Zingaro
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Zingaro
-
-
Hi Gringo,
Computer still running fine.
I can't quite figure out if System Restore is working properly or not. I could only see one Restore Point from yesterday, but I suspect it's because I didn't allow it enough Disk Usage. I've now increased to 2% (1.56 GB) and it looks like it's keeping them.
ComboFix mentions it's attempting to create a Restore Point -- should I be able to see one?
If so, I'll try running it again.
But that's about as much as I'm willing to troubleshoot this problem -- since the computer still runs fine. I think it's time I upgrade to a new system anyways. Have you played with Windows 8 yet?
Here's the log you asked for:
ComboFix 12-11-22.03 - Zingaro 23/11/2012 9:42.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.1945 [GMT 1:00]
Running from: a:\desktop\ComboFix.exe
Command switches used :: a:\desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 23
R6025
- pure virtual function call
Access is denied.
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-11-23 09:06 . 2012-11-23 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 15:31 . 2012-11-22 15:31 -------- d-----r- c:\program files (x86)\Skype
2012-11-22 15:14 . 2012-11-22 19:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\offreg.dll
2012-11-22 13:04 . 2012-11-22 13:04 -------- d-----w- c:\program files (x86)\MindFusion Limited
2012-11-22 12:47 . 2012-11-22 18:09 -------- d-----w- c:\users\Zingaro\AppData\Roaming\FileZilla
2012-11-22 12:47 . 2012-11-22 17:59 -------- d-----w- c:\program files (x86)\FileZilla-3.6.0.1
2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL
2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International
2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL
2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL
2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL
2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK
2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL
2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes
2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11
2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro
2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003
2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle
2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle
2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software
2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software
2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal
2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith
2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3
2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN
2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games
2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT
2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games
2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT
2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll
2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll
2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll
2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll
2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs
2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480]
Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120]
R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]
R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]
R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x]
R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 Kilgray: memoQ update permissions manager. 2595325.;Kilgray: memoQ update permissions manager. 2595325.;c:\program files (x86)\Kilgray\memoQ62\AUClient.exe [2012-11-14 696320]
S2 Kilgray: memoQ update permissions manager. 340979.;Kilgray: memoQ update permissions manager. 340979.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-11-14 696320]
S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320]
S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120]
S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job
- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job
- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]
.
2012-11-19 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43]
.
2012-11-22 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files (x86)\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-04-13 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://webmail.inghams.co.uk/exchange/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1 192.168.0.1
FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\
FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 2595325.]
"ImagePath"="c:\program files (x86)\Kilgray\memoQ62\AUClient.exe -PermissionManagerRun"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 340979.]
"ImagePath"="c:\program files (x86)\Kilgray\memoQ60\AUClient.exe -PermissionManagerRun"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*]
"bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,
64,6b,69,6a,6c,69,6c,6e,6a,65,00,76
"abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,
64,6b,69,6a,6c,69,6c,6e,6a,65,00,76
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c,
a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000140
"Therad"=dword:00000025
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,
51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,
51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-23 10:09:24
ComboFix-quarantined-files.txt 2012-11-23 09:09
ComboFix2.txt 2012-11-22 10:44
.
Pre-Run: 5,740,687,360 bytes free
Post-Run: 5,577,252,864 bytes free
.
- - End Of File - - 347B6AA7B2693C76FE7D3AF914C88665
-
Hola gringo,
I think it was a false alarm -- I simply didn't have any Restore Points created. I tried creating two manually and they are showing.
Not sure if you still wanted me to run the rootkit programs but I decided to. It seems to me the logs are ok. I'm running Daemon Tools (sptd.sys) which flagged both programs, but I'm still pretty sure I'm clean.
I await your confirmation.
19:11:02.0381 7460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:11:02.0646 7460 ============================================================
19:11:02.0646 7460 Current date / time: 2012/11/22 19:11:02.0646
19:11:02.0646 7460 SystemInfo:
19:11:02.0646 7460
19:11:02.0646 7460 OS Version: 6.1.7601 ServicePack: 1.0
19:11:02.0646 7460 Product type: Workstation
19:11:02.0646 7460 ComputerName: ZINGARO-PC
19:11:02.0647 7460 UserName: Zingaro
19:11:02.0647 7460 Windows directory: C:\Windows
19:11:02.0647 7460 System windows directory: C:\Windows
19:11:02.0647 7460 Running under WOW64
19:11:02.0647 7460 Processor architecture: Intel x64
19:11:02.0647 7460 Number of processors: 2
19:11:02.0647 7460 Page size: 0x1000
19:11:02.0647 7460 Boot type: Normal boot
19:11:02.0647 7460 ============================================================
19:11:04.0885 7460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:11:04.0895 7460 ============================================================
19:11:04.0895 7460 \Device\Harddisk0\DR0:
19:11:04.0895 7460 MBR partitions:
19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:11:04.0895 7460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x9C40033
19:11:04.0945 7460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC384000, BlocksNum 0x188CE000
19:11:04.0945 7460 ============================================================
19:11:05.0037 7460 C: <-> \Device\Harddisk0\DR0\Partition2
19:11:05.0076 7460 A: <-> \Device\Harddisk0\DR0\Partition3
19:11:05.0139 7460 ============================================================
19:11:05.0139 7460 Initialize success
19:11:05.0139 7460 ============================================================
19:11:08.0150 3408 ============================================================
19:11:08.0150 3408 Scan started
19:11:08.0150 3408 Mode: Manual;
19:11:08.0150 3408 ============================================================
19:11:12.0698 3408 ================ Scan system memory ========================
19:11:12.0698 3408 System memory - ok
19:11:12.0708 3408 ================ Scan services =============================
19:11:12.0919 3408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:11:12.0928 3408 1394ohci - ok
19:11:12.0980 3408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:11:12.0999 3408 ACPI - ok
19:11:13.0017 3408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:11:13.0019 3408 AcpiPmi - ok
19:11:13.0218 3408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:11:13.0222 3408 AdobeARMservice - ok
19:11:13.0404 3408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:11:13.0425 3408 adp94xx - ok
19:11:13.0444 3408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:11:13.0469 3408 adpahci - ok
19:11:13.0487 3408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:11:13.0492 3408 adpu320 - ok
19:11:13.0537 3408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:11:13.0540 3408 AeLookupSvc - ok
19:11:13.0596 3408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:11:13.0605 3408 AFD - ok
19:11:13.0700 3408 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:11:13.0735 3408 AgereSoftModem - ok
19:11:13.0769 3408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:11:13.0771 3408 agp440 - ok
19:11:13.0820 3408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:11:13.0820 3408 ALG - ok
19:11:13.0851 3408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:11:13.0852 3408 aliide - ok
19:11:13.0972 3408 ALSysIO - ok
19:11:14.0003 3408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:11:14.0005 3408 amdide - ok
19:11:14.0037 3408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:11:14.0040 3408 AmdK8 - ok
19:11:14.0056 3408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:11:14.0059 3408 AmdPPM - ok
19:11:14.0107 3408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:11:14.0111 3408 amdsata - ok
19:11:14.0157 3408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:11:14.0162 3408 amdsbs - ok
19:11:14.0192 3408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:11:14.0195 3408 amdxata - ok
19:11:14.0242 3408 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
19:11:14.0246 3408 androidusb - ok
19:11:14.0342 3408 [ EB4E26AD3A0E681C2FAABBACB0691A34 ] Apache2.2 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
19:11:14.0346 3408 Apache2.2 - ok
19:11:14.0428 3408 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:11:14.0479 3408 AppHostSvc - ok
19:11:14.0556 3408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:11:14.0569 3408 AppID - ok
19:11:14.0621 3408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:11:14.0627 3408 AppIDSvc - ok
19:11:14.0756 3408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:11:14.0766 3408 Appinfo - ok
19:11:15.0080 3408 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:15.0080 3408 Apple Mobile Device - ok
19:11:15.0120 3408 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:11:15.0130 3408 AppMgmt - ok
19:11:15.0160 3408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:11:15.0170 3408 arc - ok
19:11:15.0190 3408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:11:15.0228 3408 arcsas - ok
19:11:15.0412 3408 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:11:15.0424 3408 aspnet_state - ok
19:11:15.0484 3408 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:11:15.0484 3408 aswFsBlk - ok
19:11:15.0646 3408 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:11:15.0648 3408 aswMonFlt - ok
19:11:15.0678 3408 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:11:15.0678 3408 aswRdr - ok
19:11:15.0749 3408 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:11:15.0775 3408 aswSnx - ok
19:11:15.0820 3408 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:11:15.0834 3408 aswSP - ok
19:11:15.0902 3408 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:11:15.0902 3408 aswTdi - ok
19:11:15.0932 3408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:11:15.0932 3408 AsyncMac - ok
19:11:15.0952 3408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:11:15.0952 3408 atapi - ok
19:11:16.0032 3408 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:11:16.0067 3408 athr - ok
19:11:16.0124 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:11:16.0154 3408 AudioEndpointBuilder - ok
19:11:16.0194 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:11:16.0194 3408 AudioSrv - ok
19:11:16.0296 3408 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:11:16.0306 3408 avast! Antivirus - ok
19:11:16.0346 3408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:11:16.0346 3408 AxInstSV - ok
19:11:16.0387 3408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:11:16.0387 3408 b06bdrv - ok
19:11:16.0407 3408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:11:16.0417 3408 b57nd60a - ok
19:11:16.0440 3408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:11:16.0443 3408 BDESVC - ok
19:11:16.0465 3408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:11:16.0468 3408 Beep - ok
19:11:16.0509 3408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:11:16.0529 3408 BFE - ok
19:11:16.0579 3408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:11:16.0631 3408 BITS - ok
19:11:16.0681 3408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:11:16.0681 3408 blbdrive - ok
19:11:16.0753 3408 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:11:16.0763 3408 Bonjour Service - ok
19:11:16.0809 3408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:11:16.0812 3408 bowser - ok
19:11:16.0839 3408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:11:16.0840 3408 BrFiltLo - ok
19:11:16.0860 3408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:11:16.0861 3408 BrFiltUp - ok
19:11:16.0895 3408 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:11:16.0895 3408 BridgeMP - ok
19:11:16.0935 3408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:11:16.0935 3408 Browser - ok
19:11:16.0965 3408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:11:16.0965 3408 Brserid - ok
19:11:16.0984 3408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:11:16.0986 3408 BrSerWdm - ok
19:11:17.0007 3408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:11:17.0010 3408 BrUsbMdm - ok
19:11:17.0019 3408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:11:17.0021 3408 BrUsbSer - ok
19:11:17.0064 3408 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:11:17.0066 3408 BthEnum - ok
19:11:17.0077 3408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:11:17.0077 3408 BTHMODEM - ok
19:11:17.0117 3408 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:11:17.0121 3408 BthPan - ok
19:11:17.0169 3408 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:11:17.0199 3408 BTHPORT - ok
19:11:17.0252 3408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:11:17.0258 3408 bthserv - ok
19:11:17.0351 3408 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:11:17.0351 3408 BTHUSB - ok
19:11:17.0421 3408 catchme - ok
19:11:17.0441 3408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:11:17.0454 3408 cdfs - ok
19:11:17.0488 3408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:11:17.0492 3408 cdrom - ok
19:11:17.0533 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:11:17.0543 3408 CertPropSvc - ok
19:11:17.0576 3408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:11:17.0578 3408 circlass - ok
19:11:17.0611 3408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:11:17.0618 3408 CLFS - ok
19:11:17.0665 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:17.0665 3408 clr_optimization_v2.0.50727_32 - ok
19:11:17.0775 3408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:11:17.0785 3408 clr_optimization_v2.0.50727_64 - ok
19:11:17.0866 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:17.0867 3408 clr_optimization_v4.0.30319_32 - ok
19:11:17.0887 3408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:11:17.0897 3408 clr_optimization_v4.0.30319_64 - ok
19:11:17.0927 3408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:11:17.0927 3408 CmBatt - ok
19:11:17.0947 3408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:11:17.0947 3408 cmdide - ok
19:11:17.0999 3408 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:11:18.0013 3408 CNG - ok
19:11:18.0035 3408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:11:18.0038 3408 Compbatt - ok
19:11:18.0059 3408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:11:18.0059 3408 CompositeBus - ok
19:11:18.0079 3408 COMSysApp - ok
19:11:18.0099 3408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:11:18.0099 3408 crcdisk - ok
19:11:18.0151 3408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:11:18.0151 3408 CryptSvc - ok
19:11:18.0191 3408 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:11:18.0201 3408 CSC - ok
19:11:18.0221 3408 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:11:18.0258 3408 CscService - ok
19:11:18.0303 3408 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:11:18.0313 3408 ctxusbm - ok
19:11:18.0363 3408 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:11:18.0373 3408 dc3d - ok
19:11:18.0425 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:11:18.0448 3408 DcomLaunch - ok
19:11:18.0485 3408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:11:18.0505 3408 defragsvc - ok
19:11:18.0545 3408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:11:18.0555 3408 DfsC - ok
19:11:18.0600 3408 dgderdrv - ok
19:11:18.0641 3408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:11:18.0647 3408 Dhcp - ok
19:11:18.0677 3408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:11:18.0687 3408 discache - ok
19:11:18.0729 3408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:11:18.0729 3408 Disk - ok
19:11:18.0864 3408 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
19:11:18.0868 3408 DKbFltr - ok
19:11:18.0891 3408 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:11:18.0891 3408 dmvsc - ok
19:11:18.0931 3408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:11:18.0941 3408 Dnscache - ok
19:11:18.0978 3408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:11:18.0985 3408 dot3svc - ok
19:11:19.0030 3408 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:11:19.0034 3408 dot4 - ok
19:11:19.0053 3408 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:11:19.0053 3408 Dot4Print - ok
19:11:19.0083 3408 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:11:19.0093 3408 dot4usb - ok
19:11:19.0116 3408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:11:19.0122 3408 DPS - ok
19:11:19.0145 3408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:11:19.0155 3408 drmkaud - ok
19:11:19.0195 3408 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
19:11:19.0205 3408 DsiWMIService - ok
19:11:19.0263 3408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:11:19.0287 3408 DXGKrnl - ok
19:11:19.0337 3408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:11:19.0347 3408 EapHost - ok
19:11:19.0509 3408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:11:19.0571 3408 ebdrv - ok
19:11:19.0623 3408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:11:19.0633 3408 EFS - ok
19:11:19.0673 3408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:11:19.0699 3408 ehRecvr - ok
19:11:19.0713 3408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:11:19.0716 3408 ehSched - ok
19:11:19.0835 3408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:11:19.0863 3408 elxstor - ok
19:11:19.0887 3408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:11:19.0897 3408 ErrDev - ok
19:11:19.0947 3408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:11:19.0975 3408 EventSystem - ok
19:11:20.0010 3408 ew_hwusbdev - ok
19:11:20.0039 3408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:11:20.0044 3408 exfat - ok
19:11:20.0079 3408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:11:20.0079 3408 fastfat - ok
19:11:20.0131 3408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:11:20.0161 3408 Fax - ok
19:11:20.0201 3408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:11:20.0212 3408 fdc - ok
19:11:20.0263 3408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:11:20.0263 3408 fdPHost - ok
19:11:20.0283 3408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:11:20.0293 3408 FDResPub - ok
19:11:20.0324 3408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:11:20.0325 3408 FileInfo - ok
19:11:20.0345 3408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:11:20.0345 3408 Filetrace - ok
19:11:20.0365 3408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:11:20.0365 3408 flpydisk - ok
19:11:20.0395 3408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:11:20.0395 3408 FltMgr - ok
19:11:20.0455 3408 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:11:20.0488 3408 FontCache - ok
19:11:20.0557 3408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:20.0557 3408 FontCache3.0.0.0 - ok
19:11:20.0597 3408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:11:20.0597 3408 FsDepends - ok
19:11:20.0659 3408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:11:20.0661 3408 Fs_Rec - ok
19:11:20.0699 3408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:11:20.0709 3408 fvevol - ok
19:11:20.0729 3408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:11:20.0743 3408 gagp30kx - ok
19:11:20.0781 3408 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:20.0781 3408 GEARAspiWDM - ok
19:11:20.0811 3408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:11:20.0845 3408 gpsvc - ok
19:11:20.0913 3408 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:11:20.0923 3408 gusvc - ok
19:11:20.0943 3408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:11:20.0943 3408 hcw85cir - ok
19:11:20.0991 3408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:11:21.0013 3408 HdAudAddService - ok
19:11:21.0055 3408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:11:21.0055 3408 HDAudBus - ok
19:11:21.0075 3408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:11:21.0075 3408 HidBatt - ok
19:11:21.0098 3408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:11:21.0101 3408 HidBth - ok
19:11:21.0126 3408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:11:21.0131 3408 HidIr - ok
19:11:21.0157 3408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:11:21.0157 3408 hidserv - ok
19:11:21.0192 3408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:11:21.0195 3408 HidUsb - ok
19:11:21.0232 3408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:11:21.0237 3408 hkmsvc - ok
19:11:21.0270 3408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:11:21.0277 3408 HomeGroupListener - ok
19:11:21.0369 3408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:11:21.0389 3408 HomeGroupProvider - ok
19:11:21.0409 3408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:11:21.0409 3408 HpSAMD - ok
19:11:21.0447 3408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:11:21.0477 3408 HTTP - ok
19:11:21.0509 3408 huawei_cdcacm - ok
19:11:21.0511 3408 huawei_enumerator - ok
19:11:21.0558 3408 hwdatacard - ok
19:11:21.0588 3408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:11:21.0592 3408 hwpolicy - ok
19:11:21.0644 3408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:11:21.0648 3408 i8042prt - ok
19:11:21.0703 3408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:11:21.0713 3408 iaStorV - ok
19:11:21.0783 3408 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:11:21.0793 3408 IDriverT - ok
19:11:21.0849 3408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:11:21.0885 3408 idsvc - ok
19:11:22.0065 3408 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:11:22.0187 3408 igfx - ok
19:11:22.0225 3408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:11:22.0233 3408 iirsp - ok
19:11:22.0289 3408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:11:22.0329 3408 IKEEXT - ok
19:11:22.0382 3408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:11:22.0385 3408 intelide - ok
19:11:22.0487 3408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:11:22.0489 3408 intelppm - ok
19:11:22.0523 3408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:11:22.0523 3408 IPBusEnum - ok
19:11:22.0553 3408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:22.0563 3408 IpFilterDriver - ok
19:11:22.0608 3408 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:11:22.0619 3408 iphlpsvc - ok
19:11:22.0655 3408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:11:22.0659 3408 IPMIDRV - ok
19:11:22.0675 3408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:11:22.0675 3408 IPNAT - ok
19:11:22.0807 3408 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:11:22.0842 3408 iPod Service - ok
19:11:22.0883 3408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:11:22.0886 3408 IRENUM - ok
19:11:22.0939 3408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:11:22.0939 3408 isapnp - ok
19:11:22.0984 3408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:11:22.0993 3408 iScsiPrt - ok
19:11:23.0028 3408 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:11:23.0036 3408 k57nd60a - ok
19:11:23.0065 3408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:11:23.0068 3408 kbdclass - ok
19:11:23.0095 3408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:11:23.0098 3408 kbdhid - ok
19:11:23.0111 3408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:11:23.0121 3408 KeyIso - ok
19:11:23.0283 3408 Kilgray: memoQ update permissions manager. 2595325. - ok
19:11:23.0335 3408 Kilgray: memoQ update permissions manager. 340979. - ok
19:11:23.0355 3408 Kilgray: memoQ update permissions manager. 979430. - ok
19:11:23.0401 3408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:11:23.0405 3408 KSecDD - ok
19:11:23.0427 3408 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:11:23.0427 3408 KSecPkg - ok
19:11:23.0447 3408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:11:23.0447 3408 ksthunk - ok
19:11:23.0487 3408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:11:23.0504 3408 KtmRm - ok
19:11:23.0548 3408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:11:23.0557 3408 LanmanServer - ok
19:11:23.0575 3408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:11:23.0583 3408 LanmanWorkstation - ok
19:11:23.0630 3408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:11:23.0633 3408 lltdio - ok
19:11:23.0671 3408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:11:23.0679 3408 lltdsvc - ok
19:11:23.0699 3408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:11:23.0699 3408 lmhosts - ok
19:11:23.0741 3408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:11:23.0744 3408 LSI_FC - ok
19:11:23.0768 3408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:11:23.0771 3408 LSI_SAS - ok
19:11:23.0813 3408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:11:23.0816 3408 LSI_SAS2 - ok
19:11:23.0840 3408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:11:23.0845 3408 LSI_SCSI - ok
19:11:23.0869 3408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:11:23.0872 3408 luafv - ok
19:11:23.0921 3408 [ A13AC35BCDA983ACB8EF6FF025830508 ] Macro Expert c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe
19:11:23.0921 3408 Macro Expert - ok
19:11:23.0941 3408 [ 83BE0A161C995BCC42362311243905AA ] MacroExpertDirectIo c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys
19:11:23.0941 3408 MacroExpertDirectIo - ok
19:11:24.0022 3408 [ 87BF49F946C465C95A9ECCB9E97240E0 ] MAUSBMOBILEPRE C:\Windows\system32\DRIVERS\MAudioMobilePre.sys
19:11:24.0023 3408 MAUSBMOBILEPRE - ok
19:11:24.0078 3408 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:11:24.0083 3408 MBAMProtector - ok
19:11:24.0135 3408 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:11:24.0145 3408 MBAMScheduler - ok
19:11:24.0188 3408 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:11:24.0200 3408 MBAMService - ok
19:11:24.0227 3408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:11:24.0232 3408 Mcx2Svc - ok
19:11:24.0247 3408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:11:24.0247 3408 megasas - ok
19:11:24.0267 3408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:11:24.0281 3408 MegaSR - ok
19:11:24.0419 3408 [ AA017F00565A6DFAB7194E43EBA77312 ] Memopal Crawler C:\Program Files\Memopal\MemopalCrawler.exe
19:11:24.0479 3408 Memopal Crawler - ok
19:11:24.0514 3408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:11:24.0519 3408 MMCSS - ok
19:11:24.0541 3408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:11:24.0541 3408 Modem - ok
19:11:24.0613 3408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:11:24.0613 3408 monitor - ok
19:11:24.0663 3408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:11:24.0663 3408 mouclass - ok
19:11:24.0693 3408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:11:24.0693 3408 mouhid - ok
19:11:24.0723 3408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:11:24.0723 3408 mountmgr - ok
19:11:24.0823 3408 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:11:24.0829 3408 MozillaMaintenance - ok
19:11:24.0861 3408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:11:24.0865 3408 mpio - ok
19:11:24.0901 3408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:11:24.0904 3408 mpsdrv - ok
19:11:24.0945 3408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:11:24.0975 3408 MpsSvc - ok
19:11:25.0017 3408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:11:25.0017 3408 MRxDAV - ok
19:11:25.0057 3408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:25.0067 3408 mrxsmb - ok
19:11:25.0109 3408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:25.0118 3408 mrxsmb10 - ok
19:11:25.0159 3408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:25.0159 3408 mrxsmb20 - ok
19:11:25.0189 3408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:11:25.0189 3408 msahci - ok
19:11:25.0229 3408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:11:25.0229 3408 msdsm - ok
19:11:25.0281 3408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:11:25.0281 3408 MSDTC - ok
19:11:25.0338 3408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:11:25.0344 3408 Msfs - ok
19:11:25.0363 3408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:11:25.0363 3408 mshidkmdf - ok
19:11:25.0383 3408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:11:25.0383 3408 msisadrv - ok
19:11:25.0422 3408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:11:25.0430 3408 MSiSCSI - ok
19:11:25.0435 3408 msiserver - ok
19:11:25.0465 3408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:11:25.0465 3408 MSKSSRV - ok
19:11:25.0475 3408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:25.0485 3408 MSPCLOCK - ok
19:11:25.0500 3408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:11:25.0502 3408 MSPQM - ok
19:11:25.0527 3408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:11:25.0533 3408 MsRPC - ok
19:11:25.0572 3408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:11:25.0574 3408 mssmbios - ok
19:11:25.0647 3408 MSSQL$ACROSS - ok
19:11:25.0709 3408 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:11:25.0719 3408 MSSQLServerADHelper - ok
19:11:25.0749 3408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:11:25.0749 3408 MSTEE - ok
19:11:25.0759 3408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:11:25.0759 3408 MTConfig - ok
19:11:25.0779 3408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:11:25.0779 3408 Mup - ok
19:11:25.0831 3408 MySQL55 - ok
19:11:25.0913 3408 [ 086DA58F38AB4C690D594D223F6C4BC4 ] NalServ C:\Windows\SysWOW64\nalserv.exe
19:11:25.0923 3408 NalServ - ok
19:11:25.0953 3408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:11:25.0973 3408 napagent - ok
19:11:26.0016 3408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:11:26.0026 3408 NativeWifiP - ok
19:11:26.0165 3408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:11:26.0205 3408 NDIS - ok
19:11:26.0257 3408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:11:26.0260 3408 NdisCap - ok
19:11:26.0347 3408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:26.0357 3408 NdisTapi - ok
19:11:26.0447 3408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:26.0447 3408 Ndisuio - ok
19:11:26.0487 3408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:26.0487 3408 NdisWan - ok
19:11:26.0529 3408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:11:26.0532 3408 NDProxy - ok
19:11:26.0589 3408 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
19:11:26.0592 3408 Netaapl - ok
19:11:26.0599 3408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:11:26.0609 3408 NetBIOS - ok
19:11:26.0629 3408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:11:26.0640 3408 NetBT - ok
19:11:26.0661 3408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:11:26.0665 3408 Netlogon - ok
19:11:26.0711 3408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:11:26.0731 3408 Netman - ok
19:11:26.0811 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:26.0821 3408 NetMsmqActivator - ok
19:11:26.0851 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:26.0851 3408 NetPipeActivator - ok
19:11:26.0880 3408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:11:26.0903 3408 netprofm - ok
19:11:26.0913 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:26.0915 3408 NetTcpActivator - ok
19:11:26.0926 3408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:26.0929 3408 NetTcpPortSharing - ok
19:11:26.0953 3408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:11:26.0956 3408 nfrd960 - ok
19:11:27.0083 3408 [ BEEBF29E6F01D2810313B0FD89EC933B ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
19:11:27.0103 3408 NitroDriverReadSpool - ok
19:11:27.0173 3408 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:11:27.0183 3408 NlaSvc - ok
19:11:27.0213 3408 [ 23688F610A5A16DD8B4D93D2F7BD44F6 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
19:11:27.0253 3408 nlsX86cc - ok
19:11:27.0305 3408 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
19:11:27.0305 3408 NPF - ok
19:11:27.0325 3408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:11:27.0325 3408 Npfs - ok
19:11:27.0367 3408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:11:27.0372 3408 nsi - ok
19:11:27.0407 3408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:11:27.0407 3408 nsiproxy - ok
19:11:27.0479 3408 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:11:27.0532 3408 Ntfs - ok
19:11:27.0581 3408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:11:27.0587 3408 Null - ok
19:11:27.0649 3408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:11:27.0652 3408 nvraid - ok
19:11:27.0724 3408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:11:27.0734 3408 nvstor - ok
19:11:27.0774 3408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:11:27.0774 3408 nv_agp - ok
19:11:27.0976 3408 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:11:27.0996 3408 odserv - ok
19:11:28.0016 3408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:11:28.0019 3408 ohci1394 - ok
19:11:28.0340 3408 [ C869AF1D8CA9DF8BD2591C87F738F22A ] OracleDBConsoleorcl C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
19:11:28.0350 3408 OracleDBConsoleorcl - ok
19:11:28.0360 3408 OracleJobSchedulerORCL - ok
19:11:28.0407 3408 [ DDF3E95F80DCD49D44AB6B88D55D5C60 ] OracleOraDb10g_home1iSQL*Plus C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
19:11:28.0410 3408 OracleOraDb10g_home1iSQL*Plus - ok
19:11:28.0442 3408 OracleOraDb10g_home1TNSListener - ok
19:11:28.0462 3408 OracleServiceORCL - ok
19:11:28.0502 3408 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:28.0514 3408 ose - ok
19:11:28.0664 3408 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:11:28.0766 3408 osppsvc - ok
19:11:28.0818 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:11:28.0848 3408 p2pimsvc - ok
19:11:28.0878 3408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:11:28.0894 3408 p2psvc - ok
19:11:28.0929 3408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:11:28.0932 3408 Parport - ok
19:11:28.0981 3408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:11:28.0985 3408 partmgr - ok
19:11:29.0013 3408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:11:29.0022 3408 PcaSvc - ok
19:11:29.0048 3408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:11:29.0053 3408 pci - ok
19:11:29.0081 3408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:11:29.0092 3408 pciide - ok
19:11:29.0112 3408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:11:29.0122 3408 pcmcia - ok
19:11:29.0142 3408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:11:29.0142 3408 pcw - ok
19:11:29.0176 3408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:11:29.0204 3408 PEAUTH - ok
19:11:29.0380 3408 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:11:29.0406 3408 PeerDistSvc - ok
19:11:29.0446 3408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:11:29.0462 3408 PerfHost - ok
19:11:29.0595 3408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:11:29.0658 3408 pla - ok
19:11:29.0718 3408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:11:29.0748 3408 PlugPlay - ok
19:11:29.0768 3408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:11:29.0778 3408 PNRPAutoReg - ok
19:11:29.0807 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:11:29.0813 3408 PNRPsvc - ok
19:11:29.0846 3408 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:11:29.0848 3408 Point64 - ok
19:11:29.0883 3408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:11:29.0905 3408 PolicyAgent - ok
19:11:29.0930 3408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:11:29.0940 3408 Power - ok
19:11:29.0976 3408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:11:29.0980 3408 PptpMiniport - ok
19:11:30.0002 3408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:11:30.0005 3408 Processor - ok
19:11:30.0052 3408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:11:30.0062 3408 ProfSvc - ok
19:11:30.0092 3408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:11:30.0092 3408 ProtectedStorage - ok
19:11:30.0164 3408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:11:30.0164 3408 Psched - ok
19:11:30.0204 3408 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:11:30.0214 3408 PxHlpa64 - ok
19:11:30.0264 3408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:11:30.0294 3408 ql2300 - ok
19:11:30.0314 3408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:11:30.0324 3408 ql40xx - ok
19:11:30.0353 3408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:11:30.0356 3408 QWAVE - ok
19:11:30.0376 3408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:11:30.0376 3408 QWAVEdrv - ok
19:11:30.0414 3408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:11:30.0417 3408 RasAcd - ok
19:11:30.0454 3408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:11:30.0457 3408 RasAgileVpn - ok
19:11:30.0477 3408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:11:30.0484 3408 RasAuto - ok
19:11:30.0499 3408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:30.0504 3408 Rasl2tp - ok
19:11:30.0550 3408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:11:30.0569 3408 RasMan - ok
19:11:30.0629 3408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:30.0632 3408 RasPppoe - ok
19:11:30.0664 3408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:11:30.0667 3408 RasSstp - ok
19:11:30.0690 3408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:11:30.0699 3408 rdbss - ok
19:11:30.0715 3408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:11:30.0718 3408 rdpbus - ok
19:11:30.0730 3408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:30.0733 3408 RDPCDD - ok
19:11:30.0781 3408 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:11:30.0786 3408 RDPDR - ok
19:11:30.0828 3408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:11:30.0828 3408 RDPENCDD - ok
19:11:30.0878 3408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:11:30.0878 3408 RDPREFMP - ok
19:11:30.0946 3408 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:11:30.0949 3408 RdpVideoMiniport - ok
19:11:30.0997 3408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:11:31.0003 3408 RDPWD - ok
19:11:31.0033 3408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:11:31.0039 3408 rdyboost - ok
19:11:31.0050 3408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:11:31.0060 3408 RemoteAccess - ok
19:11:31.0086 3408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:11:31.0094 3408 RemoteRegistry - ok
19:11:31.0132 3408 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:11:31.0142 3408 RFCOMM - ok
19:11:31.0182 3408 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:11:31.0182 3408 RimUsb - ok
19:11:31.0264 3408 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
19:11:31.0274 3408 RimVSerPort - ok
19:11:31.0294 3408 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
19:11:31.0304 3408 ROOTMODEM - ok
19:11:31.0404 3408 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
19:11:31.0414 3408 rpcapd - ok
19:11:31.0444 3408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:11:31.0454 3408 RpcEptMapper - ok
19:11:31.0514 3408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:11:31.0514 3408 RpcLocator - ok
19:11:31.0544 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:11:31.0544 3408 RpcSs - ok
19:11:31.0593 3408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:11:31.0597 3408 rspndr - ok
19:11:31.0621 3408 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:11:31.0624 3408 s3cap - ok
19:11:31.0642 3408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:11:31.0645 3408 SamSs - ok
19:11:31.0687 3408 [ 742112CE7ABB11DC17A561B4291BE9C6 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
19:11:31.0692 3408 SbieDrv - ok
19:11:31.0722 3408 [ 2419ED7E333B2BC2F81E50A6F5923FC6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
19:11:31.0726 3408 SbieSvc - ok
19:11:31.0768 3408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:11:31.0772 3408 sbp2port - ok
19:11:31.0796 3408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:11:31.0806 3408 SCardSvr - ok
19:11:31.0828 3408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:11:31.0832 3408 scfilter - ok
19:11:31.0868 3408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:11:31.0898 3408 Schedule - ok
19:11:32.0018 3408 [ CB7166B04F774E2E2705E561E48FE023 ] SCPDFReadSpool C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
19:11:32.0025 3408 SCPDFReadSpool - ok
19:11:32.0061 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:11:32.0063 3408 SCPolicySvc - ok
19:11:32.0090 3408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:11:32.0100 3408 SDRSVC - ok
19:11:32.0140 3408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:11:32.0140 3408 secdrv - ok
19:11:32.0160 3408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:11:32.0160 3408 seclogon - ok
19:11:32.0222 3408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:11:32.0222 3408 SENS - ok
19:11:32.0232 3408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:11:32.0242 3408 SensrSvc - ok
19:11:32.0262 3408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:11:32.0262 3408 Serenum - ok
19:11:32.0287 3408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:11:32.0290 3408 Serial - ok
19:11:32.0311 3408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:11:32.0313 3408 sermouse - ok
19:11:32.0354 3408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:11:32.0354 3408 SessionEnv - ok
19:11:32.0395 3408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:11:32.0398 3408 sffdisk - ok
19:11:32.0415 3408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:11:32.0418 3408 sffp_mmc - ok
19:11:32.0427 3408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:11:32.0430 3408 sffp_sd - ok
19:11:32.0443 3408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:11:32.0445 3408 sfloppy - ok
19:11:32.0501 3408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:11:32.0536 3408 SharedAccess - ok
19:11:32.0634 3408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:11:32.0650 3408 ShellHWDetection - ok
19:11:32.0660 3408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:11:32.0670 3408 SiSRaid2 - ok
19:11:32.0680 3408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:11:32.0691 3408 SiSRaid4 - ok
19:11:32.0748 3408 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:11:32.0753 3408 SkypeUpdate - ok
19:11:32.0840 3408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:11:32.0861 3408 Smb - ok
19:11:32.0937 3408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:11:32.0943 3408 SNMPTRAP - ok
19:11:32.0961 3408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:11:32.0964 3408 spldr - ok
19:11:33.0003 3408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:11:33.0020 3408 Spooler - ok
19:11:33.0102 3408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:11:33.0184 3408 sppsvc - ok
19:11:33.0214 3408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:11:33.0236 3408 sppuinotify - ok
19:11:33.0336 3408 [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd C:\Windows\System32\Drivers\sptd.sys
19:11:33.0336 3408 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2
19:11:33.0336 3408 sptd ( LockedFile.Multi.Generic ) - warning
19:11:33.0336 3408 sptd - detected LockedFile.Multi.Generic (1)
19:11:33.0488 3408 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:11:33.0488 3408 SQLBrowser - ok
19:11:33.0580 3408 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:11:33.0586 3408 SQLWriter - ok
19:11:33.0655 3408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:11:33.0664 3408 srv - ok
19:11:33.0700 3408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:11:33.0712 3408 srv2 - ok
19:11:33.0750 3408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:11:33.0756 3408 srvnet - ok
19:11:33.0802 3408 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:11:33.0812 3408 ssadbus - ok
19:11:33.0832 3408 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:11:33.0832 3408 ssadmdfl - ok
19:11:33.0852 3408 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:11:33.0862 3408 ssadmdm - ok
19:11:33.0894 3408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:11:33.0894 3408 SSDPSRV - ok
19:11:33.0934 3408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:11:33.0941 3408 SstpSvc - ok
19:11:33.0964 3408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:11:33.0968 3408 stexstor - ok
19:11:34.0013 3408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:11:34.0044 3408 stisvc - ok
19:11:34.0074 3408 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:11:34.0077 3408 storflt - ok
19:11:34.0096 3408 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:11:34.0096 3408 storvsc - ok
19:11:34.0116 3408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:11:34.0116 3408 swenum - ok
19:11:34.0206 3408 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:11:34.0216 3408 SwitchBoard - ok
19:11:34.0262 3408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:11:34.0270 3408 swprv - ok
19:11:34.0302 3408 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
19:11:34.0305 3408 Synth3dVsc - ok
19:11:34.0333 3408 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:11:34.0338 3408 SynTP - ok
19:11:34.0388 3408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:11:34.0428 3408 SysMain - ok
19:11:34.0458 3408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:11:34.0458 3408 TabletInputService - ok
19:11:34.0492 3408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:11:34.0512 3408 TapiSrv - ok
19:11:34.0552 3408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:11:34.0568 3408 TBS - ok
19:11:34.0632 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:11:34.0684 3408 Tcpip - ok
19:11:34.0776 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:11:34.0800 3408 TCPIP6 - ok
19:11:34.0836 3408 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:11:34.0839 3408 tcpipreg - ok
19:11:34.0868 3408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:11:34.0868 3408 TDPIPE - ok
19:11:34.0908 3408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:11:34.0908 3408 TDTCP - ok
19:11:34.0928 3408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:11:34.0928 3408 tdx - ok
19:11:35.0058 3408 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:11:35.0120 3408 TeamViewer7 - ok
19:11:35.0166 3408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:11:35.0169 3408 TermDD - ok
19:11:35.0194 3408 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:11:35.0222 3408 terminpt - ok
19:11:35.0392 3408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:11:35.0412 3408 TermService - ok
19:11:35.0432 3408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:11:35.0432 3408 Themes - ok
19:11:35.0460 3408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:11:35.0464 3408 THREADORDER - ok
19:11:35.0491 3408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:11:35.0497 3408 TrkWks - ok
19:11:35.0534 3408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:11:35.0544 3408 TrustedInstaller - ok
19:11:35.0580 3408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:35.0583 3408 tssecsrv - ok
19:11:35.0608 3408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:11:35.0611 3408 TsUsbFlt - ok
19:11:35.0632 3408 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:11:35.0636 3408 TsUsbGD - ok
19:11:35.0658 3408 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:11:35.0662 3408 tsusbhub - ok
19:11:35.0695 3408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:11:35.0698 3408 tunnel - ok
19:11:35.0717 3408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:11:35.0720 3408 uagp35 - ok
19:11:35.0747 3408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:11:35.0755 3408 udfs - ok
19:11:35.0800 3408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:11:35.0806 3408 UI0Detect - ok
19:11:35.0846 3408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:11:35.0846 3408 uliagpkx - ok
19:11:35.0866 3408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:11:35.0876 3408 umbus - ok
19:11:35.0886 3408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:11:35.0886 3408 UmPass - ok
19:11:35.0911 3408 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:11:35.0920 3408 UmRdpService - ok
19:11:35.0948 3408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:11:35.0973 3408 upnphost - ok
19:11:36.0017 3408 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:11:36.0021 3408 USBAAPL64 - ok
19:11:36.0076 3408 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:11:36.0080 3408 usbaudio - ok
19:11:36.0128 3408 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:36.0138 3408 usbccgp - ok
19:11:36.0188 3408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:11:36.0188 3408 usbcir - ok
19:11:36.0228 3408 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:11:36.0228 3408 usbehci - ok
19:11:36.0280 3408 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:11:36.0290 3408 usbhub - ok
19:11:36.0300 3408 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:11:36.0310 3408 usbohci - ok
19:11:36.0334 3408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:11:36.0352 3408 usbprint - ok
19:11:36.0392 3408 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:11:36.0392 3408 usbscan - ok
19:11:36.0432 3408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:36.0432 3408 USBSTOR - ok
19:11:36.0452 3408 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:11:36.0452 3408 usbuhci - ok
19:11:36.0472 3408 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:11:36.0487 3408 usbvideo - ok
19:11:36.0524 3408 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
19:11:36.0524 3408 usb_rndisx - ok
19:11:36.0554 3408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:11:36.0564 3408 UxSms - ok
19:11:36.0590 3408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:11:36.0594 3408 VaultSvc - ok
19:11:36.0633 3408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:11:36.0643 3408 vdrvroot - ok
19:11:36.0686 3408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:11:36.0706 3408 vds - ok
19:11:36.0736 3408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:36.0746 3408 vga - ok
19:11:36.0778 3408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:11:36.0778 3408 VgaSave - ok
19:11:36.0798 3408 VGPU - ok
19:11:36.0839 3408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:11:36.0844 3408 vhdmp - ok
19:11:36.0870 3408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:11:36.0870 3408 viaide - ok
19:11:36.0910 3408 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:11:36.0910 3408 vmbus - ok
19:11:36.0930 3408 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:11:36.0930 3408 VMBusHID - ok
19:11:36.0940 3408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:11:36.0950 3408 volmgr - ok
19:11:36.0981 3408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:11:36.0991 3408 volmgrx - ok
19:11:37.0022 3408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:11:37.0029 3408 volsnap - ok
19:11:37.0056 3408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:11:37.0062 3408 vsmraid - ok
19:11:37.0172 3408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:11:37.0182 3408 VSS - ok
19:11:37.0223 3408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:11:37.0231 3408 vwifibus - ok
19:11:37.0274 3408 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:11:37.0274 3408 vwififlt - ok
19:11:37.0314 3408 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:11:37.0324 3408 vwifimp - ok
19:11:37.0354 3408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:11:37.0374 3408 W32Time - ok
19:11:37.0444 3408 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:11:37.0454 3408 W3SVC - ok
19:11:37.0464 3408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:11:37.0464 3408 WacomPen - ok
19:11:37.0500 3408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:11:37.0505 3408 WANARP - ok
19:11:37.0515 3408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:11:37.0517 3408 Wanarpv6 - ok
19:11:37.0536 3408 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:11:37.0540 3408 WAS - ok
19:11:37.0585 3408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:11:37.0601 3408 wbengine - ok
19:11:37.0651 3408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:11:37.0656 3408 WbioSrvc - ok
19:11:37.0700 3408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:11:37.0758 3408 wcncsvc - ok
19:11:37.0830 3408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:11:37.0840 3408 WcsPlugInService - ok
19:11:37.0870 3408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:11:37.0870 3408 Wd - ok
19:11:37.0922 3408 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:11:37.0952 3408 Wdf01000 - ok
19:11:37.0990 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:11:37.0997 3408 WdiServiceHost - ok
19:11:38.0037 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:11:38.0043 3408 WdiSystemHost - ok
19:11:38.0063 3408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:11:38.0073 3408 WebClient - ok
19:11:38.0094 3408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:11:38.0108 3408 Wecsvc - ok
19:11:38.0130 3408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:11:38.0137 3408 wercplsupport - ok
19:11:38.0164 3408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:11:38.0174 3408 WerSvc - ok
19:11:38.0214 3408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:38.0224 3408 WfpLwf - ok
19:11:38.0256 3408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:11:38.0259 3408 WIMMount - ok
19:11:38.0276 3408 WinDefend - ok
19:11:38.0329 3408 WinHttpAutoProxySvc - ok
19:11:38.0377 3408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:11:38.0382 3408 Winmgmt - ok
19:11:38.0468 3408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:11:38.0510 3408 WinRM - ok
19:11:38.0613 3408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:11:38.0616 3408 WinUsb - ok
19:11:38.0655 3408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:11:38.0681 3408 Wlansvc - ok
19:11:38.0762 3408 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:11:38.0762 3408 wlcrasvc - ok
19:11:38.0874 3408 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:38.0924 3408 wlidsvc - ok
19:11:38.0980 3408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:11:38.0982 3408 WmiAcpi - ok
19:11:39.0036 3408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:11:39.0041 3408 wmiApSrv - ok
19:11:39.0074 3408 WMPNetworkSvc - ok
19:11:39.0095 3408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:11:39.0101 3408 WPCSvc - ok
19:11:39.0123 3408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:11:39.0131 3408 WPDBusEnum - ok
19:11:39.0148 3408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:11:39.0151 3408 ws2ifsl - ok
19:11:39.0170 3408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:11:39.0178 3408 wscsvc - ok
19:11:39.0188 3408 WSearch - ok
19:11:39.0286 3408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:11:39.0346 3408 wuauserv - ok
19:11:39.0408 3408 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:11:39.0478 3408 WudfPf - ok
19:11:39.0518 3408 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:39.0518 3408 WUDFRd - ok
19:11:39.0564 3408 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:11:39.0572 3408 wudfsvc - ok
19:11:39.0597 3408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:11:39.0607 3408 WwanSvc - ok
19:11:39.0691 3408 ================ Scan global ===============================
19:11:39.0711 3408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:11:39.0755 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:11:39.0772 3408 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:11:39.0830 3408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:11:39.0882 3408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:11:39.0902 3408 [Global] - ok
19:11:39.0902 3408 ================ Scan MBR ==================================
19:11:39.0912 3408 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
19:11:39.0992 3408 \Device\Harddisk0\DR0 - ok
19:11:39.0996 3408 ================ Scan VBR ==================================
19:11:40.0006 3408 [ B503E589A32D80A0DD6EAF807DFDB8A1 ] \Device\Harddisk0\DR0\Partition1
19:11:40.0008 3408 \Device\Harddisk0\DR0\Partition1 - ok
19:11:40.0020 3408 [ 0413212A10E90186F0593B5000B38309 ] \Device\Harddisk0\DR0\Partition2
19:11:40.0023 3408 \Device\Harddisk0\DR0\Partition2 - ok
19:11:40.0046 3408 [ 056695688656D284A15371AF353DA51C ] \Device\Harddisk0\DR0\Partition3
19:11:40.0049 3408 \Device\Harddisk0\DR0\Partition3 - ok
19:11:40.0050 3408 ============================================================
19:11:40.0050 3408 Scan finished
19:11:40.0050 3408 ============================================================
19:11:40.0086 7536 Detected object count: 1
19:11:40.0086 7536 Actual detected object count: 1
19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:12:48.0095 7536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-22 19:13:34
-----------------------------
19:13:34.753 OS Version: Windows x64 6.1.7601 Service Pack 1
19:13:34.753 Number of processors: 2 586 0x170A
19:13:34.754 ComputerName: ZINGARO-PC UserName: Zingaro
19:13:37.040 Initialize success
19:13:38.385 AVAST engine defs: 12112200
19:14:10.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:14:10.941 Disk 0 Vendor: ST9320421ASG SD13 Size: 305245MB BusType: 11
19:14:11.033 Disk 0 MBR read successfully
19:14:11.043 Disk 0 MBR scan
19:14:11.043 Disk 0 unknown MBR code
19:14:11.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:14:11.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80000 MB offset 208845
19:14:11.073 Disk 0 Partition - 00 05 Extended 225142 MB offset 164050942
19:14:11.093 Disk 0 Partition 3 00 83 Linux 20000 MB offset 164050944
19:14:11.103 Disk 0 Partition - 00 05 Extended 4025 MB offset 616898560
19:14:11.163 Disk 0 scanning C:\Windows\system32\drivers
19:14:26.890 Service scanning
19:14:49.349 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:14:56.911 Modules scanning
19:14:56.931 Disk 0 trace - called modules:
19:14:56.951 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:14:56.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5c0d0]
19:14:56.970 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046f5060]
19:14:56.979 \Driver\atapi[0xfffffa80046a8da0] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0
19:14:57.524 AVAST engine scan C:\Windows
19:15:00.402 AVAST engine scan C:\Windows\system32
19:18:42.751 AVAST engine scan C:\Windows\system32\drivers
19:18:56.849 AVAST engine scan C:\Users\Zingaro
19:19:56.741 Disk 0 MBR has been saved successfully to "A:\Desktop\MBR.dat"
19:19:56.902 The log file has been saved successfully to "A:\Desktop\aswMBR.txt"
-
Hi Gringo,
Sorry about my last post -- no idea why it did that, it looked fine before I posted it.
I appreciate your help so far. After 5 days, I can fairly confidently confirm this problem has disappeared.
I didn't reply because I run a lot of programs so it's not easy for me to reboot unless I absolutely have to. I finally managed some time to do that today and run ComboFix.
However, I noticed that an old problem, unrelated to this one, is back: my computer won't create System Restore points. This happened after I re-enabled UAC.
chris helped me with this issue last July. http://forums.malwarebytes.org/index.php?showtopic=88903
Shall I start a new thread?
Thanks again,
Marc
Here, as you requested, the ComboFix log:
ComboFix 12-11-22.02 - Zingaro 22/11/2012 11:27:55.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4025.2678 [GMT 1:00]
Running from: a:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
a:\documents\Readiris.DUS
c:\programdata\ZeoBIT
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-11-22 10:40 . 2012-11-22 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 07:57 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-17 23:18 . 2012-11-18 00:00 -------- d-----w- c:\users\Zingaro\AppData\Local\SDL
2012-11-17 21:46 . 2012-11-17 21:46 -------- d-----w- c:\programdata\SDL International
2012-11-17 21:46 . 2012-11-17 21:52 -------- d-----w- c:\program files (x86)\Common Files\SDL
2012-11-17 21:45 . 2012-11-17 23:47 -------- d-----w- c:\users\Zingaro\AppData\Roaming\SDL
2012-11-17 21:45 . 2012-11-17 21:57 -------- d-----w- c:\program files (x86)\SDL
2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-11-17 21:43 . 2012-11-17 21:43 -------- d-----w- c:\program files (x86)\Open XML SDK
2012-11-17 21:38 . 2012-11-17 21:58 -------- d-----w- c:\programdata\SDL
2012-11-17 00:46 . 2012-11-17 00:46 -------- d-----w- c:\users\Zingaro\AppData\Roaming\Malwarebytes
2012-11-17 00:45 . 2012-11-17 00:45 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 00:45 . 2012-11-17 00:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-17 00:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\program files (x86)\Macro Scheduler 11
2012-11-16 23:45 . 2012-11-16 23:45 -------- d-----w- c:\windows\Macro Scheduler Pro
2012-11-16 18:09 . 2012-11-16 18:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio .NET 2003
2012-11-16 18:02 . 2012-11-16 18:02 -------- d-----w- C:\oracle
2012-11-16 18:01 . 2012-11-16 18:03 -------- d-----w- c:\program files (x86)\Oracle
2012-11-16 16:26 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-16 16:26 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-16 16:26 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-16 16:26 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-16 16:26 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-16 16:26 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-16 16:26 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-16 16:26 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-16 16:26 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\programdata\AVAST Software
2012-11-16 16:26 . 2012-11-16 16:26 -------- d-----w- c:\program files\AVAST Software
2012-11-16 16:18 . 2012-11-16 16:18 -------- d-----w- C:\Memopal
2012-11-16 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 15:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 15:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 15:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 15:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 15:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 15:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 15:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-11-16 12:28 . 2012-11-16 12:28 -------- d-----w- c:\program files (x86)\TechSmith
2012-11-07 08:50 . 2012-11-07 08:50 -------- d-----w- c:\users\Zingaro\AppData\Roaming\U3
2012-11-05 16:35 . 2012-11-05 16:39 -------- d-----w- C:\RIZDRIVE BACKUP SATURN
2012-10-24 12:43 . 2012-10-24 12:43 -------- d-----w- c:\users\Zingaro\AppData\Local\My Games
2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\programdata\REVOLT
2012-10-24 12:18 . 2012-10-24 12:18 -------- d-----w- c:\program files (x86)\Games
2012-10-24 12:14 . 2012-10-24 12:14 -------- d-----w- c:\programdata\AIT
2012-10-24 12:14 . 2009-04-03 12:19 589824 ----a-w- c:\windows\SysWow64\ac7menu.dll
2012-10-24 12:14 . 2009-04-03 12:19 168448 ----a-w- c:\windows\SysWow64\extarch.dll
2012-10-24 12:14 . 2009-04-03 12:19 40960 ----a-w- c:\windows\SysWow64\ac7grid.dll
2012-10-24 12:14 . 2008-11-05 10:50 30720 ----a-w- c:\windows\SysWow64\AM6tract.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 15:41 . 2011-10-08 14:30 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-20 20:19 . 2012-10-20 20:19 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-19 10:52 . 2012-10-19 10:44 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-10-17 00:31 . 2012-10-17 21:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0598184C-2124-4B7F-B0CB-7F4AC5DDFB35}\mpengine.dll
2012-10-16 08:52 . 2012-04-09 16:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:52 . 2011-10-08 14:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 10:35 . 2012-10-15 10:12 1778 ----a-w- c:\windows\xren.vbs
2012-09-21 08:05 . 2012-05-12 07:26 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-21 08:05 . 2011-10-16 18:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 08:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 08:21 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 08:21 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 08:21 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2011-11-25 16:28 859648 ----a-w- c:\program files\Memopal\ShellExtension\ShellExtension1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2012-01-19 933640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-14 1190920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3CX Phone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480]
Dropbox.lnk - c:\users\Zingaro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-12-13 2447360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Macro Scheduler.lnk - c:\program files (x86)\Macro Scheduler 11\msched.exe [2009-2-16 5618424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ALSysIO;ALSysIO;c:\users\Zingaro\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MacroExpertDirectIo;MacroExpertDirectIo;c:\program files (x86)\grasssoft\mouse recorder\MacroExpertIo.sys [2008-07-04 5120]
R3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\DRIVERS\MAudioMobilePre.sys [2009-09-02 187912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]
R4 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-03-21 341312]
R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [x]
R4 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [2011-10-21 209920]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files (x86)\Kilgray\memoQ40\AUClient.exe [2011-11-08 696320]
S2 Kilgray: memoQ update permissions manager. 9841208.;Kilgray: memoQ update permissions manager. 9841208.;c:\program files (x86)\Kilgray\memoQ60\AUClient.exe [2012-08-27 696320]
S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [2009-03-13 206336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Memopal Crawler;Memopal Crawler;c:\program files\Memopal\MemopalCrawler.exe [2011-11-25 2852120]
S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-08-17 135168]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000Core.job
- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3742645115-2715197863-2469513334-1000UA.job
- c:\users\Zingaro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Zingaro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2011-11-25 16:27 1071616 ----a-w- c:\program files\Memopal\ShellExtensionx64\ShellExtension1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://webmail.inghams.co.uk/exchange/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1 192.168.0.1
FF - ProfilePath - c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\
FF - ExtSQL: 2012-10-25 13:18; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-11-17 22:41; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-20 02:00; support@lastpass.com; c:\users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\fevpbl4o.default-1353331753403\extensions\support@lastpass.com
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{e5b66461-19eb-4da5-bbf7-df2d266d975b} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 979430.]
"ImagePath"="c:\program files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Kilgray: memoQ update permissions manager. 9841208.]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{80BB9C2F-5C80-E3D9-871A-5DA5CA022777}*]
"bbickfogjdkmchldmjfnockpbfcmgcgnpepf"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,
64,6b,69,6a,6c,69,6c,6e,6a,65,00,76
"abcceinjklhmbbjhddjhbjodaajeinhiac"=hex:6b,61,66,6c,6c,67,70,6e,6b,64,70,68,
64,6b,69,6a,6c,69,6c,6e,6a,65,00,76
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):21,99,a5,fc,cd,d0,6a,f7,c2,a8,63,1d,9b,cf,0b,08,b0,79,67,c5,6c,
a3,a7,8a,b6,0e,e8,e6,26,76,b3,12,80,6d,cb,f0,2f,7f,4e,80,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3742645115-2715197863-2469513334-1000_Classes\Wow6432Node\CLSID\{eb19a459-8a6e-4452-ab02-afcd790715fc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000140
"Therad"=dword:00000025
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6f,b5,7b,f9,cc,35,25,c5,2e,a7,92,fe,df,6c,4e,ad,d9,53,64,cd,75,52,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,
51,65,6d,32,57,3c,50,36,cb,8e,0f,1b,06,14,a8,87,41,bb,4c,ab,e4,4b,53,c7,1a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:70,fd,43,68,bf,59,dc,18,a9,2b,94,57,3c,25,4e,9b,42,4e,20,62,81,
51,65,6d,32,57,3c,50,36,cb,8e,0f,c3,38,f0,d7,44,82,fc,08,ab,e4,4b,53,c7,1a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-22 11:44:10
ComboFix-quarantined-files.txt 2012-11-22 10:44
.
Pre-Run: 3,343,519,744 bytes free
Post-Run: 5,908,033,536 bytes free
.
- - End Of File - - FBA5CD2EB1B9ECC02AC233A6CF58538E
-
<p>Ok sure,</p>
<p> </p>
<div>Here are the logs you've asked for, in order. Would you mind confirming which app "fixed" it? Was it roguekiller as I suspected?</div>
<div> </div>
<div> Results of screen317's Security Check version 0.99.54 </div>
<div> Windows 7 Service Pack 1 x64 (UAC is disabled!) </div>
<div> Internet Explorer 9 </div>
<div>``````````````Antivirus/Firewall Check:`````````````` </div>
<div> Windows Firewall Enabled! </div>
<div>avast! Antivirus </div>
<div> Antivirus up to date! </div>
<div>`````````Anti-malware/Other Utilities Check:````````` </div>
<div> Malwarebytes Anti-Malware version 1.65.1.1000 </div>
<div> JavaFX 2.1.1 </div>
<div> Java 6 Update 24 </div>
<div> Java 6 Update 32 </div>
<div> Java 7 Update 7 </div>
<div> Java version out of Date! </div>
<div> Adobe Flash Player 11.4.402.287 </div>
<div> Mozilla Firefox (16.0.2) </div>
<div> Google Chrome 21.0.1180.79 </div>
<div> Google Chrome 21.0.1180.89 </div>
<div> Google Chrome 22.0.1229.79 </div>
<div> Google Chrome 22.0.1229.92 </div>
<div> Google Chrome 22.0.1229.94 </div>
<div> Google Chrome 23.0.1271.64 </div>
<div>````````Process Check: objlist.exe by Laurent```````` </div>
<div> Malwarebytes Anti-Malware mbamservice.exe </div>
<div> Malwarebytes Anti-Malware mbamgui.exe </div>
<div> Malwarebytes' Anti-Malware mbamscheduler.exe </div>
<div> AVAST Software Avast AvastUI.exe </div>
<div> AVAST Software Avast AvastSvc.exe </div>
<div>`````````````````System Health check````````````````` </div>
<div> Total Fragmentation on Drive C: 5% </div>
<div>````````````````````End of Log`````````````````````` </div>
<div> </div>
<div> </div>
<div> </div>
<div># AdwCleaner v2.008 - Logfile created 11/18/2012 at 04:17:57</div>
<div># Updated 17/11/2012 by Xplode</div>
<div># Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)</div>
<div># User : Zingaro - ZINGARO-PC</div>
<div># Boot Mode : Normal</div>
<div># Running from : A:\Downloads\adwcleaner.exe</div>
<div># Option [Delete]</div>
<div> </div>
<div> </div>
<div>***** [services] *****</div>
<div> </div>
<div> </div>
<div>***** [Files / Folders] *****</div>
<div> </div>
<div>File Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\searchplugins\Conduit.xml</div>
<div>Folder Deleted : C:\Program Files (x86)\Conduit</div>
<div>Folder Deleted : C:\Users\Zingaro\AppData\Local\Conduit</div>
<div>Folder Deleted : C:\Users\Zingaro\AppData\Local\TempDir</div>
<div>Folder Deleted : C:\Users\Zingaro\AppData\LocalLow\Conduit</div>
<div>Folder Deleted : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\ConduitCommon</div>
<div> </div>
<div>***** [Registry] *****</div>
<div> </div>
<div>Key Deleted : HKCU\Software\Ask&Record</div>
<div>Key Deleted : HKCU\Software\Conduit</div>
<div>Key Deleted : HKCU\Software\Softonic</div>
<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}</div>
<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933</div>
<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3019965</div>
<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}</div>
<div>Key Deleted : HKLM\Software\Conduit</div>
<div>Key Deleted : HKLM\Software\Freeze.com</div>
<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</div>
<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>
<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}</div>
<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>
<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}</div>
<div> </div>
<div>***** [internet Browsers] *****</div>
<div> </div>
<div>-\\ Internet Explorer v9.0.8112.16421</div>
<div> </div>
<div>[OK] Registry is clean.</div>
<div> </div>
<div>-\\ Mozilla Firefox v16.0.2 (en-US)</div>
<div> </div>
<div>Profile name : default </div>
<div>File : C:\Users\Zingaro\AppData\Roaming\Mozilla\Firefox\Profiles\hzkqaex5.default\prefs.js</div>
<div> </div>
<div>Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=[...]</div>
<div>Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Freecorder Customized Web Search");</div>
<div>Deleted : user_pref("CT1060933.ValidationData_Toolbar", 0);</div>
<div>Deleted : user_pref("CT3019965..clientLogIsEnabled", false);</div>
<div>Deleted : user_pref("CT3019965..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]</div>
<div>Deleted : user_pref("CT3019965..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]</div>
<div>Deleted : user_pref("CT3019965.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</div>
<div>Deleted : user_pref("CT3019965.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</div>
<div>Deleted : user_pref("CT3019965.CTID", "CT3019965");</div>
<div>Deleted : user_pref("CT3019965.CurrentServerDate", "21-2-2012");</div>
<div>Deleted : user_pref("CT3019965.DSInstall", false);</div>
<div>Deleted : user_pref("CT3019965.DialogsAlignMode", "LTR");</div>
<div>Deleted : user_pref("CT3019965.DialogsGetterLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.DownloadReferralCookieData", "");</div>
<div>Deleted : user_pref("CT3019965.FirstServerDate", "21-2-2012");</div>
<div>Deleted : user_pref("CT3019965.FirstTime", true);</div>
<div>Deleted : user_pref("CT3019965.FirstTimeFF3", true);</div>
<div>Deleted : user_pref("CT3019965.FixPageNotFoundErrors", true);</div>
<div>Deleted : user_pref("CT3019965.GroupingServerCheckInterval", 1440);</div>
<div>Deleted : user_pref("CT3019965.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</div>
<div>Deleted : user_pref("CT3019965.HPInstall", false);</div>
<div>Deleted : user_pref("CT3019965.HasUserGlobalKeys", true);</div>
<div>Deleted : user_pref("CT3019965.Initialize", true);</div>
<div>Deleted : user_pref("CT3019965.InitializeCommonPrefs", true);</div>
<div>Deleted : user_pref("CT3019965.InstallationAndCookieDataSentCount", 1);</div>
<div>Deleted : user_pref("CT3019965.InstallationType", "UnknownIntegration");</div>
<div>Deleted : user_pref("CT3019965.InstalledDate", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.InvalidateCache", false);</div>
<div>Deleted : user_pref("CT3019965.IsGrouping", false);</div>
<div>Deleted : user_pref("CT3019965.IsInitSetupIni", true);</div>
<div>Deleted : user_pref("CT3019965.IsMulticommunity", false);</div>
<div>Deleted : user_pref("CT3019965.IsOpenThankYouPage", false);</div>
<div>Deleted : user_pref("CT3019965.IsOpenUninstallPage", false);</div>
<div>Deleted : user_pref("CT3019965.LanguagePackLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.LanguagePackReloadIntervalMM", 1440);</div>
<div>Deleted : user_pref("CT3019965.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]</div>
<div>Deleted : user_pref("CT3019965.LastLogin_3.9.0.3", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.LatestVersion", "3.9.0.3");</div>
<div>Deleted : user_pref("CT3019965.Locale", "en");</div>
<div>Deleted : user_pref("CT3019965.MCDetectTooltipHeight", "83");</div>
<div>Deleted : user_pref("CT3019965.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</div>
<div>Deleted : user_pref("CT3019965.MCDetectTooltipWidth", "295");</div>
<div>Deleted : user_pref("CT3019965.MyStuffEnabledAtInstallation", true);</div>
<div>Deleted : user_pref("CT3019965.OriginalFirstVersion", "3.9.0.3");</div>
<div>Deleted : user_pref("CT3019965.RadioIsPodcast", false);</div>
<div>Deleted : user_pref("CT3019965.RadioLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.RadioLastUpdateIPServer", "3");</div>
<div>Deleted : user_pref("CT3019965.RadioLastUpdateServer", "129553465309070000");</div>
<div>Deleted : user_pref("CT3019965.RadioMediaID", "21917990");</div>
<div>Deleted : user_pref("CT3019965.RadioMediaType", "Media Player");</div>
<div>Deleted : user_pref("CT3019965.RadioMenuSelectedID", "EBRadioMenu_CT301996521917990");</div>
<div>Deleted : user_pref("CT3019965.RadioShrinkedFromSetup", false);</div>
<div>Deleted : user_pref("CT3019965.RadioStationName", "California%20Rock%20-%20Rock");</div>
<div>Deleted : user_pref("CT3019965.RadioStationURL", "hxxp://www.feedlive.net/california.asx");</div>
<div>Deleted : user_pref("CT3019965.SearchCaption", "Free Media Recorder Customized Web Search");</div>
<div>Deleted : user_pref("CT3019965.SearchFromAddressBarIsInit", true);</div>
<div>Deleted : user_pref("CT3019965.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]</div>
<div>Deleted : user_pref("CT3019965.SearchInNewTabEnabled", true);</div>
<div>Deleted : user_pref("CT3019965.SearchInNewTabIntervalMM", 1440);</div>
<div>Deleted : user_pref("CT3019965.SearchInNewTabLastCheckTime", "Tue Feb 21 2012 14:01:39 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]</div>
<div>Deleted : user_pref("CT3019965.SendProtectorDataViaLogin", true);</div>
<div>Deleted : user_pref("CT3019965.ServiceMapLastCheckTime", "Tue Feb 21 2012 14:00:45 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.SettingsLastCheckTime", "Tue Feb 21 2012 14:00:46 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.SettingsLastUpdate", "1326723880");</div>
<div>Deleted : user_pref("CT3019965.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3019965&SearchSource=13");</div>
<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsInterval", 504);</div>
<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastCheck", "Tue Feb 21 2012 14:00:45 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.ThirdPartyComponentsLastUpdate", "1312887586");</div>
<div>Deleted : user_pref("CT3019965.ToolbarShrinkedFromSetup", false);</div>
<div>Deleted : user_pref("CT3019965.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3019965");</div>
<div>Deleted : user_pref("CT3019965.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]</div>
<div>Deleted : user_pref("CT3019965.UserID", "UN99461317577814585");</div>
<div>Deleted : user_pref("CT3019965.ValidationData_Toolbar", 2);</div>
<div>Deleted : user_pref("CT3019965.alertChannelId", "1411551");</div>
<div>Deleted : user_pref("CT3019965.appApproved.129550210578713658", true);</div>
<div>Deleted : user_pref("CT3019965.backendstorage.hxxp://cdn_freemediarecorder_com/toolbar.downloadtype", "6264");</div>
<div>Deleted : user_pref("CT3019965.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]</div>
<div>Deleted : user_pref("CT3019965.globalFirstTimeInfoLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.homepageProtectorEnableByLogin", true);</div>
<div>Deleted : user_pref("CT3019965.initDone", true);</div>
<div>Deleted : user_pref("CT3019965.isAppTrackingManagerOn", true);</div>
<div>Deleted : user_pref("CT3019965.isFirstRadioInstallation", false);</div>
<div>Deleted : user_pref("CT3019965.myStuffEnabled", true);</div>
<div>Deleted : user_pref("CT3019965.myStuffPublihserMinWidth", 400);</div>
<div>Deleted : user_pref("CT3019965.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]</div>
<div>Deleted : user_pref("CT3019965.myStuffServiceIntervalMM", 1440);</div>
<div>Deleted : user_pref("CT3019965.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]</div>
<div>Deleted : user_pref("CT3019965.revertSettingsEnabled", true);</div>
<div>Deleted : user_pref("CT3019965.searchProtectorDialogDelayInSec", 10);</div>
<div>Deleted : user_pref("CT3019965.searchProtectorEnableByLogin", true);</div>
<div>Deleted : user_pref("CT3019965.testingCtid", "");</div>
<div>Deleted : user_pref("CT3019965.toolbarAppMetaDataLastCheckTime", "Tue Feb 21 2012 14:01:36 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.toolbarContextMenuLastCheckTime", "Tue Feb 21 2012 14:01:38 GMT+0100");</div>
<div>Deleted : user_pref("CT3019965.usagesFlag", 2);</div>
<div>Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1060933&Search[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freecorder Customized Web Search");</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3019965/CT3019965[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1411551/1407207/AT", "\"0\"[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3019965", [...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3019965",[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]</div>
<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]</div>
<div>Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Zingaro\\AppData\\Roaming\\Mozilla\[...]</div>
<div>Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");</div>
<div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.freemediarecorder.com/toolbar/video.html"[...]</div>
<div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x2[...]</div>
<div>Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");</div>
<div>Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3019965");</div>
<div>Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3019965");</div>
<div>Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3019965");</div>
<div>Deleted : user_pref("CommunityToolbar.globalUserId", "7763a81b-e744-4d3f-877d-ef80f0a296c2");</div>
<div>Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</div>
<div>Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</div>
<div>Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3019965");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 21 2012 13:50:0[...]</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 21 2012 14:01:37 GMT+010[...]</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 21 2012 13:49:58 GMT+0100");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</div>
<div>Deleted : user_pref("CommunityToolbar.notifications.userId", "681d2f37-ee21-4b30-aa12-86e0a518e71a");</div>
<div>Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");</div>
<div>Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]</div>
<div>Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");</div>
<div>Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]</div>
<div> </div>
<div>-\\ Google Chrome v23.0.1271.64</div>
<div> </div>
<div>File : C:\Users\Zingaro\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>
<div> </div>
<div>[OK] File is clean.</div>
<div> </div>
<div>*************************</div>
<div> </div>
<div>AdwCleaner[R1].txt - [15994 octets] - [18/11/2012 04:16:36]</div>
<div>AdwCleaner[s1].txt - [16129 octets] - [18/11/2012 04:17:57]</div>
<div> </div>
<div>########## EOF - C:\AdwCleaner[s1].txt - [16190 octets] ##########</div>
<div> </div>
<div> </div>
<div> </div>
<div>RogueKiller V8.3.0 [Nov 17 2012] by Tigzy</div>
<div>mail: tigzyRK<at>gmail<dot>com</div>
<div>Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>
<div>Website: http://tigzy.geekstogo.com/roguekiller.php</div>
<div>Blog: http://tigzyrk.blogspot.com</div>
<div> </div>
<div>Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>
<div>Started in : Normal mode</div>
<div>User : Zingaro [Admin rights]</div>
<div>Mode : Remove -- Date : 11/18/2012 04:26:42</div>
<div> </div>
<div>¤¤¤ Bad processes : 0 ¤¤¤</div>
<div> </div>
<div>¤¤¤ Registry Entries : 5 ¤¤¤</div>
<div>[sTARTUP][sUSP PATH] securityfix.exe @Zingaro : C:\Users\Zingaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\securityfix.exe -> DELETED</div>
<div>[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)</div>
<div>[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)</div>
<div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div>
<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>
<div> </div>
<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>
<div> </div>
<div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div>
<div> </div>
<div>¤¤¤ HOSTS File: ¤¤¤</div>
<div>--> C:\Windows\system32\drivers\etc\hosts</div>
<div> </div>
<div>0.0.0.0 localhost </div>
<div>127.0.0.1 www.greenoise.altervisa.com</div>
<div> </div>
<div>¤¤¤ MBR Check: ¤¤¤</div>
<div> </div>
<div>+++++ PhysicalDrive0: ST9320421ASG ATA Device +++++</div>
<div>--- User ---</div>
<div>[MBR] 5686910f4c6546009854e1531587cee3</div>
<div>[bSP] 3507d5d683fc3bd400f597e2dd1dcafe : Linux MBR Code</div>
<div>Partition table:</div>
<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div>
<div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 80000 Mo</div>
<div>2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 164050942 | Size: 225142 Mo</div>
<div>User = LL1 ... OK!</div>
<div>User = LL2 ... OK!</div>
<div> </div>
<div>Finished : << RKreport[2]_D_11182012_02d0426.txt >></div>
<div>RKreport[1]_S_11182012_02d0426.txt ; RKreport[2]_D_11182012_02d0426.txt</div>
-
Dear gringo,
I followed your steps and you fixed it. Not sure which of the three it was that did it, I suspect Roguekiller.
Do you still want me to post the logs?
Marc
-
Dear antivirus knights:
This is a minor problem - actually I've rerouted the site to 127.0.0.1 in my hosts file and created a small "window.close()" javascript so the site closes everytime it's invoked (every 10 minutes or so)... but I still can't figure out what bloody service/process is calling the site to show up in the first place.
I ran avast virus scanner and Malwarebytes full search, nothing was found.
As instructed, here are DDS.txt and Attach.txt.
I eagerly await your instructions/suggestions, and hope this is an easy one!
Thank you,
Marc
-
AMAZING!
Thank you Chris!
Those steps completely solved the problem.
Adobe Acrobat and Flash? I wish I had some inkling of an idea how you could infer this from these logs.
Is there anyway I can donate a small token of my very heartfelt gratitude and appreciation (paypal?) for your generous free help?
Many many thanks!
-Marc
-
Hi screen317,
Thanks for your ongoing help.
The System Restore issue is still present. In addition, something else has creeped up:
I can't update my virus definitions from Microsoft Security Essentials.
I get the following error code:
"Virus and spyware definitions update failed. Security Essentials could not check for virus and spyware definition updates due to an Internet or network connectivity issue. Click Help for more information about this problem."
Error code: 0x800703fa
Error description: Security Essentials couldn't install the definition updates. Please try again later.
When I click help, I see in a popup window:
"http://go.microsoft.com/fwlink/?LinkID=200822&mkt=en-us
Illegal operation attempted on a registry key that has been marked for deletion."
As requested, here's the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=caf2115eb486ea459b5b7f3b4e6c9f61
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-26 07:49:08
# local_time=2011-07-26 12:49:08 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 51106432 51106432 0 0
# compatibility_mode=5893 16776574 100 94 946213 63202006 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=344946
# found=3
# cleaned=3
# scan_time=7991
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\messenger.exe.vir NSIS/TrojanDownloader.Agent.NFN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Zingapuro\AppData\Local\Temp\NODEAD6.tmp a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
And here, screencheck:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.5 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
Thanks again.
Marc
-
Hi,
Sorry for the delay in replying. The situation remains the same: Microsoft Security Essentials is running well - but my System Restore is still messed up. As requested, I tried to post here the MBAM Quick Scan log, followed by the DDS log, followed by the ComboFix log, but the forum complained my post was too long.
So here are just the first two, with the rest attached, I hope that works, please let me know if you need anything else.
Thank you for your kind help.
-Zingaro
mbam-log-2011-07-21 (16-30-32).txt
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7224
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
21/07/2011 16:30:32
mbam-log-2011-07-21 (16-30-32).txt
Scan type: Quick scan
Objects scanned: 193943
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Zingapuro at 19:34:09 on 2011-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2159 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\1455259423D2553425 : DhcpNameServer = 163.178.88.2
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.72.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO-X64: One Hour Translation - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-21 366640]
R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160]
R3 ActivHidSerMini;Promethean Serial Board Driver;C:\Windows\system32\DRIVERS\activhidsermini.sys --> C:\Windows\system32\DRIVERS\activhidsermini.sys [?]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 prmvmouse;Promethean HID Mouse Service;C:\Windows\system32\DRIVERS\activmouse.sys --> C:\Windows\system32\DRIVERS\activmouse.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?]
S3 ACTIVhidmini;Promethean USB Board Driver;C:\Windows\system32\DRIVERS\ACTIVhidmini.sys --> C:\Windows\system32\DRIVERS\ACTIVhidmini.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-07-21 23:02:36 -------- d-----w- C:\$RECYCLE.BIN
2011-07-21 22:40:40 -------- d-----w- C:\Combo-Fix29103C
2011-07-21 22:16:54 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{994AB1F6-2AFD-414C-BC91-BA5A60838AF1}\mpengine.dll
2011-07-19 16:40:12 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2011-07-19 16:40:10 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-07-19 16:40:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-07-19 16:40:10 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-07-19 16:40:10 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-07-19 16:40:10 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-07-19 16:40:10 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-07-19 15:33:02 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Promethean
2011-07-19 15:28:54 -------- d-----w- C:\ProgramData\Promethean
2011-07-19 15:28:23 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\ACTIV Software
2011-07-19 15:28:23 -------- d-----w- C:\Program Files (x86)\Common Files\Activ Software
2011-07-19 15:28:19 -------- d-----w- C:\ProgramData\Activ Software
2011-07-19 15:28:19 -------- d-----w- C:\Program Files\Activ Software
2011-07-14 19:43:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-14 19:43:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-06 20:10:49 -------- d-----w- C:\Program Files (x86)\Prolific
2011-07-06 20:08:56 -------- d-----w- C:\Program Files (x86)\PicoBlocks en Español
2011-07-06 19:04:23 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-06 16:34:20 -------- d-----w- C:\Users\Zingapuro\AppData\Local\FlickrNet
2011-07-06 16:33:37 -------- d-----w- C:\Program Files (x86)\Flickr Downloadr
2011-07-06 15:51:05 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
2011-07-05 20:29:34 -------- d-----w- C:\Users\Zingapuro\AppData\Local\Trusteer
2011-07-05 20:27:49 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-07-05 20:27:42 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Trusteer
2011-07-05 20:27:14 -------- d-----w- C:\Program Files (x86)\Trusteer
2011-07-05 20:26:37 -------- d-----w- C:\ProgramData\Trusteer
2011-07-05 14:25:09 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll
2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe
2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe
2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe
2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix
2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software
2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes
2011-07-05 08:23:33 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview
2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll
2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll
.
==================== Find3M ====================
.
2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe
2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe
.
============= FINISH: 19:34:48.53 ===============
-
Please remove this post - reposted with attachment.
-
Good day,
I've been suffering similar symptoms to this post http://forums.malwar...showtopic=71178
I tried debugging all day yesterday, installed 3 antivirus including Kapernsky and MalwareBytes, tried http://windowsxp.mvp...g/wscsvcfix.htm, but the problem persisted. Finally I found this forum and decided to try ComboFix (forgive me!) and lo-and-behold it seems to have improved the issue. I can currently run 2 of 3 services: Security Center and Microsoft Antimalware Service, but Windows Defender still gives following error:
The Windows Defender Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.
However, more troubling and not mentioned in any of my research, is that I still can't properly run System Restore. I see the correct window flash up for 2 milliseconds and then it's immediately replaced by the window "System Protection is turned off." Of course, my System Restore is turned On.
At this point, in order to seek assistance from you I've followed the instructions on http://forums.malwar...?showtopic=9573
I am very grateful for your time and suggestions and will wait for your instructions before proceeding any further.
Thank you very much.
-Zingaro
(As per instructions, attached Attach.txt and ark.txt and below a copy of DDS.txt)
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Zingapuro at 17:22:50 on 2011-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2553 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\systempropertiesprotection.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1 192.168.0.1
TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.178.1 192.168.0.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.24.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO-X64: One Hour Translation - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 366640]
R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-07-05 14:25:09 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll
2011-07-05 14:17:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FFAFCE4-D2BA-4EDE-8ED9-13A99C748CCC}\mpengine.dll
2011-07-05 12:30:19 -------- d-----w- C:\$RECYCLE.BIN
2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe
2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe
2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe
2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix
2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software
2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes
2011-07-05 08:23:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview
2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll
2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-19 09:35:30 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-07 10:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe
2011-07-05 07:59:43 404560 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe
2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-26 14:32:41 106496 --sha-r- C:\Windows\SysWow64\DWWIND.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-18 11:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 11:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe
.
============= FINISH: 17:23:58.50 ===============
-
Good day,
I've been suffering similar symptoms to this post http://forums.malwarebytes.org/index.php?showtopic=71178
I tried debugging all day yesterday, installed 3 antivirus including Kapernsky and MalwareBytes, tried http://windowsxp.mvps.org/wscsvcfix.htm, but the problem persisted. Finally I found this forum and decided to try ComboFix (forgive me!) and lo-and-behold it seems to have improved the issue. I can currently run 2 of 3 services: "Security Center" and "Microsoft Antimalware Service", but "Windows Defender" still gives following error:
"The Windows Defender Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."
However, more troubling and not mentioned in any of my research, is that I still can't properly run the System Restore. I see the correct window flash up for 2 milliseconds and then it's immediately replaced by "System Protection is turned off." Of course, my System Restore is turned On.
At this point, in order to seek assistance from you I've followed the instructions on http://forums.malwarebytes.org/index.php?showtopic=9573
I am very grateful for your time and suggestions and will wait for your instructions before proceeding any further.
Thank you very much.
-Zingaro
(As per instructions, attached Attach.txt and ark.txt and below a copy of DDS.txt)
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Zingapuro at 17:22:50 on 2011-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2553 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\systempropertiesprotection.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1 192.168.0.1
TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.178.1 192.168.0.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.24.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
BHO-X64: One Hour Translation - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 366640]
R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-07-05 14:25:09 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll
2011-07-05 14:17:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FFAFCE4-D2BA-4EDE-8ED9-13A99C748CCC}\mpengine.dll
2011-07-05 12:30:19 -------- d-----w- C:\$RECYCLE.BIN
2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe
2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe
2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe
2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix
2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software
2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes
2011-07-05 08:23:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview
2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll
2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll
2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-19 09:35:30 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-07 10:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe
2011-07-05 07:59:43 404560 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe
2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-26 14:32:41 106496 --sha-r- C:\Windows\SysWow64\DWWIND.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-18 11:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 11:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe
.
============= FINISH: 17:23:58.50 ===============
I have an HP mini with windows XP on it,I ran the exe fix on it then I ran Malwarebytes, SAS, Eset, AVG, Spybot, TDSSKiller and removed everything it found. However after a reboot the exe issue returns. twice now and all scanns are now clean. any suggestions?
HJT file below
I have an HP mini with windows XP on it,I ran the exe fix on it then I ran Malwarebytes, SAS, Eset, AVG, Spybot, TDSSKiller and removed everything it found. However after a reboot the exe issue returns. twice now and all scanns are now clean. any suggestions?
HJT file below
HJT log did not attach, Sorry about that.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:06:55, on 7/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
D:\exefix_xp.com
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P33 "EPSON Stylus Photo RX600 (Copy 1)" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7880 bytes
Website keeps popping up (greenoise.altervisa.com)
in Resolved Malware Removal Logs
Posted
Hi gringo,
Thanks for all your help - but this seems like a great deal of effort and time for a system that's basically running properly. Like, what's wrong with these Java updates? uTorrent and jzip are applications that I use.
To which I know you'll say, better safe than sorry, but I just don't have the time at the moment to run all these additional tools.
I just checked System Restore, and the Restore points are gone again. *sigh*
As soon as I'm done the project I'm working on, I'll take another look and repost.
Thanks.