Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Zero Access infection help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Zero Access infection help

Unread postby Joaquin » August 22nd, 2012, 7:24 pm

Hello, thanks in advance.

I have been having this problem for over a month now. Computer (win7 64) goes unresponsive after login, the HDD led keeps glowing,
services start to fail, and after each boot it only gets worse, then recovery points get corrupted, and finally the MBR gets corrupted too.

The first time it happened I thought it was a drivers issue, when trying to boot from safe mode the laptop would hang at "classpnp.sys"

I did a wipe and load, reinstalled everything and about two weeks later the same thing happened I had made a system image so I loaded that up and it had been going fine two days ago also I ran chkdsk and western digital's diag tool it all came out fine.

This time I ran hijackthis and it said "for some reason your system has denied write access to the Host file", which was located at
c:\windows\sytem32\drivers\etc\hosts.

Laptop was crawling at this time so I deleted the file. I also got a warning from win7 saying a recently installed program was trying or had installed an unsigned driver "vwifimp.sys"


I then out looked online and read about gmer I ran it, scanned about 3 times it found nothing, the fourth it said "WARNING!!! Gmer has found
system modification caused by ROOTKIT activity."

and the line "service C:Windows\servicing\TrustedInstaller.exe(***hidden***)" was marked red. I tried disabling it but gmer crashed. I used Linux live to delete this file.

After that I got another notification of a recently installed program trying to install an unsigned driver, it was "bridge.sys"
I think I didn't write that one down.

I ran Combofix yesterday night. I know I should only run it when asked but I didn't know what else to do, my laptop was getting increasingly bad. It deleted a file "setup.exe" on one of my external drives and saved a log, after that I used Eset's "ServicesRepair.exe", my laptop is at least working now, but it freezes sometimes.

Thank you very much, I hope I haven't messed up by running those tools without assistance please understand I had to do something last couple of times it went very bad in a very short time.
Joaquin.

Here are the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Joaqo at 8:41:16 on 2012-08-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7863.6027 [GMT 10:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Joaqo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\mmc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
StartupFolder: C:\Users\Joaqo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joaqo\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{F65040E9-B57E-45E5-A434-0B414F03B4F6} : DhcpNameServer = 10.1.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joaqo\AppData\Roaming\Mozilla\Firefox\Profiles\w0u15uw5.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\Joaqo\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Joaqo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joaqo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-6-22 321104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-3 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-16 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-17 2673064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-3 2320920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfswin7.sys --> C:\Windows\system32\DRIVERS\Sftfswin7.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaywin7.sys --> C:\Windows\system32\DRIVERS\Sftplaywin7.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirwin7.sys --> C:\Windows\system32\DRIVERS\Sftredirwin7.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvolwin7.sys --> C:\Windows\system32\DRIVERS\Sftvolwin7.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-8 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-3 250568]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-4-5 4925184]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-7-10 151104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-22 13:46:00 -------- d-----w- C:\$RECYCLE.BIN
2012-08-22 02:54:10 98816 ----a-w- C:\Windows\sed.exe
2012-08-22 02:54:10 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-22 02:54:10 256000 ----a-w- C:\Windows\PEV.exe
2012-08-22 02:54:10 208896 ----a-w- C:\Windows\MBR.exe
2012-08-21 23:24:53 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-21 23:24:52 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-21 23:24:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-21 21:59:02 73728 ----a-r- C:\Users\Joaqo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 21:59:02 73728 ----a-r- C:\Users\Joaqo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 21:59:02 73728 ----a-r- C:\Users\Joaqo\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-21 21:58:55 -------- d-----w- C:\Program Files (x86)\Sophos
2012-08-21 12:49:10 -------- d-----w- C:\$WINDOWS.~BT
2012-08-21 05:43:08 -------- d-----w- C:\Users\Joaqo\AppData\Local\ESET
2012-08-20 09:55:31 -------- d-----w- C:\Users\Joaqo\AppData\Local\ElevatedDiagnostics
2012-08-20 09:40:23 -------- d-----w- C:\Program Files\Common Files\EPSON
2012-08-20 09:38:56 -------- d-----w- C:\Users\Joaqo\AppData\Local\ABBYY
2012-08-20 09:38:44 -------- d-----w- C:\ProgramData\ABBYY
2012-08-20 09:38:44 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2012-08-20 09:38:44 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2012-08-20 09:35:32 -------- d-----w- C:\ProgramData\UDL
2012-08-20 09:33:52 -------- d-----w- C:\Program Files\Epson Software
2012-08-20 09:32:23 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-08-20 09:31:16 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2012-08-20 09:31:07 118784 ----a-w- C:\Windows\System32\E_ILMHJP.DLL
2012-08-20 09:31:02 88064 ----a-w- C:\Windows\System32\E_IBCBHJP.DLL
2012-08-20 09:30:46 -------- d-----w- C:\ProgramData\EPSON
2012-08-20 09:30:33 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2012-08-20 09:30:33 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2012-08-20 09:30:33 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2012-08-20 09:30:31 -------- d-----w- C:\Program Files (x86)\epson
2012-08-20 05:47:41 281088 ----a-w- C:\Program Files (x86)\Microsoft Games\Pinball\pinball.exe
2012-08-20 05:47:40 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-08-18 01:29:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{522FBEB7-0C39-488A-AEDF-5AA2053781CF}\mpengine.dll
2012-08-17 08:12:02 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\TeamViewer
2012-08-17 08:11:24 -------- d-----w- C:\Users\Joaqo\temp
2012-08-17 08:11:19 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-08-17 05:34:43 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\PeerNetworking
2012-08-16 23:35:35 -------- d-----w- C:\Users\Joaqo\AppData\Local\Diagnostics
2012-08-16 12:57:31 -------- d-----w- C:\Users\Joaqo\Cisco Packet Tracer 5.3.3
2012-08-16 12:56:37 -------- d-----w- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2012-08-16 10:19:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-16 10:19:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-16 06:40:05 -------- d-----w- C:\Users\Joaqo\AppData\Local\Adobe
2012-08-16 06:05:21 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-08-16 03:16:29 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-08-16 02:28:04 -------- d-----w- C:\ProgramData\boost_interprocess
2012-08-16 00:38:03 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-08-16 00:38:03 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-08-16 00:38:02 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-08-16 00:37:45 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\TuneUp Software
2012-08-16 00:37:33 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-08-16 00:37:13 -------- d-----w- C:\ProgramData\TuneUp Software
2012-08-16 00:37:08 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-16 00:37:08 -------- d--h--w- C:\ProgramData\Common Files
2012-08-15 23:43:10 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\Malwarebytes
2012-08-15 23:43:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-15 23:43:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-15 23:43:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 23:19:01 -------- d-----w- C:\Windows\pss
2012-08-15 22:55:42 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-15 05:08:35 -------- d-----w- C:\ProgramData\Sophos
2012-08-15 04:56:32 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-08-15 04:35:12 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 04:35:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 04:35:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 04:35:12 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 04:35:12 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 04:35:11 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 04:35:11 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 04:35:11 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 04:35:11 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 04:35:10 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 04:35:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-03 23:14:57 -------- d-----w- C:\Windows\Panther
2012-08-03 23:14:42 -------- d-----w- C:\Boot
2012-08-03 13:50:59 -------- d-----w- C:\Program Files (x86)\Common Files\Pinnacle
2012-08-03 13:50:44 -------- d-----w- C:\Users\Joaqo\AppData\Local\Downloaded Installations
2012-08-03 13:50:26 -------- d-----w- C:\Users\Joaqo\AppData\Local\Pinnacle
2012-08-03 13:50:03 -------- d-----w- C:\ProgramData\Pinnacle Studio Ultimate Collection
2012-08-03 13:45:34 -------- d-----w- C:\Program Files (x86)\Common Files\Pegasus Imaging
2012-08-03 13:45:33 -------- d-----w- C:\ProgramData\Studio 15
2012-08-03 13:45:33 -------- d-----w- C:\ProgramData\Pinnacle Studio Plus
2012-08-03 13:45:33 -------- d-----w- C:\Program Files (x86)\Common Files\Yahoo!
2012-08-03 13:09:40 -------- d-----w- C:\Users\Joaqo\AppData\Local\Microsoft Help
2012-08-03 12:51:51 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-03 10:28:32 -------- d-----w- C:\Program Files (x86)\Pinnacle
2012-08-03 10:13:06 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-03 10:13:06 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-03 07:54:27 -------- d-----r- C:\Users\Joaqo\Dropbox
2012-08-03 07:51:26 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\Dropbox
2012-08-03 07:47:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-03 07:46:50 -------- d-----w- C:\Users\Joaqo\AppData\Local\SoftGrid Client
2012-08-03 07:46:49 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\SoftGrid Client
2012-08-03 07:45:15 -------- d-----w- C:\Windows\PCHEALTH
2012-08-03 07:45:15 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-03 07:44:11 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\TP
2012-08-03 07:20:22 -------- d-----w- C:\Users\Joaqo\AppData\Local\Macromedia
2012-08-03 07:17:25 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-03 07:17:24 -------- d-----w- C:\Windows\System32\Wat
2012-08-03 07:17:03 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-08-03 07:17:02 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-08-03 07:17:02 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-08-03 06:57:47 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-03 06:52:57 -------- d-----w- C:\Users\Joaqo\AppData\Local\Google
2012-08-03 06:51:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-03 06:51:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-03 06:51:26 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-03 06:51:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-03 06:51:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-03 06:51:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-03 06:51:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-03 06:48:43 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2012-08-03 06:47:30 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-08-03 06:46:58 77312 ----a-w- C:\Windows\System32\packager.dll
2012-08-03 06:45:29 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-08-03 06:29:57 -------- d-----w- C:\Program Files\ESET
2012-08-03 06:15:23 -------- d--h--w- C:\Windows\msdownld.tmp
2012-08-03 06:09:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-03 06:09:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-03 06:09:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-03 06:08:05 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 06:08:05 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:06:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-03 06:06:31 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-03 06:06:22 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-03 06:06:22 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-03 05:56:26 -------- d-----w- C:\Users\Joaqo\AppData\Roaming\Intel Corporation
2012-08-03 05:53:30 214400 ----a-w- C:\Windows\SysWow64\Snpropwp.dll
2012-08-03 05:53:30 206208 ----a-w- C:\Windows\PLFSetI.exe
2012-08-03 05:53:27 113264 ----a-w- C:\Windows\FixUVC.exe
2012-08-03 05:53:27 -------- d-----w- C:\Program Files (x86)\Acer
2012-08-03 05:52:05 -------- d-----w- C:\Program Files\Synaptics
2012-08-03 05:52:02 301104 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-08-03 05:52:02 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-08-03 05:52:02 207144 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-08-03 05:52:02 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-08-03 05:52:02 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-08-03 05:52:02 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-08-03 05:52:02 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-08-03 05:52:02 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-08-03 05:49:00 -------- d-----w- C:\Program Files (x86)\Launch Manager
2012-08-03 05:48:15 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-03 05:47:40 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-08-03 05:47:40 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-08-03 05:47:40 4171328 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-08-03 05:47:40 3896632 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-08-03 05:47:40 3561272 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-08-03 05:45:59 335192 ----a-w- C:\Windows\System32\MaxxAudioAPO30.dll
2012-08-03 05:44:46 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-08-03 05:44:46 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-08-03 05:44:46 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2125.dll
2012-08-03 05:44:46 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-08-03 05:44:46 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-08-03 05:42:04 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-08-03 05:41:37 422504 ----a-w- C:\Windows\System32\RtsUStor.dll
2012-08-03 05:41:27 246376 ----a-r- C:\Windows\System32\drivers\RtsUStor.sys
2012-08-03 05:41:25 9112168 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll
2012-08-03 05:41:24 -------- d-----w- C:\Program Files (x86)\Realtek
2012-08-03 05:40:15 -------- d-----w- C:\Program Files\Broadcom
2012-08-03 05:39:45 -------- d-sh--w- C:\Windows\Installer
2012-08-03 05:39:03 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-08-03 05:37:43 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-08-03 05:36:54 -------- d-----w- C:\Intel
2012-08-03 05:32:04 -------- d-----w- C:\Users\Joaqo\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-27 21:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll
.
============= FINISH: 8:42:38.49 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2012 3:31:56 PM
System Uptime: 8/23/2012 7:48:18 AM (1 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 1847/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 269.94 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (FAT32) - 466 GiB total, 71.37 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 349.194 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 8/23/2012 12:09:59 AM - Windows Update
RP44: 8/23/2012 8:16:48 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam Ver:1.1.191.726
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Packet Tracer 5.3.3
Cisco PEAP Module
Dropbox
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 6
Java Auto Updater
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pinnacle Studio 15
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.10
Sophos Virus Removal Tool
Spybot - Search & Destroy
TeamViewer 7
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User's Guide EPSON NX130 TX130 Series
VLC media player 2.0.3
.
==== Event Viewer Messages From Past Week ========
.
8/23/2012 8:32:15 AM, Error: Service Control Manager [7000] - The TrustedInstaller service failed to start due to the following error: The system cannot find the file specified.
8/23/2012 8:32:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/22/2012 9:07:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/22/2012 7:23:41 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The request could not be performed because of an I/O device error.
8/22/2012 7:23:36 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 7:23:34 PM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The request could not be performed because of an I/O device error.
8/22/2012 7:23:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
8/22/2012 7:23:18 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 7:18:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/22/2012 6:54:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SophosVirusRemovalTool service.
8/22/2012 12:54:20 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
8/22/2012 12:13:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 12:13:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 12:12:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 12:12:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 12:12:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
8/22/2012 12:11:59 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/22/2012 12:11:59 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/22/2012 12:11:59 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/22/2012 12:11:59 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/22/2012 12:11:36 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/22/2012 11:47:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/22/2012 11:46:47 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/22/2012 11:45:35 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/22/2012 11:43:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/22/2012 11:35:09 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/22/2012 11:30:47 AM, Error: Application Popup [1060] - \??\C:\Users\Joaqo\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/22/2012 11:14:25 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023436
8/22/2012 11:09:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/22/2012 11:09:00 PM, Error: Service Control Manager [7023] - The SENS service terminated with the following error: The request could not be performed because of an I/O device error.
8/22/2012 10:54:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
8/22/2012 10:47:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/22/2012 1:17:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
8/22/2012 1:17:02 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 1:17:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007041d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/22/2012 1:14:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
8/22/2012 1:14:41 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 1:13:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dritek WMI Service service to connect.
8/22/2012 1:13:01 PM, Error: Service Control Manager [7000] - The Dritek WMI Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 1:06:02 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/21/2012 11:50:45 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 11:50:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.
8/21/2012 11:23:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/21/2012 11:22:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EPSON V5 Service4(04) service to connect.
8/21/2012 11:22:51 AM, Error: Service Control Manager [7000] - The EPSON V5 Service4(04) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:45 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/21/2012 10:23:10 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:23:10 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/21/2012 10:23:10 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/21/2012 10:23:10 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 10:21:16 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/21/2012 1:29:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
8/21/2012 1:29:29 PM, Error: Service Control Manager [7022] - The SENS service hung on starting.
8/19/2012 9:38:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
8/16/2012 4:02:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:02:14 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:02:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2012 4:02:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2012 4:02:07 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
8/16/2012 4:02:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2012 4:01:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2012 4:01:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv spldr Wanarpv6
8/16/2012 4:01:48 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
Joaquin
Active Member
 
Posts: 4
Joined: August 22nd, 2012, 6:51 pm
Advertisement
Register to Remove

Re: Possible Zero Access infection help

Unread postby deltalima » August 25th, 2012, 4:27 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Possible Zero Access infection help

Unread postby deltalima » August 25th, 2012, 4:36 pm

Hi Joaquin,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

C:Windows\servicing\TrustedInstaller.exe(***hidden***)" was marked red. I tried disabling it but gmer crashed. I used Linux live to delete this file.


Did you make a copy of this file before you deleted it? If not do you have access to another Windows 7 computer that you could copy the file from?

I ran Combofix


Please post the log from Combofix, it should be located at C:\ComboFix.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Possible Zero Access infection help

Unread postby Joaquin » August 26th, 2012, 1:21 am

Hi, thanks.

Here is Combofix's log:


ComboFix 12-08-22.01 - Joaqo 08/22/2012 23:21:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7863.6533 [GMT 10:00]
Running from: c:\users\Joaqo\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 13:43 . 2012-08-22 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 08:30 . 2012-08-22 08:30 -------- d-----w- c:\programdata\McAfee
2012-08-21 23:25 . 2012-08-21 23:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-21 23:24 . 2012-08-21 23:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 23:23 . 2012-08-21 23:23 -------- d-----w- c:\program files (x86)\Java
2012-08-21 21:58 . 2012-08-21 21:58 -------- d-----w- c:\program files (x86)\Sophos
2012-08-21 12:49 . 2012-08-21 12:49 -------- d-----w- C:\$WINDOWS.~BT
2012-08-20 09:40 . 2012-08-20 09:40 -------- d-----w- c:\program files\Common Files\EPSON
2012-08-20 09:38 . 2012-08-20 09:39 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2012-08-20 09:38 . 2012-08-20 09:38 -------- d-----w- c:\programdata\ABBYY
2012-08-20 09:38 . 2012-08-20 09:38 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2012-08-20 09:35 . 2012-08-20 09:35 -------- d-----w- c:\programdata\UDL
2012-08-20 09:33 . 2012-08-20 09:33 -------- d-----w- c:\program files\Epson Software
2012-08-20 09:32 . 2012-08-20 09:34 -------- d-----w- c:\program files (x86)\Epson Software
2012-08-20 09:31 . 2007-04-10 02:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2012-08-20 09:31 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHJP.DLL
2012-08-20 09:31 . 2009-10-01 04:01 88064 ----a-w- c:\windows\system32\E_IBCBHJP.DLL
2012-08-20 09:30 . 2012-08-20 09:40 -------- d-----w- c:\programdata\EPSON
2012-08-20 09:30 . 2011-08-09 14:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-08-20 09:30 . 2009-10-15 14:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-08-20 09:30 . 2009-10-15 14:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-08-20 09:30 . 2012-08-20 09:32 -------- d-----w- c:\program files (x86)\epson
2012-08-20 05:47 . 2012-08-20 05:47 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-18 01:29 . 2012-07-15 16:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{522FBEB7-0C39-488A-AEDF-5AA2053781CF}\mpengine.dll
2012-08-17 08:11 . 2012-08-17 08:11 -------- d-----w- c:\program files (x86)\TeamViewer
2012-08-16 12:56 . 2012-08-16 12:57 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3.3
2012-08-16 10:19 . 2012-08-21 02:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-16 10:19 . 2012-08-16 11:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-16 06:05 . 2012-08-22 00:18 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-08-16 03:16 . 2012-08-21 23:52 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-16 02:28 . 2012-08-16 02:28 -------- d-----w- c:\programdata\boost_interprocess
2012-08-16 00:38 . 2012-05-29 10:46 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-16 00:38 . 2012-05-29 10:46 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-08-16 00:38 . 2012-05-29 10:46 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-08-16 00:37 . 2012-08-16 00:38 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-08-16 00:37 . 2012-08-16 00:38 -------- d-----w- c:\programdata\TuneUp Software
2012-08-16 00:37 . 2012-08-16 00:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-16 00:37 . 2012-08-16 00:37 -------- d--h--w- c:\programdata\Common Files
2012-08-16 00:26 . 2012-08-16 00:26 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-16 00:26 . 2012-08-16 00:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-08-15 23:43 . 2012-08-15 23:43 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 23:43 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 23:43 . 2012-08-15 23:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 23:00 . 2012-08-15 23:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----r- c:\program files (x86)\Skype
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----w- c:\programdata\Skype
2012-08-15 05:08 . 2012-08-15 05:08 -------- d-----w- c:\programdata\Sophos
2012-08-15 04:56 . 2012-08-15 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-15 04:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 04:35 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 04:35 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 04:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 04:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 04:35 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 04:35 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 04:35 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 04:35 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 04:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-03 23:14 . 2012-08-03 05:31 -------- d-----w- c:\windows\Panther
2012-08-03 23:14 . 2012-08-03 23:14 -------- d-----w- C:\Boot
2012-08-03 13:50 . 2012-08-03 13:50 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-08-03 13:50 . 2012-08-03 13:50 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\programdata\Studio 15
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-08-03 13:09 . 2012-08-03 13:09 -------- d-----w- c:\programdata\Microsoft Help
2012-08-03 12:51 . 2012-08-03 12:51 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-03 11:35 . 2012-08-03 11:35 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-03 10:28 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Pinnacle
2012-08-03 10:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-03 08:28 . 2012-08-03 13:49 -------- d-----w- c:\programdata\Pinnacle
2012-08-03 07:51 . 2012-08-03 07:51 -------- d-----r- C:\MSOCache
2012-08-03 07:47 . 2012-08-03 07:47 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\windows\PCHEALTH
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\program files\Microsoft Office
2012-08-03 07:17 . 2012-08-03 07:17 -------- d-----w- c:\windows\system32\Wat
2012-08-03 07:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-03 07:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-03 07:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-03 06:53 . 2012-08-15 04:38 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-03 06:51 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-03 06:51 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-03 06:51 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-03 06:51 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-03 06:48 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-08-03 06:47 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-03 06:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-03 06:46 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-03 06:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-03 06:46 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-03 06:46 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-08-03 06:46 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-08-03 06:46 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-08-03 06:46 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-03 06:46 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-08-03 06:46 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-03 06:46 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-03 06:46 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-08-03 06:36 . 2012-08-03 06:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\ESET
2012-08-03 06:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-03 06:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-03 06:07 . 2012-08-03 06:07 -------- d-----w- c:\windows\system32\Macromed
2012-08-03 06:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-03 06:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-03 06:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-03 06:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-03 06:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-03 06:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-03 06:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-03 06:06 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-03 06:06 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-03 05:53 . 2012-08-03 05:52 206208 ----a-w- c:\windows\PLFSetI.exe
2012-08-03 05:53 . 2012-08-03 05:53 -------- d-----w- c:\program files (x86)\Acer
2012-08-03 05:53 . 2009-12-16 05:13 113264 ----a-w- c:\windows\FixUVC.exe
2012-08-03 05:52 . 2012-08-03 05:52 -------- d-----w- c:\program files\Synaptics
2012-08-03 05:52 . 2009-12-10 11:25 301104 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-03 05:52 . 2009-12-10 11:20 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-08-03 05:52 . 2009-12-10 11:20 207144 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-03 05:52 . 2009-12-10 11:20 263464 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-03 05:52 . 2009-08-07 01:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-03 05:49 . 2012-08-03 05:49 -------- d-----w- c:\program files (x86)\Launch Manager
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 08:30 . 2012-08-03 06:08 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 08:30 . 2012-08-03 06:08 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 23:23 . 2012-08-21 23:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-21 23:23 . 2012-08-21 23:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-03 06:16 . 2012-08-03 06:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-03 06:16 . 2012-08-03 06:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-03 06:16 . 2012-08-03 06:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-03 06:16 . 2012-08-03 06:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-03 06:16 . 2012-08-03 06:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-03 06:16 . 2012-08-03 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-03 06:16 . 2012-08-03 06:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-03 06:16 . 2012-08-03 06:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-03 06:16 . 2012-08-03 06:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-03 06:16 . 2012-08-03 06:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-03 06:16 . 2012-08-03 06:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-03 06:16 . 2012-08-03 06:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-03 06:16 . 2012-08-03 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-03 06:16 . 2012-08-03 06:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-03 06:16 . 2012-08-03 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-29 00:16 . 2012-08-15 04:47 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 04:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 04:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 04:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 04:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-06 05:05 . 2012-08-03 06:48 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-08-03 06:48 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 04:40 . 2012-08-03 06:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-08-03 06:49 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-08-03 06:49 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-08-03 06:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 02:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 21:09 . 2012-05-27 21:09 2168416 ----a-w- c:\windows\system32\coin91.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-22_09.27.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-22 13:47 35638 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-22 13:47 30680 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-08-03 05:56 . 2012-08-22 13:47 7800 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2035898695-4148018346-2578295245-1000_UserData.bin
- 2012-08-22 09:20 . 2012-08-22 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-22 13:45 . 2012-08-22 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-22 09:20 . 2012-08-22 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-22 13:45 . 2012-08-22 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 11:39 . 2012-08-22 12:25 223858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-08-22 09:18 262064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-22 13:43 262064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-03 06:37 . 2012-08-22 13:43 12645934 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2035898695-4148018346-2578295245-1000-8192.dat
- 2012-08-03 06:37 . 2012-08-22 09:18 12645934 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2035898695-4148018346-2578295245-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-12 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328]
.
c:\users\Joaqo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joaqo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-04-05 4925184]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-07-10 151104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-03 1255736]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-13 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-12 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-09-30 765288]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-08-03 206208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Joaqo\AppData\Roaming\Mozilla\Firefox\Profiles\w0u15uw5.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2012-08-22 23:54:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 13:54
ComboFix2.txt 2012-08-22 09:35
.
Pre-Run: 289,913,057,280 bytes free
Post-Run: 290,408,177,664 bytes free
.
- - End Of File - - 844AB259643F650F4F3EAC07B23CAFA5
Joaquin
Active Member
 
Posts: 4
Joined: August 22nd, 2012, 6:51 pm

Re: Possible Zero Access infection help

Unread postby Joaquin » August 26th, 2012, 2:12 am

Hello Deltalima and thanks again, I just copied trustedinstaller.exe back. I got it from the win7 dvd using 7zip. Again I used Linux to copy it back since windows didn't let me copy files to that folder. When I restarted win7 it took about two minutes to show the desktop after I logged in, other than the system looks ok although it is a bit sluggish sometimes and firefox has some moments when it goes unresponsive.
Joaquin
Active Member
 
Posts: 4
Joined: August 22nd, 2012, 6:51 pm

Re: Possible Zero Access infection help

Unread postby deltalima » August 26th, 2012, 8:48 am

Hi Joaquin,

I need to see the Combofix log from the run that removed the file setup.exe

Please post the contents of the following files

ComboFix-quarantined-files.txt
ComboFix1.txt
ComboFix2.txt


These are located in the folder C:\Qoobox\
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Possible Zero Access infection help

Unread postby Joaquin » August 26th, 2012, 5:30 pm

Hi Deltalima,

I couldn't find ComboFix1.txt, now I remember I thought it had gone unresponsive because it didn't do anything for five minutes or so, so I closed it (I'm sorry). So any way here is ComboFix-quarantined-files.txt and ComboFix2.txt I hope it is still useful to you.




ComboFix-quarantined-files.txt:

2012-08-22 09:34:52 . 2012-08-22 09:34:52 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2012-08-22 09:34:38 . 2012-08-22 09:34:38 141 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES.reg.dat
2012-08-22 03:15:33 . 2008-11-13 02:30:24 319,488 ----a-w- C:\Qoobox\Quarantine\F\setup.exe.vir
2012-08-22 03:00:45 . 2012-08-22 13:31:10 5,883 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-22 02:54:09 . 2012-08-22 13:19:12 153 ----a-w- C:\Qoobox\Quarantine\catchme.log



ComboFix2.txt:

ComboFix 12-08-22.01 - Joaqo 08/22/2012 19:02:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7863.6056 [GMT 10:00]
Running from: c:\users\Joaqo\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 09:18 . 2012-08-22 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 08:30 . 2012-08-22 08:30 -------- d-----w- c:\programdata\McAfee
2012-08-21 23:25 . 2012-08-21 23:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-21 23:24 . 2012-08-21 23:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 23:24 . 2012-08-21 23:23 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-21 23:24 . 2012-08-21 23:23 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-21 23:23 . 2012-08-21 23:23 -------- d-----w- c:\program files (x86)\Java
2012-08-21 21:58 . 2012-08-21 21:58 -------- d-----w- c:\program files (x86)\Sophos
2012-08-21 12:49 . 2012-08-21 12:49 -------- d-----w- C:\$WINDOWS.~BT
2012-08-20 09:40 . 2012-08-20 09:40 -------- d-----w- c:\program files\Common Files\EPSON
2012-08-20 09:38 . 2012-08-20 09:39 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2012-08-20 09:38 . 2012-08-20 09:38 -------- d-----w- c:\programdata\ABBYY
2012-08-20 09:38 . 2012-08-20 09:38 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2012-08-20 09:35 . 2012-08-20 09:35 -------- d-----w- c:\programdata\UDL
2012-08-20 09:33 . 2012-08-20 09:33 -------- d-----w- c:\program files\Epson Software
2012-08-20 09:32 . 2012-08-20 09:34 -------- d-----w- c:\program files (x86)\Epson Software
2012-08-20 09:31 . 2007-04-10 02:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2012-08-20 09:31 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHJP.DLL
2012-08-20 09:31 . 2009-10-01 04:01 88064 ----a-w- c:\windows\system32\E_IBCBHJP.DLL
2012-08-20 09:30 . 2012-08-20 09:40 -------- d-----w- c:\programdata\EPSON
2012-08-20 09:30 . 2011-08-09 14:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-08-20 09:30 . 2009-10-15 14:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-08-20 09:30 . 2009-10-15 14:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-08-20 09:30 . 2012-08-20 09:32 -------- d-----w- c:\program files (x86)\epson
2012-08-20 05:47 . 2012-08-20 05:47 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-18 01:29 . 2012-07-15 16:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{522FBEB7-0C39-488A-AEDF-5AA2053781CF}\mpengine.dll
2012-08-17 08:11 . 2012-08-17 08:11 -------- d-----w- c:\program files (x86)\TeamViewer
2012-08-16 12:56 . 2012-08-16 12:57 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3.3
2012-08-16 10:19 . 2012-08-21 02:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-16 10:19 . 2012-08-16 11:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-16 06:05 . 2012-08-22 00:18 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-08-16 03:16 . 2012-08-21 23:52 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-16 02:28 . 2012-08-16 02:28 -------- d-----w- c:\programdata\boost_interprocess
2012-08-16 00:38 . 2012-05-29 10:46 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-16 00:38 . 2012-05-29 10:46 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-08-16 00:38 . 2012-05-29 10:46 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-08-16 00:37 . 2012-08-16 00:38 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-08-16 00:37 . 2012-08-16 00:38 -------- d-----w- c:\programdata\TuneUp Software
2012-08-16 00:37 . 2012-08-16 00:37 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-16 00:37 . 2012-08-16 00:37 -------- d--h--w- c:\programdata\Common Files
2012-08-16 00:26 . 2012-08-16 00:26 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-16 00:26 . 2012-08-16 00:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-08-15 23:43 . 2012-08-15 23:43 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 23:43 . 2012-07-03 03:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 23:43 . 2012-08-15 23:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 23:00 . 2012-08-15 23:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----r- c:\program files (x86)\Skype
2012-08-15 22:55 . 2012-08-15 22:55 -------- d-----w- c:\programdata\Skype
2012-08-15 05:08 . 2012-08-15 05:08 -------- d-----w- c:\programdata\Sophos
2012-08-15 04:56 . 2012-08-15 04:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-15 04:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 04:35 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 04:35 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 04:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 04:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 04:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 04:35 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 04:35 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 04:35 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 04:35 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 04:35 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 04:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-03 23:14 . 2012-08-03 05:31 -------- d-----w- c:\windows\Panther
2012-08-03 23:14 . 2012-08-03 23:14 -------- d-----w- C:\Boot
2012-08-03 13:50 . 2012-08-03 13:50 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-08-03 13:50 . 2012-08-03 13:50 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\programdata\Studio 15
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-08-03 13:45 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-08-03 13:09 . 2012-08-03 13:09 -------- d-----w- c:\programdata\Microsoft Help
2012-08-03 12:51 . 2012-08-03 12:51 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-03 11:35 . 2012-08-03 11:35 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-03 10:28 . 2012-08-03 13:45 -------- d-----w- c:\program files (x86)\Pinnacle
2012-08-03 10:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-03 10:13 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-03 08:28 . 2012-08-03 13:49 -------- d-----w- c:\programdata\Pinnacle
2012-08-03 07:51 . 2012-08-03 07:51 -------- d-----r- C:\MSOCache
2012-08-03 07:47 . 2012-08-03 07:47 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\windows\PCHEALTH
2012-08-03 07:45 . 2012-08-03 07:45 -------- d-----w- c:\program files\Microsoft Office
2012-08-03 07:17 . 2012-08-03 07:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-03 07:17 . 2012-08-03 07:17 -------- d-----w- c:\windows\system32\Wat
2012-08-03 07:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-03 07:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-03 07:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-03 06:53 . 2012-08-15 04:38 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-03 06:51 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-03 06:51 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-03 06:51 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-03 06:51 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-03 06:51 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-03 06:51 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-03 06:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-03 06:48 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-08-03 06:47 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-03 06:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-03 06:45 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-08-03 06:36 . 2012-08-03 06:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\ESET
2012-08-03 06:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-03 06:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-03 06:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-03 06:08 . 2012-08-22 08:30 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 06:08 . 2012-08-22 08:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:08 . 2012-08-03 06:08 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-03 06:07 . 2012-08-03 06:07 -------- d-----w- c:\windows\system32\Macromed
2012-08-03 06:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-03 06:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-03 06:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-03 06:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-03 06:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-03 06:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-03 06:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-03 06:06 . 2012-06-02 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-03 06:06 . 2012-06-02 05:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-03 05:53 . 2012-08-03 05:52 206208 ----a-w- c:\windows\PLFSetI.exe
2012-08-03 05:53 . 2010-06-01 06:39 214400 ----a-w- c:\windows\SysWow64\Snpropwp.dll
2012-08-03 05:53 . 2012-08-03 05:53 -------- d-----w- c:\program files (x86)\Acer
2012-08-03 05:53 . 2009-12-16 05:13 113264 ----a-w- c:\windows\FixUVC.exe
2012-08-03 05:52 . 2012-08-03 05:52 -------- d-----w- c:\program files\Synaptics
2012-08-03 05:52 . 2009-12-10 11:25 301104 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-03 05:52 . 2009-12-10 11:20 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 02:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 21:09 . 2012-05-27 21:09 2168416 ----a-w- c:\windows\system32\coin91.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-12 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328]
.
c:\users\Joaqo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joaqo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-04-05 4925184]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-09-30 25960]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-07-10 151104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-03 1255736]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-13 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-12 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-09-30 765288]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-09-30 268648]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Joaqo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-08-03 206208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Joaqo\AppData\Roaming\Mozilla\Firefox\Profiles\w0u15uw5.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2012-08-22 19:35:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 09:35
.
Pre-Run: 290,017,841,152 bytes free
Post-Run: 290,411,728,896 bytes free
.
- - End Of File - - B079F509192AFE3DA1FC425D69C0C6A4
Joaquin
Active Member
 
Posts: 4
Joined: August 22nd, 2012, 6:51 pm

Re: Possible Zero Access infection help

Unread postby deltalima » August 26th, 2012, 5:41 pm

Hi Joaquin,

I couldn't find ComboFix1.txt, now I remember I thought it had gone unresponsive because it didn't do anything for five minutes or so, so I closed it (I'm sorry). So any way here is ComboFix-quarantined-files.txt and ComboFix2.txt I hope it is still useful to you.


That's OK, no harm done and it explains the logs that you posted.

I just copied trustedinstaller.exe back. I got it from the win7 dvd using 7zip. Again I used Linux to copy it back since windows didn't let me copy files to that folder. When I restarted win7 it took about two minutes to show the desktop after I logged in


Is the startup quicker now after a second reboot?



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Possible Zero Access infection help

Unread postby deltalima » August 29th, 2012, 2:00 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware