt and below a copy of DDS.txt) . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17 Run by Zingapuro at 17:22:50 on 2011-07-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2553 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LSI SoftModem\agr64svc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxext.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\taskmgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbengine.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\systempropertiesprotection.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gmail.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: DhcpNameServer = 192.168.178.1 192.168.0.1 TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.178.1 192.168.0.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.24.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO-X64: Conduit Engine - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll BHO-X64: One Hour Translation - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll BHO-X64: Google Gears Helper - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?] R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?] R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?] R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 366640] R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160] R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664] S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664] S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?] S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2011-07-05 14:25:09 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll 2011-07-05 14:17:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FFAFCE4-D2BA-4EDE-8ED9-13A99C748CCC}\mpengine.dll 2011-07-05 12:30:19 -------- d-----w- C:\$RECYCLE.BIN 2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe 2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe 2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe 2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe 2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix 2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software 2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software 2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client 2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes 2011-07-05 08:23:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview 2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders 2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll 2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll 2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll 2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-06-19 09:35:30 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-06-07 10:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe 2011-07-05 07:59:43 404560 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe 2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-05-26 14:32:41 106496 --sha-r- C:\Windows\SysWow64\DWWIND.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-04-18 11:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys 2011-04-18 11:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe 2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe . ============= FINISH: 17:23:58.50 =============== I have an HP mini with windows XP on it,I ran the exe fix on it then I ran Malwarebytes, SAS, Eset, AVG, Spybot, TDSSKiller and removed everything it found. However after a reboot the exe issue returns. twice now and all scanns are now clean. any suggestions? HJT file below HJT log did not attach, Sorry about that. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:06:55, on 7/6/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe D:\exefix_xp.com C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [EPSON Stylus Photo RX600 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P33 "EPSON Stylus Photo RX600 (Copy 1)" /O6 "USB001" /M "Stylus Photo RX600" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 7880 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.