Jump to content

Security Center / Defender / System Restore


Recommended Posts

Good day,

I've been suffering similar symptoms to this post http://forums.malwar...showtopic=71178

I tried debugging all day yesterday, installed 3 antivirus including Kapernsky and MalwareBytes, tried http://windowsxp.mvp...g/wscsvcfix.htm, but the problem persisted. Finally I found this forum and decided to try ComboFix (forgive me!) and lo-and-behold it seems to have improved the issue. I can currently run 2 of 3 services: Security Center and Microsoft Antimalware Service, but Windows Defender still gives following error:

The Windows Defender Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.

However, more troubling and not mentioned in any of my research, is that I still can't properly run System Restore. I see the correct window flash up for 2 milliseconds and then it's immediately replaced by the window "System Protection is turned off." Of course, my System Restore is turned On.

At this point, in order to seek assistance from you I've followed the instructions on http://forums.malwar...?showtopic=9573

I am very grateful for your time and suggestions and will wait for your instructions before proceeding any further.

Thank you very much.

-Zingaro

(As per instructions, attached Attach.txt and ark.txt and below a copy of DDS.txt)

Attach.zip

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17

Run by Zingapuro at 17:22:50 on 2011-07-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2553 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\taskmgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbengine.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\systempropertiesprotection.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gmail.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.178.1 192.168.0.1

TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.178.1 192.168.0.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.24.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO-X64: One Hour Translation - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO-X64: Google Gears Helper - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]

R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]

R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]

R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-5 366640]

R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-21 62720]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]

R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]

S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-07-05 14:25:09 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll

2011-07-05 14:17:00 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2FFAFCE4-D2BA-4EDE-8ED9-13A99C748CCC}\mpengine.dll

2011-07-05 12:30:19 -------- d-----w- C:\$RECYCLE.BIN

2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe

2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe

2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe

2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix

2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software

2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes

2011-07-05 08:23:33 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview

2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders

2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll

2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll

2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll

2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-06-19 09:35:30 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-06-07 10:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe

2011-07-05 07:59:43 404560 ----a-w- C:\Program Files (x86)\Drivers_pack_v4.55.63_fix.exe

2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-05-26 14:32:41 106496 --sha-r- C:\Windows\SysWow64\DWWIND.dll

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-18 11:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys

2011-04-18 11:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe

.

============= FINISH: 17:23:58.50 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...

Hi,

Sorry for the delay in replying. The situation remains the same: Microsoft Security Essentials is running well - but my System Restore is still messed up. As requested, I tried to post here the MBAM Quick Scan log, followed by the DDS log, followed by the ComboFix log, but the forum complained my post was too long.

So here are just the first two, with the rest attached, I hope that works, please let me know if you need anything else.

Thank you for your kind help.

-Zingaro

mbam-log-2011-07-21 (16-30-32).txt

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7224

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

21/07/2011 16:30:32

mbam-log-2011-07-21 (16-30-32).txt

Scan type: Quick scan

Objects scanned: 193943

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Zingapuro at 19:34:09 on 2011-07-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2159 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Activ Software\ActivDriver\activmgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Zingapuro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Zingapuro\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gmail.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0358z1m5t58l1w541

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

mURLSearchHooks: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TODOTX~1.LNK - C:\Users\Zingapuro\Desktop\TODO.txt

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{35570651-B370-4780-A305-F8362018FE77} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\1455259423D2553425 : DhcpNameServer = 163.178.88.2

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\2456C6B696E6F5E4B2F5243383536334 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\35D434 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.76.182 68.87.78.134

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\45552524F4E4544545 : DhcpNameServer = 216.230.147.90 216.230.128.32

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\4656661657C647 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{42160496-665F-4829-9138-B3BC9C888FE5}\F457270275962756C6563737 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C6AB3C99-E4C6-4AA2-9510-941203D49A53} : DhcpNameServer = 10.78.72.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

BHO-X64: One Hour Translation - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO-X64: Google Gears Helper - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: One Hour Translation Toolbar: {db6f07a0-0a01-4244-8875-fb88d9e309da} - C:\Program Files (x86)\One_Hour_Translation\prxtbOne_.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\EuWatch.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zingapuro\AppData\Roaming\Mozilla\Firefox\Profiles\o9xeepl7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]

R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]

R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]

R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]

R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-20 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> C:\Program Files (x86)\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-21 366640]

R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160]

R3 ActivHidSerMini;Promethean Serial Board Driver;C:\Windows\system32\DRIVERS\activhidsermini.sys --> C:\Windows\system32\DRIVERS\activhidsermini.sys [?]

R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 prmvmouse;Promethean HID Mouse Service;C:\Windows\system32\DRIVERS\activmouse.sys --> C:\Windows\system32\DRIVERS\activmouse.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 EaseUs Agent;EaseUs Agent;C:\Program Files (x86)\EASEUS\EASEUS Todo Backup 2.0 Beta\bin\Agent.exe [2010-12-16 55176]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]

S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng" --> C:\Program Files (x86)\SDL International\T2007\TT\Lng\Dialogs1031.lng [?]

S3 ACTIVhidmini;Promethean USB Board Driver;C:\Windows\system32\DRIVERS\ACTIVhidmini.sys --> C:\Windows\system32\DRIVERS\ACTIVhidmini.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-17 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-17 8456]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-17 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;WPFFontCache_v0400;C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-07-21 23:02:36 -------- d-----w- C:\$RECYCLE.BIN

2011-07-21 22:40:40 -------- d-----w- C:\Combo-Fix29103C

2011-07-21 22:16:54 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{994AB1F6-2AFD-414C-BC91-BA5A60838AF1}\mpengine.dll

2011-07-19 16:40:12 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2011-07-19 16:40:10 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll

2011-07-19 16:40:10 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2011-07-19 16:40:10 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll

2011-07-19 16:40:10 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2011-07-19 16:40:10 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll

2011-07-19 16:40:10 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2011-07-19 15:33:02 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Promethean

2011-07-19 15:28:54 -------- d-----w- C:\ProgramData\Promethean

2011-07-19 15:28:23 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\ACTIV Software

2011-07-19 15:28:23 -------- d-----w- C:\Program Files (x86)\Common Files\Activ Software

2011-07-19 15:28:19 -------- d-----w- C:\ProgramData\Activ Software

2011-07-19 15:28:19 -------- d-----w- C:\Program Files\Activ Software

2011-07-14 19:43:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-14 19:43:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-06 20:10:49 -------- d-----w- C:\Program Files (x86)\Prolific

2011-07-06 20:08:56 -------- d-----w- C:\Program Files (x86)\PicoBlocks en Español

2011-07-06 19:04:23 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 16:34:20 -------- d-----w- C:\Users\Zingapuro\AppData\Local\FlickrNet

2011-07-06 16:33:37 -------- d-----w- C:\Program Files (x86)\Flickr Downloadr

2011-07-06 15:51:05 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1

2011-07-05 20:29:34 -------- d-----w- C:\Users\Zingapuro\AppData\Local\Trusteer

2011-07-05 20:27:49 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2011-07-05 20:27:42 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Trusteer

2011-07-05 20:27:14 -------- d-----w- C:\Program Files (x86)\Trusteer

2011-07-05 20:26:37 -------- d-----w- C:\ProgramData\Trusteer

2011-07-05 14:25:09 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96210843-600F-451F-8642-C01063E53F06}\gapaengine.dll

2011-07-05 12:06:44 98816 ----a-w- C:\Windows\sed.exe

2011-07-05 12:06:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-07-05 12:06:44 256000 ----a-w- C:\Windows\PEV.exe

2011-07-05 12:06:44 208896 ----a-w- C:\Windows\MBR.exe

2011-07-05 12:05:31 -------- d-----w- C:\Combo-Fix

2011-07-05 11:54:52 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-05 11:54:52 -------- d-----w- C:\Program Files\AVAST Software

2011-07-05 11:19:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-07-05 11:19:23 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-07-05 08:23:37 -------- d-----w- C:\Users\Zingapuro\AppData\Roaming\Malwarebytes

2011-07-05 08:23:33 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-05 08:23:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-05 08:23:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-05 08:23:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-04 16:29:35 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-07-04 15:36:11 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2011-07-04 15:34:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-07-04 13:19:48 -------- d-----w- C:\Windows\System32\SPReview

2011-07-04 13:19:29 -------- d-----w- C:\Windows\System32\EventProviders

2011-07-04 13:19:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-07-04 13:19:13 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-07-04 13:19:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-07-04 13:19:13 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-07-04 13:19:13 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-07-04 10:05:28 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-07-04 10:05:28 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-07-04 10:05:28 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-07-04 10:05:28 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-07-04 10:05:28 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-06-25 10:32:59 2067456 ----a-w- C:\Windows\System32\d3d9.dll

2011-06-25 10:31:59 34304 ----a-w- C:\Windows\SysWow64\msasn1.dll

2011-06-25 10:30:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll

2011-06-25 10:28:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-25 10:28:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-06-25 10:28:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-06-25 10:28:46 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-06-25 10:28:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-06-25 10:28:27 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-06-25 10:28:27 399872 ----a-w- C:\Windows\System32\dpx.dll

.

==================== Find3M ====================

.

2011-07-05 07:59:45 41104 ----a-w- C:\Windows\SysWow64\ehudqyaplp.exe

2011-07-04 13:32:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-04 13:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 13:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2008-01-18 07:56:50 774144 ----a-w- C:\Program Files (x86)\Autostitch.exe

.

============= FINISH: 19:34:48.53 ===============

Attachments.zip

Link to post
Share on other sites

  • Staff

Hi,

Please don't change the size or spacing of your logs.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi screen317,

Thanks for your ongoing help.

The System Restore issue is still present. In addition, something else has creeped up:

I can't update my virus definitions from Microsoft Security Essentials.

I get the following error code:

"Virus and spyware definitions update failed. Security Essentials could not check for virus and spyware definition updates due to an Internet or network connectivity issue. Click Help for more information about this problem."

Error code: 0x800703fa

Error description: Security Essentials couldn't install the definition updates. Please try again later.

When I click help, I see in a popup window:

"http://go.microsoft.com/fwlink/?LinkID=200822&mkt=en-us

Illegal operation attempted on a registry key that has been marked for deletion."

As requested, here's the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=caf2115eb486ea459b5b7f3b4e6c9f61

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-26 07:49:08

# local_time=2011-07-26 12:49:08 (-0800, Pacific Daylight Time)

# country="Canada"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 51106432 51106432 0 0

# compatibility_mode=5893 16776574 100 94 946213 63202006 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=344946

# found=3

# cleaned=3

# scan_time=7991

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\messenger.exe.vir NSIS/TrojanDownloader.Agent.NFN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Zingapuro\AppData\Local\Temp\NODEAD6.tmp a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

And here, screencheck:

Results of screen317's Security Check version 0.99.7

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.1.102.64

Adobe Reader 9.4.5 MUI

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.13)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Thanks again.

Marc

Link to post
Share on other sites

  • Staff

Hi Marc,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Flash Player 10.1.102.64

Adobe Reader 9.4.5 MUI

Restart your computer.

Get the latest version of Adobe Reader and Adobe Flash Player.

Uninstall MSE, reboot, and reinstall it.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

AMAZING!

Thank you Chris!

Those steps completely solved the problem.

Adobe Acrobat and Flash? I wish I had some inkling of an idea how you could infer this from these logs.

Is there anyway I can donate a small token of my very heartfelt gratitude and appreciation (paypal?) for your generous free help?

Many many thanks!

-Marc

Link to post
Share on other sites

  • Staff

Hi Marc,

You're very welcome and your generosity is very much appreciated, but I would much rather you get the PRO version of MBAM, because with it, it's likely that this issue would have been prevented in the first place.

In addition, now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.