Services.exe infected by Win64/Patched.A.Gen trojan (Win7 x64)

Peter Kothaj · Dec 17, 2012

Hi,
I am having trouble with Win64/Patched.A.Gen within services.exe (and probably also other files), which I caught after installing some "special" codec pack. Please help me to get rid of it.

My ESET NOD32 Antivirus 4 continuously shows a warning:
C:\windows\system32\services.exe Win64/Patched.A.Gen trojan cannot cure NT AUTHORITY\LOCAL SERVICE This event was found when trying to access the file by: C:\Windows\System32\svchost.exe.

I attach the logs according to the Preliminary Instructions.

mbam-log-2012-12-17 (09-54-45).txt
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kothaj :: NTB-KOTHAJ [administrator]

Protection: Enabled

17. 12. 2012 9:41:35
mbam-log-2012-12-17 (09-54-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248236
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{5c17a616-4fc9-6c7f-778d-5beff0ffba9b}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

******************************************************************************************************

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by kothaj at 10:07:09 on 2012-12-17
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.4070.1427 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\xampp\apache\bin\httpd.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Users\kothaj\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\kothaj\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\PureText\PureText.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\SysWOW64\RunDll32.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/accmeware/{1412DB9A-9A4A-40D7-8AF3-DDBBE9D297FF}
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
uProxyServer = proxy2.stromsk:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: <No Name>: {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\kothaj\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [PureText] "C:\Program Files (x86)\PureText\PureText.exe"
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\kothaj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.200.139 192.168.200.130 192.168.200.2
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\075726C69636E2B6564627F637E237B6 : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\3545554494F47302275636F6274696E676 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\45D236F6D6E2566716D2E6564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\45F6C6C6E65647F57657563747 : DHCPNameServer = 172.16.28.1
TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\B6564627F637E237B6 : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
TCP: Interfaces\{156780C9-2F69-4BB6-B5E1-C704E6D877EC} : DHCPNameServer = 192.168.200.139 192.168.200.2
TCP: Interfaces\{2ACEAB9C-56A2-468F-9385-CC21F0656993} : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter EpePcNp64 scecli
IFEO: taskmgr.exe - "C:\WINDOWS\PROCESXP\PROCEXP.EXE"
x64-mStart Page = hxxp://www.bing.com?pc=CMNTDF
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: taskmgr.exe - "C:\WINDOWS\PROCESXP\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kothaj\AppData\Roaming\Mozilla\Firefox\Profiles\sijrpib6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - proxy2.stromsk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy2.stromsk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy2.stromsk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy2.stromsk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\kothaj\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: C:\windows\SysWOW64\NPSWF32.dll
FF - ExtSQL: 2012-10-31 20:54; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-12 16:24; selenium-expert_selenium-ide@Samit.Badle; C:\Users\kothaj\AppData\Roaming\Mozilla\Firefox\Profiles\sijrpib6.default\extensions\selenium-expert_selenium-ide@Samit.Badle.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-4-5 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-4-5 158920]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-10-21 55280]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-1-26 44576]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-10-15 203776]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-8 810144]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-3-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-5-9 320512]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-22 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-17 676936]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-17 399432]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-4-5 1323008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-9 1128952]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-4-22 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-22 2656536]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-2-15 2602576]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-4-22 32192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-10-15 231440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-11-13 173656]
R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2012-11-13 26200]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-17 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-4-22 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-4-22 39464]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-4 464480]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-5-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;C:\windows\System32\drivers\MAudioMobilePre.sys [2009-9-2 187912]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\windows\System32\drivers\nmwcdnsucx64.sys [2012-6-11 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\windows\System32\drivers\nmwcdnsux64.sys [2012-6-11 171008]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\windows\System32\drivers\s0016bus.sys [2011-9-23 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\windows\System32\drivers\s0016mdfl.sys [2011-9-23 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\windows\System32\drivers\s0016mdm.sys [2011-9-23 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\windows\System32\drivers\s0016mgmt.sys [2011-9-23 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\windows\System32\drivers\s0016nd5.sys [2011-9-23 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\windows\System32\drivers\s0016obex.sys [2011-9-23 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\windows\System32\drivers\s0016unic.sys [2011-9-23 151592]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-10 1255736]
S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-3-9 117552]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\NOTEPAD.EXE %1
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-12-17 08:38:36 -------- d-----w- C:\Users\kothaj\AppData\Roaming\Malwarebytes
2012-12-17 08:38:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-17 08:38:28 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-12-17 08:38:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-15 20:52:29 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-12-15 20:13:54 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-15 20:13:36 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-12-15 10:33:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-15 10:33:08 -------- d-----w- C:\Program Files\iTunes
2012-12-15 10:33:08 -------- d-----w- C:\Program Files\iPod
2012-12-15 10:33:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-14 18:33:54 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEABBA4B-1958-49DE-8515-01872A7FC0A8}\mpengine.dll
2012-12-13 19:55:46 -------- d-----w- C:\temp
2012-12-13 09:05:23 -------- d-----w- C:\Users\kothaj\AppData\Local\Eclipse
2012-12-13 09:05:16 -------- d-----w- C:\Users\kothaj\workspace
2012-12-12 19:54:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-12-12 19:54:48 2048 ----a-w- C:\windows\System32\tzres.dll
2012-12-12 18:49:23 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-12-12 18:49:21 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-12 18:49:21 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-12 18:49:21 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-12 18:49:21 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-12 18:49:20 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-12-12 18:49:19 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-11-30 11:42:54 461624 ----a-w- C:\windows\System32\drivers\SynTP.sys
2012-11-30 11:42:54 229176 ----a-w- C:\windows\System32\SynTPAPI.dll
2012-11-30 11:42:54 177976 ----a-w- C:\windows\System32\SynTPCo14.dll
2012-11-30 11:42:54 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
2012-11-30 11:42:53 539960 ----a-w- C:\windows\SysWow64\SynCOM.dll
2012-11-27 06:53:03 -------- d-----w- C:\Users\kothaj\AppData\Roaming\jEdit
2012-11-26 23:20:41 -------- d-----w- C:\Program Files\jEdit
2012-11-25 20:47:20 -------- d-----w- C:\Users\kothaj\AppData\Local\HF Designer
2012-11-25 20:44:58 -------- d-----w- C:\ProgramData\HF Designer
2012-11-25 20:44:56 -------- d-----w- C:\Program Files (x86)\HF Designer
2012-11-24 22:18:44 -------- d-----w- C:\Users\kothaj\restore
2012-11-18 02:02:09 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-18 02:02:09 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-18 02:02:08 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-18 02:02:08 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-18 02:02:07 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-18 02:02:07 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-18 02:02:07 229888 ----a-w- C:\windows\System32\WUDFHost.exe
.
==================== Find3M ====================
.
2012-12-12 14:58:59 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:58:59 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-13 09:43:05 8192 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll
2012-11-13 09:34:54 68880 ----a-w- C:\windows\SysWow64\SynTPEnhPS.dll
2012-11-13 09:34:54 282896 ----a-w- C:\windows\System32\SynCtrl.dll
2012-11-13 09:34:54 228624 ----a-w- C:\windows\SysWow64\SynCtrl.dll
2012-11-13 09:34:54 150800 ----a-w- C:\windows\System32\SynTPCo9.dll
2012-11-06 10:20:00 1048376 ----a-w- C:\windows\System32\SynCOM.dll
2012-11-02 21:32:09 16 ----a-w- C:\windows\SysWow64\msvcsv60.dll
2012-10-25 02:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-28 09:32:56 5989776 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-09-28 09:32:56 53760 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
2012-09-24 14:32:24 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32:20 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:07:19,02 ===============

Peter Kothaj · Dec 17, 2012

******************************************************************************************************

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5. 5. 2011 10:50:18
System Uptime: 17. 12. 2012 9:25:05 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1619
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 348 GiB total, 148,699 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 2,256 GiB free.
F: is FIXED (FAT32) - 5 GiB total, 2,115 GiB free.
G: is CDROM ()
T: is FIXED (NTFS) - 98 GiB total, 18,677 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82579V Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_1619103C&REV_04\3&21436425&0&C8
Manufacturer: Intel
Name: Intel(R) 82579V Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_1619103C&REV_04\3&21436425&0&C8
Service: e1cexpress
.
==== System Restore Points ===================
.
RP381: 13. 12. 2012 22:55:45 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 4.65 (x64 edition)
ActiveCheck component for HP Active Support Library
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks
Adobe Fireworks CS3
Adobe Fireworks CS5
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS5
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.4) - Czech
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizácia Microsoft Office Word 2007 Help (KB963665)
Alcor Micro Smart Card Reader Driver
Amaya
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
AmpliTube 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Webcam Sharing Manager
ASIO4ALL
Ask Toolbar
Astroburn Lite
Avid License Control
Axure RP Pro 6.5
BitTorrent
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Bullzip PDF Printer 7.2.0.1320
Canon MP610 series
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD-LabelPrint
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneDVD 5.5.0.6
Color Efex Pro 3.0 Complete
D3DX10
DAEMON Tools Lite
DbVisualizer 8.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools
Digsby
DirectVobSub 2.40.3093 x64
DirectX 9 Runtime
DreamStation DXi2
Drive Encryption For HP ProtectTools
Dropbox
Embedded Security for HP ProtectTools
eMule
Energy Star Digital Logo
Enterprise Architect 8
ESET NOD32 Antivirus
F-22 Lightning 3
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Free M4a to MP3 Converter 6.2
Free WAV to MP3 Converter 7.3.5
Free WMA to MP3 Converter 1.16
G-Force
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HF Designer 4.4
High-Definition Video Playback
HP 3D DriveGuard
HP Auto
HP Client Automation Agent Preload
HP Connection Manager
HP Customer Experience Enhancements
HP DayStarter
HP Documentation
HP ESU for Microsoft Windows 7
HP Hotkey Support
HP Power Assistant
HP ProtectTools Security Manager
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HPAsset component for HP Active Support Library
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iCloud
IDT Audio
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 37
Java(TM) 7 Update 4 (64-bit)
jEdit 5.0.0
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K-Lite Codec Pack 8.6.0 (Standard)
Launchy 2.5
LightScribe Applications
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware version 1.65.1.1000
Mastering Edition 1.5
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Slovak) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Slovak) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Slovak) 2007
Microsoft Office IME (Chinese (Simplified)) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office IME (Japanese) 2010
Microsoft Office IME (Korean) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Slovak) 2007
Microsoft Office Language Pack 2007 - Slovak/Slovenčina
Microsoft Office O MUI (Slovak) 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Slovak) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Slovak) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Slovak) 2007
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Basque) 2010
Microsoft Office Proof (Bulgarian) 2010
Microsoft Office Proof (Catalan) 2010
Microsoft Office Proof (Croatian) 2010
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (Czech) 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Estonian) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Gujarati) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Hindi) 2010
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Hungarian) 2010
Microsoft Office Proof (Chinese (Simplified)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Japanese) 2010
Microsoft Office Proof (Kannada) 2010
Microsoft Office Proof (Kazakh) 2010
Microsoft Office Proof (Korean) 2010
Microsoft Office Proof (Latvian) 2010
Microsoft Office Proof (Lithuanian) 2010
Microsoft Office Proof (Marathi) 2010
Microsoft Office Proof (Norwegian (Bokmal)) 2010
Microsoft Office Proof (Norwegian (Nynorsk)) 2010
Microsoft Office Proof (Polish) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Portuguese (Portugal)) 2010
Microsoft Office Proof (Punjabi) 2010
Microsoft Office Proof (Romanian) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Serbian (Latin)) 2010
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proof (Slovak) 2010
Microsoft Office Proof (Slovenian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proof (Tamil) 2010
Microsoft Office Proof (Telugu) 2010
Microsoft Office Proof (Thai) 2010
Microsoft Office Proof (Turkish) 2010
Microsoft Office Proof (Ukrainian) 2010
Microsoft Office Proof (Urdu) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Slovak) 2007
Microsoft Office Proofing Kit 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools Kit Compilation 2010
Microsoft Office ProofMUI (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Slovak) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (Slovak) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Slovak) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Slovak) 2007
Microsoft Office X MUI (Slovak) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MobileMe Control Panel
Moj CEWE FOTOSVET
Mozilla Firefox 17.0.1 (x86 sk)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052 (64-bit)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MusicJet
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments Service Center
Nero 10 ClipartPack
Nero 10 Kwik Themes 1
Nero 10 Kwik Themes 2
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Dolby Files 10
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero Vision Xtra
NeroKwikMedia Help (CHM)
Nokia Connectivity Cable Driver
Nokia PC Internet Access
Nokia Suite
Octoshape Streaming Services
Open Metronome
OpenVPN 2.2.0
Opera 11.62
Pando Media Booster
PC Connectivity Solution
PDF Complete Special Edition
PDF Settings
PDF Settings CS5
Picasa 3
Privacy Manager for HP ProtectTools
PSPad editor
PxMergeModule
QuickTime
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
sfArk
SilkCentral Test Manager 2009 Office Import
Skype Toolbars
Skype™ 5.10
SoftSkies
SONAR 6 Producer Edition
Sony CD Architect 5.2
Steinberg Mastering Edition Enhanced 2002
Synaptics Pointing Device Driver
Theft Recovery for HP ProtectTools
TimeWorks Mastering EQ
Total Commander (Remove or Repair)
Total Commander 64-bit (Remove or Repair)
Tunatic
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596963) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Fingerprint Sensor Driver
VIP Access SDK (1.0.1.4)
VLC media player 2.0.4
WaveLab 6
Waves Audio Processors 3.2
Waves Diamond Bundle v5.2
Waves IRx v5.2
Waves L3 v5.2
Waves Mercury Bundle
Waves Q-Clone v5.2
Waves SSL Collection v1.2
Waves Vocal Bundle v1.1
Waves Znoise v1.0
Wavpack4Wavelab6
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinMerge 2.12.4
XAMPP 1.7.7
YouTube to MP3 Converter
.
==== Event Viewer Messages From Past Week ========
.
17. 12. 2012 9:26:39, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17. 12. 2012 9:25:33, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
17. 12. 2012 9:25:31, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
17. 12. 2012 9:25:29, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
17. 12. 2012 9:25:29, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
17. 12. 2012 9:25:28, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
17. 12. 2012 9:24:41, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
17. 12. 2012 8:51:43, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
17. 12. 2012 8:50:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17. 12. 2012 8:50:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17. 12. 2012 8:50:02, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21
17. 12. 2012 8:49:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr sptd vpcvmm Wanarpv6
17. 12. 2012 8:49:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
17. 12. 2012 8:49:23, Error: sptd [4] - Driver detected an internal error in its data structures for .
16. 12. 2012 19:33:42, Error: Microsoft-Windows-TBS [16385] - An internal TBS error was detected. The error code was 0x800703e3. This is usually caused by unexpected TPM or driver behavior and may be transient.
16. 12. 2012 0:15:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15. 12. 2012 11:41:33, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
15. 12. 2012 11:38:44, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
14. 12. 2012 23:36:23, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12. 12. 2012 22:43:14, Error: Disk [15] - The device, \Device\Harddisk1\DR2, is not ready for access yet.
11. 12. 2012 22:27:43, Error: Service Control Manager [7034] - The Služba Google Update (gupdate) service terminated unexpectedly. It has done this 2 time(s).
11. 12. 2012 20:14:17, Error: Service Control Manager [7034] - The Služba Google Update (gupdate) service terminated unexpectedly. It has done this 1 time(s).
10. 12. 2012 11:32:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================

Jay Pfoutz · Dec 17, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.

Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

If you have already asked for help somewhere, please post the link to the topic you were helped.

We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to the disclaimer.

Place a check next to List Drivers MD5 as well as the default check marks that are already there

Press Scan button. It will do its scan and save a log on your flash drive.

Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.

Type exit in the Command Prompt window and reboot the computer normally

FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Peter Kothaj · Dec 19, 2012

Finally, my problem will be solved by complete reinstallation of the system and all programs.
Thank you very much for your willingness to help me!
This post can be closed.

Jay Pfoutz · Dec 19, 2012

Complete reinstall? I didn't suggest that. Probably would be a bad idea right now...

This is a recovery tool that can help disinfect the system so you don't have to reformat/reinstall your operating system and programs!

Let me know if you want to continue, post the log from FRST.

TechSpot

Welcome to TechSpot

Services.exe infected by Win64/Patched.A.Gen trojan (Win7 x64)

Peter Kothaj Newcomer, in training

Peter Kothaj Newcomer, in training

Jay Pfoutz Malware Helper Posts: 4,286 +49

Peter Kothaj Newcomer, in training

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.