Services.exe infected by Win64/Patched.A.Gen trojan (Win7 x64)

Inactive
By Peter Kothaj
Dec 17, 2012
  1. Hi,
    I am having trouble with Win64/Patched.A.Gen within services.exe (and probably also other files), which I caught after installing some "special" codec pack. Please help me to get rid of it.

    My ESET NOD32 Antivirus 4 continuously shows a warning:
    C:\windows\system32\services.exe Win64/Patched.A.Gen trojan cannot cure NT AUTHORITY\LOCAL SERVICE This event was found when trying to access the file by: C:\Windows\System32\svchost.exe.

    I attach the logs according to the Preliminary Instructions.

    mbam-log-2012-12-17 (09-54-45).txt
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.17.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kothaj :: NTB-KOTHAJ [administrator]

    Protection: Enabled

    17. 12. 2012 9:41:35
    mbam-log-2012-12-17 (09-54-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248236
    Time elapsed: 6 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\Installer\{5c17a616-4fc9-6c7f-778d-5beff0ffba9b}\U\80000032.@ (Rootkit.0Access) -> No action taken.

    (end)

    ******************************************************************************************************

    dds.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
    Run by kothaj at 10:07:09 on 2012-12-17
    Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.4070.1427 [GMT 1:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\Hpservice.exe
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\vcsFPService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    C:\windows\system32\WLANExt.exe
    C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    c:\xampp\apache\bin\httpd.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\xampp\mysql\bin\mysqld.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\xampp\apache\bin\httpd.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\Users\kothaj\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Users\kothaj\AppData\Local\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe
    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\PureText\PureText.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Launchy\Launchy.exe
    C:\Program Files (x86)\Digsby\lib\digsby-app.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\windows\SysWOW64\RunDll32.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    C:\windows\NOTEPAD.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.sk/
    uDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.bigseekpro.com/accmeware/{1412DB9A-9A4A-40D7-8AF3-DDBBE9D297FF}
    mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
    uProxyServer = proxy2.stromsk:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: <No Name>: {C90DBB52-46E0-4E65-92BC-799ADEE54C86} - C:\Program Files (x86)\Flash2X\Flash Player\FlashPlayer.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: YouTube to MP3 Converter: {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\kothaj\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    uRun: [PureText] "C:\Program Files (x86)\PureText\PureText.exe"
    mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\kothaj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: mswsock.dll
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.200.139 192.168.200.130 192.168.200.2
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\075726C69636E2B6564627F637E237B6 : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\3545554494F47302275636F6274696E676 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\45D236F6D6E2566716D2E6564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\45F6C6C6E65647F57657563747 : DHCPNameServer = 172.16.28.1
    TCP: Interfaces\{0865C63C-25CB-4388-966C-8C38172F5240}\B6564627F637E237B6 : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
    TCP: Interfaces\{156780C9-2F69-4BB6-B5E1-C704E6D877EC} : DHCPNameServer = 192.168.200.139 192.168.200.2
    TCP: Interfaces\{2ACEAB9C-56A2-468F-9385-CC21F0656993} : DHCPNameServer = 192.168.200.139 192.168.200.130 192.168.200.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: DeviceNP - DeviceNP.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = DPPassFilter EpePcNp64 scecli
    IFEO: taskmgr.exe - "C:\WINDOWS\PROCESXP\PROCEXP.EXE"
    x64-mStart Page = hxxp://www.bing.com?pc=CMNTDF
    x64-mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
    x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-IFEO: taskmgr.exe - "C:\WINDOWS\PROCESXP\PROCEXP.EXE"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\kothaj\AppData\Roaming\Mozilla\Firefox\Profiles\sijrpib6.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: network.proxy.ftp - proxy2.stromsk
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - proxy2.stromsk
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy2.stromsk
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy2.stromsk
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\kothaj\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - plugin: C:\windows\SysWOW64\NPSWF32.dll
    FF - ExtSQL: 2012-10-31 20:54; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    FF - ExtSQL: 2012-12-12 16:24; selenium-expert_selenium-ide@Samit.Badle; C:\Users\kothaj\AppData\Roaming\Mozilla\Firefox\Profiles\sijrpib6.default\extensions\selenium-expert_selenium-ide@Samit.Badle.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-4-5 100808]
    R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-4-5 158920]
    R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-10-21 55280]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-1-26 44576]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-13 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-10-15 203776]
    R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
    R2 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2010-9-3 170104]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-8 810144]
    R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-3-14 152992]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
    R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-5-9 320512]
    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
    R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-22 13336]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-17 676936]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-17 399432]
    R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-4-5 1323008]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-9 1128952]
    R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-4-22 502464]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-22 2656536]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-2-15 2602576]
    R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-4-22 32192]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-10-15 231440]
    R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-11-13 173656]
    R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2012-11-13 26200]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-17 25928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-4-22 344616]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-4-22 39464]
    S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-4 464480]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-5-18 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
    S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;C:\windows\System32\drivers\MAudioMobilePre.sys [2009-9-2 187912]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\windows\System32\drivers\nmwcdnsucx64.sys [2012-6-11 12800]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\windows\System32\drivers\nmwcdnsux64.sys [2012-6-11 171008]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\windows\System32\drivers\s0016bus.sys [2011-9-23 115240]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\windows\System32\drivers\s0016mdfl.sys [2011-9-23 19496]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\windows\System32\drivers\s0016mdm.sys [2011-9-23 158760]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\windows\System32\drivers\s0016mgmt.sys [2011-9-23 137256]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\windows\System32\drivers\s0016nd5.sys [2011-9-23 34344]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\windows\System32\drivers\s0016obex.sys [2011-9-23 136744]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\windows\System32\drivers\s0016unic.sys [2011-9-23 151592]
    S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-18 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-10 1255736]
    S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-3-9 117552]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\windows\NOTEPAD.EXE %1
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-17 08:38:36 -------- d-----w- C:\Users\kothaj\AppData\Roaming\Malwarebytes
    2012-12-17 08:38:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-17 08:38:28 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-12-17 08:38:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-15 20:52:29 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
    2012-12-15 20:13:54 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-12-15 20:13:36 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
    2012-12-15 10:33:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-15 10:33:08 -------- d-----w- C:\Program Files\iTunes
    2012-12-15 10:33:08 -------- d-----w- C:\Program Files\iPod
    2012-12-15 10:33:08 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-14 18:33:54 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEABBA4B-1958-49DE-8515-01872A7FC0A8}\mpengine.dll
    2012-12-13 19:55:46 -------- d-----w- C:\temp
    2012-12-13 09:05:23 -------- d-----w- C:\Users\kothaj\AppData\Local\Eclipse
    2012-12-13 09:05:16 -------- d-----w- C:\Users\kothaj\workspace
    2012-12-12 19:54:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-12-12 19:54:48 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-12-12 18:49:23 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-12-12 18:49:21 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-12 18:49:21 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-12 18:49:21 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-12 18:49:21 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-12 18:49:20 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-12-12 18:49:19 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-11-30 11:42:54 461624 ----a-w- C:\windows\System32\drivers\SynTP.sys
    2012-11-30 11:42:54 229176 ----a-w- C:\windows\System32\SynTPAPI.dll
    2012-11-30 11:42:54 177976 ----a-w- C:\windows\System32\SynTPCo14.dll
    2012-11-30 11:42:54 113976 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
    2012-11-30 11:42:53 539960 ----a-w- C:\windows\SysWow64\SynCOM.dll
    2012-11-27 06:53:03 -------- d-----w- C:\Users\kothaj\AppData\Roaming\jEdit
    2012-11-26 23:20:41 -------- d-----w- C:\Program Files\jEdit
    2012-11-25 20:47:20 -------- d-----w- C:\Users\kothaj\AppData\Local\HF Designer
    2012-11-25 20:44:58 -------- d-----w- C:\ProgramData\HF Designer
    2012-11-25 20:44:56 -------- d-----w- C:\Program Files (x86)\HF Designer
    2012-11-24 22:18:44 -------- d-----w- C:\Users\kothaj\restore
    2012-11-18 02:02:09 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
    2012-11-18 02:02:09 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
    2012-11-18 02:02:08 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
    2012-11-18 02:02:08 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
    2012-11-18 02:02:07 744448 ----a-w- C:\windows\System32\WUDFx.dll
    2012-11-18 02:02:07 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
    2012-11-18 02:02:07 229888 ----a-w- C:\windows\System32\WUDFHost.exe
    .
    ==================== Find3M ====================
    .
    2012-12-12 14:58:59 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 14:58:59 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-13 09:43:05 8192 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll
    2012-11-13 09:34:54 68880 ----a-w- C:\windows\SysWow64\SynTPEnhPS.dll
    2012-11-13 09:34:54 282896 ----a-w- C:\windows\System32\SynCtrl.dll
    2012-11-13 09:34:54 228624 ----a-w- C:\windows\SysWow64\SynCtrl.dll
    2012-11-13 09:34:54 150800 ----a-w- C:\windows\System32\SynTPCo9.dll
    2012-11-06 10:20:00 1048376 ----a-w- C:\windows\System32\SynCOM.dll
    2012-11-02 21:32:09 16 ----a-w- C:\windows\SysWow64\msvcsv60.dll
    2012-10-25 02:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 02:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
    2012-09-28 09:32:56 5989776 ----a-w- C:\windows\System32\usbaaplrc.dll
    2012-09-28 09:32:56 53760 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
    2012-09-24 14:32:24 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
    2012-09-24 14:32:20 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 10:07:19,02 ===============
  2. Peter Kothaj

    Peter Kothaj Newcomer, in training Topic Starter

    ******************************************************************************************************

    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5. 5. 2011 10:50:18
    System Uptime: 17. 12. 2012 9:25:05 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1619
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 348 GiB total, 148,699 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 2,256 GiB free.
    F: is FIXED (FAT32) - 5 GiB total, 2,115 GiB free.
    G: is CDROM ()
    T: is FIXED (NTFS) - 98 GiB total, 18,677 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82579V Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_1619103C&REV_04\3&21436425&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82579V Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_1619103C&REV_04\3&21436425&0&C8
    Service: e1cexpress
    .
    ==== System Restore Points ===================
    .
    RP381: 13. 12. 2012 22:55:45 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7-Zip 4.65 (x64 edition)
    ActiveCheck component for HP Active Support Library
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks
    Adobe Fireworks CS3
    Adobe Fireworks CS5
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop CS5
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader X (10.1.4) - Czech
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Aktualizácia Microsoft Office Excel 2007 Help (KB963678)
    Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)
    Aktualizácia Microsoft Office Word 2007 Help (KB963665)
    Alcor Micro Smart Card Reader Driver
    Amaya
    AMD APP SDK Runtime
    AMD AVIVO64 Codecs
    AMD Catalyst Install Manager
    AmpliTube 3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Webcam Sharing Manager
    ASIO4ALL
    Ask Toolbar
    Astroburn Lite
    Avid License Control
    Axure RP Pro 6.5
    BitTorrent
    Bonjour
    Broadcom 2070 Bluetooth 3.0
    Broadcom 802.11 Wireless LAN Adapter
    Broadcom Wireless Utility
    Bullzip PDF Printer 7.2.0.1320
    Canon MP610 series
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CD-LabelPrint
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneDVD 5.5.0.6
    Color Efex Pro 3.0 Complete
    D3DX10
    DAEMON Tools Lite
    DbVisualizer 8.0
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Device Access Manager for HP ProtectTools
    Digsby
    DirectVobSub 2.40.3093 x64
    DirectX 9 Runtime
    DreamStation DXi2
    Drive Encryption For HP ProtectTools
    Dropbox
    Embedded Security for HP ProtectTools
    eMule
    Energy Star Digital Logo
    Enterprise Architect 8
    ESET NOD32 Antivirus
    F-22 Lightning 3
    Face Recognition for HP ProtectTools
    File Sanitizer For HP ProtectTools
    Free M4a to MP3 Converter 6.2
    Free WAV to MP3 Converter 7.3.5
    Free WMA to MP3 Converter 1.16
    G-Force
    Google Chrome
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    HF Designer 4.4
    High-Definition Video Playback
    HP 3D DriveGuard
    HP Auto
    HP Client Automation Agent Preload
    HP Connection Manager
    HP Customer Experience Enhancements
    HP DayStarter
    HP Documentation
    HP ESU for Microsoft Windows 7
    HP Hotkey Support
    HP Power Assistant
    HP ProtectTools Security Manager
    HP QuickWeb
    HP Setup
    HP SoftPaq Download Manager
    HP Software Framework
    HP Software Setup
    HP Support Assistant
    HP System Default Settings
    HP Wallpaper
    HP Web Camera
    HP Webcam
    HP Webcam Driver
    HPAsset component for HP Active Support Library
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    iCloud
    IDT Audio
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) Network Connections Drivers
    Intel(R) Rapid Storage Technology
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 37
    Java(TM) 7 Update 4 (64-bit)
    jEdit 5.0.0
    JMicron 1394 Filter Driver
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    K-Lite Codec Pack 8.6.0 (Standard)
    Launchy 2.5
    LightScribe Applications
    LightScribe System Software
    LSI HDA Modem
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mastering Edition 1.5
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Slovak) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Slovak) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Slovak) 2007
    Microsoft Office IME (Chinese (Simplified)) 2010
    Microsoft Office IME (Chinese (Traditional)) 2010
    Microsoft Office IME (Japanese) 2010
    Microsoft Office IME (Korean) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Slovak) 2007
    Microsoft Office Language Pack 2007 - Slovak/Slovenčina
    Microsoft Office O MUI (Slovak) 2007
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Slovak) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Slovak) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Slovak) 2007
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Arabic) 2010
    Microsoft Office Proof (Basque) 2010
    Microsoft Office Proof (Bulgarian) 2010
    Microsoft Office Proof (Catalan) 2010
    Microsoft Office Proof (Croatian) 2010
    Microsoft Office Proof (Czech) 2007
    Microsoft Office Proof (Czech) 2010
    Microsoft Office Proof (Danish) 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Estonian) 2010
    Microsoft Office Proof (Finnish) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Galician) 2010
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Greek) 2010
    Microsoft Office Proof (Gujarati) 2010
    Microsoft Office Proof (Hebrew) 2010
    Microsoft Office Proof (Hindi) 2010
    Microsoft Office Proof (Hungarian) 2007
    Microsoft Office Proof (Hungarian) 2010
    Microsoft Office Proof (Chinese (Simplified)) 2010
    Microsoft Office Proof (Chinese (Traditional)) 2010
    Microsoft Office Proof (Italian) 2010
    Microsoft Office Proof (Japanese) 2010
    Microsoft Office Proof (Kannada) 2010
    Microsoft Office Proof (Kazakh) 2010
    Microsoft Office Proof (Korean) 2010
    Microsoft Office Proof (Latvian) 2010
    Microsoft Office Proof (Lithuanian) 2010
    Microsoft Office Proof (Marathi) 2010
    Microsoft Office Proof (Norwegian (Bokmal)) 2010
    Microsoft Office Proof (Norwegian (Nynorsk)) 2010
    Microsoft Office Proof (Polish) 2010
    Microsoft Office Proof (Portuguese (Brazil)) 2010
    Microsoft Office Proof (Portuguese (Portugal)) 2010
    Microsoft Office Proof (Punjabi) 2010
    Microsoft Office Proof (Romanian) 2010
    Microsoft Office Proof (Russian) 2010
    Microsoft Office Proof (Serbian (Latin)) 2010
    Microsoft Office Proof (Slovak) 2007
    Microsoft Office Proof (Slovak) 2010
    Microsoft Office Proof (Slovenian) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proof (Swedish) 2010
    Microsoft Office Proof (Tamil) 2010
    Microsoft Office Proof (Telugu) 2010
    Microsoft Office Proof (Thai) 2010
    Microsoft Office Proof (Turkish) 2010
    Microsoft Office Proof (Ukrainian) 2010
    Microsoft Office Proof (Urdu) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Slovak) 2007
    Microsoft Office Proofing Kit 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools Kit Compilation 2010
    Microsoft Office ProofMUI (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Slovak) 2007
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (Slovak) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Slovak) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Slovak) 2007
    Microsoft Office X MUI (Slovak) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio Viewer 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC100_CRT_SP1_x64
    Microsoft_VC100_CRT_SP1_x86
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MobileMe Control Panel
    Moj CEWE FOTOSVET
    Mozilla Firefox 17.0.1 (x86 sk)
    Mozilla Maintenance Service
    MPC-HC 1.6.4.6052 (64-bit)
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MusicJet
    Native Instruments Controller Editor
    Native Instruments Guitar Rig 4
    Native Instruments Service Center
    Nero 10 ClipartPack
    Nero 10 Kwik Themes 1
    Nero 10 Kwik Themes 2
    Nero 10 Menu TemplatePack 1
    Nero 10 Menu TemplatePack 2
    Nero 10 Menu TemplatePack 3
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero 10 Sample ImagePack
    Nero 10 Sample Videos
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Dolby Files 10
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero Vision Xtra
    NeroKwikMedia Help (CHM)
    Nokia Connectivity Cable Driver
    Nokia PC Internet Access
    Nokia Suite
    Octoshape Streaming Services
    Open Metronome
    OpenVPN 2.2.0
    Opera 11.62
    Pando Media Booster
    PC Connectivity Solution
    PDF Complete Special Edition
    PDF Settings
    PDF Settings CS5
    Picasa 3
    Privacy Manager for HP ProtectTools
    PSPad editor
    PxMergeModule
    QuickTime
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    sfArk
    SilkCentral Test Manager 2009 Office Import
    Skype Toolbars
    Skype™ 5.10
    SoftSkies
    SONAR 6 Producer Edition
    Sony CD Architect 5.2
    Steinberg Mastering Edition Enhanced 2002
    Synaptics Pointing Device Driver
    Theft Recovery for HP ProtectTools
    TimeWorks Mastering EQ
    Total Commander (Remove or Repair)
    Total Commander 64-bit (Remove or Repair)
    Tunatic
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596963) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Validity Fingerprint Sensor Driver
    VIP Access SDK (1.0.1.4)
    VLC media player 2.0.4
    WaveLab 6
    Waves Audio Processors 3.2
    Waves Diamond Bundle v5.2
    Waves IRx v5.2
    Waves L3 v5.2
    Waves Mercury Bundle
    Waves Q-Clone v5.2
    Waves SSL Collection v1.2
    Waves Vocal Bundle v1.1
    Waves Znoise v1.0
    Wavpack4Wavelab6
    Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinMerge 2.12.4
    XAMPP 1.7.7
    YouTube to MP3 Converter
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17. 12. 2012 9:26:39, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    17. 12. 2012 9:25:33, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    17. 12. 2012 9:25:31, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    17. 12. 2012 9:25:29, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    17. 12. 2012 9:25:29, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
    17. 12. 2012 9:25:28, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    17. 12. 2012 9:24:41, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
    17. 12. 2012 8:51:43, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    17. 12. 2012 8:50:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17. 12. 2012 8:50:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    17. 12. 2012 8:50:02, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 21
    17. 12. 2012 8:49:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv spldr sptd vpcvmm Wanarpv6
    17. 12. 2012 8:49:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    17. 12. 2012 8:49:23, Error: sptd [4] - Driver detected an internal error in its data structures for .
    16. 12. 2012 19:33:42, Error: Microsoft-Windows-TBS [16385] - An internal TBS error was detected. The error code was 0x800703e3. This is usually caused by unexpected TPM or driver behavior and may be transient.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    16. 12. 2012 0:15:33, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    15. 12. 2012 11:41:33, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    15. 12. 2012 11:38:44, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
    14. 12. 2012 23:36:23, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    12. 12. 2012 22:43:14, Error: Disk [15] - The device, \Device\Harddisk1\DR2, is not ready for access yet.
    11. 12. 2012 22:27:43, Error: Service Control Manager [7034] - The Služba Google Update (gupdate) service terminated unexpectedly. It has done this 2 time(s).
    11. 12. 2012 20:14:17, Error: Service Control Manager [7034] - The Služba Google Update (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    10. 12. 2012 11:32:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    .
    ==== End Of File ===========================
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  4. Peter Kothaj

    Peter Kothaj Newcomer, in training Topic Starter

    Finally, my problem will be solved by complete reinstallation of the system and all programs.
    Thank you very much for your willingness to help me!
    This post can be closed.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Complete reinstall? I didn't suggest that. Probably would be a bad idea right now...

    This is a recovery tool that can help disinfect the system so you don't have to reformat/reinstall your operating system and programs!

    Let me know if you want to continue, post the log from FRST. :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.