Browser possibly getting hijacked

The How-To Geek Forums Have Migrated to Discourse

Join the Discussion at discuss.howtogeek.com

How-To Geek Forums / Windows 7

Browser possibly getting hijacked

(48 posts)

Started 2 months ago by joefuf
Latest reply from StringJunky
Topic Viewed 911 times

View Accepted Answer

« Previous 1 2 3

joefuf

Member

Posts: 121

Last thing I do tonight. I ran ComboFix. Below is my log. Let me know if you see anything that stands out.

ComboFix 13-03-05.01 - Jeff 03/05/2013 0:09.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8187.5261 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130304210141.375199
c:\programdata\boost_interprocess\20130304210141.375199\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20130304210141.375199\plex_frame_mutex
c:\programdata\SPL32FA.tmp
c:\programdata\SPLB963.tmp
c:\users\Jeff\AppData\Local\assembly\tmp
c:\users\Jeff\AppData\Local\assembly\tmp2U4KPCO\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp2U4KPCO\AddinExpress.PP.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\2DFR78I7\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\2DFR78I7\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\5BB7ULNH\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\5BB7ULNH\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\7XDDXVSX\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\7XDDXVSX\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\B4UFLBA5\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\B4UFLBA5\AddinExpress.XL.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\C2NS73XU\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\C2NS73XU\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\D5QPF2OH\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\D5QPF2OH\AddinExpress.WD.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\FO1E7W9G\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\FO1E7W9G\AddinExpress.ToolbarControls.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\GRW7DNFB\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\GRW7DNFB\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\HX1GCJSR\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\HX1GCJSR\AddinExpress.XL.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\JXNU86XG\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\JXNU86XG\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\KQF7MRI9\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\KQF7MRI9\AddinExpress.WD.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\M2OTDPIN\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\M2OTDPIN\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\ONAYM1A7\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\ONAYM1A7\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\ORCQVAKJ\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\ORCQVAKJ\AddinExpress.XL.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\PESGP908\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\PESGP908\AddinExpress.WD.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\U6GG43L8\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\U6GG43L8\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\W5K1EC92\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\W5K1EC92\AddinExpress.MSO.2005.DLL
c:\users\Jeff\AppData\Local\assembly\tmp\Z4S3D1X5\__AssemblyInfo__.ini
c:\users\Jeff\AppData\Local\assembly\tmp\Z4S3D1X5\AddinExpress.WD.2005.DLL
c:\users\Jeff\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system
c:\users\Jeff\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\jeffreyabr@gmail.com-AllContactsList.xml
c:\users\Jeff\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\jeffreyabr@gmail.com-AllContactsList_LastUpdate.xml
c:\users\Jeff\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
c:\users\Jeff\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Run
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-05 02:12 . 2013-03-05 02:12 -------- d-----w- c:\users\Jeff\AppData\Roaming\SUPERAntiSpyware.com
2013-03-05 02:12 . 2013-03-05 02:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-05 02:12 . 2013-03-05 02:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-05 02:08 . 2013-03-05 05:38 -------- d-----w- c:\programdata\boost_interprocess
2013-03-04 16:42 . 2012-10-23 11:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6E98343-ABDF-4F5E-9479-3BDF43B303A3}\gapaengine.dll
2013-03-04 16:42 . 2013-02-19 08:57 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A347B55E-4D9E-486C-A341-143CB469D68C}\mpengine.dll
2013-03-04 16:41 . 2013-03-04 16:41 -------- d-----w- c:\program files\Windows Firewall Configuration Provider
2013-03-04 16:40 . 2013-03-04 16:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-04 16:39 . 2013-03-04 16:40 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-04 16:38 . 2013-03-05 02:05 -------- d-----w- c:\windows\CCM
2013-03-04 16:38 . 2013-03-04 16:38 -------- d-----w- c:\windows\ccmcache
2013-03-04 16:38 . 2013-03-04 16:38 -------- d-----w- c:\windows\SysWow64\CCM
2013-03-04 16:38 . 2013-03-04 16:38 -------- d-----w- c:\windows\ms
2013-03-04 16:37 . 2013-03-04 16:37 -------- d-----w- c:\program files\Microsoft Policy Platform
2013-03-04 16:36 . 2013-03-04 16:39 -------- d-----w- c:\windows\ccmsetup
2013-03-04 15:46 . 2013-03-05 05:36 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-03-04 15:45 . 2013-03-05 05:35 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-03-03 02:51 . 2013-03-03 02:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-03-03 02:51 . 2013-03-03 02:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-03-03 02:51 . 2013-03-03 02:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-03-03 02:48 . 2013-03-03 02:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-03-03 02:47 . 2013-03-03 02:47 -------- d-----w- c:\program files\Microsoft Office
2013-03-03 02:46 . 2013-03-03 02:46 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-03-03 02:45 . 2013-03-03 02:45 -------- d-----r- C:\MSOCache
2013-03-02 21:59 . 2013-03-02 21:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-01 22:54 . 2013-03-01 22:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-01 22:54 . 2013-03-01 22:54 -------- d-----w- c:\program files\iTunes
2013-03-01 22:54 . 2013-03-01 22:54 -------- d-----w- c:\program files\iPod
2013-03-01 21:15 . 2013-03-01 21:15 -------- d-----w- C:\d
2013-02-28 17:28 . 2013-02-11 16:28 38456 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-02-28 15:40 . 2013-02-28 15:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\LavasoftStatistics
2013-02-28 15:40 . 2013-02-28 15:40 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-28 15:33 . 2013-02-28 15:33 -------- d-----w- c:\programdata\Lavasoft
2013-02-28 15:33 . 2013-03-01 21:11 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-02-28 15:32 . 2013-02-28 15:32 -------- d-----w- c:\programdata\Downloaded Installations
2013-02-28 15:31 . 2013-02-28 15:31 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-02-28 15:30 . 2013-02-28 15:30 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-28 15:30 . 2013-02-28 17:31 -------- d-----w- c:\users\Jeff\AppData\Roaming\Ad-Aware Antivirus
2013-02-21 22:09 . 2013-02-21 22:09 -------- d-----w- c:\users\Jeff\AppData\Local\ActiveState
2013-02-21 22:08 . 2013-02-21 22:08 -------- d-----w- c:\program files (x86)\ActiveState Komodo Edit 7
2013-02-14 22:00 . 2013-01-30 18:12 143104 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-02-14 22:00 . 2013-01-30 18:12 192256 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-02-14 22:00 . 2013-01-30 18:12 159488 ----a-w- c:\windows\SysWow64\SSCbFsMntNtf3.dll
2013-02-14 22:00 . 2013-01-30 18:12 225024 ----a-w- c:\windows\SysWow64\SSCbFsNetRdr3.dll
2013-02-14 21:59 . 2013-01-30 18:11 347904 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-02-12 23:31 . 2013-02-12 23:31 -------- d-----w- c:\users\Jeff\AppData\Local\Singular_Software
2013-02-12 22:26 . 2013-02-12 22:26 -------- d-----w- c:\users\Jeff\AppData\Local\ControlActivation
2013-02-12 22:24 . 2010-11-22 20:50 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2013-02-12 22:24 . 2013-02-12 22:24 -------- d-----w- c:\program files (x86)\Singular Software
2013-02-09 23:43 . 2013-02-09 23:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-02-06 01:25 . 2013-02-06 01:25 -------- d-----w- c:\program files (x86)\WinSCP
2013-02-04 18:16 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 05:36 . 2010-09-21 18:03 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-03-05 05:35 . 2010-12-09 15:24 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-03-04 16:03 . 2012-06-14 21:52 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2013-03-01 14:25 . 2012-04-05 15:09 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-01 14:25 . 2011-05-28 14:44 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 00:52 . 2009-12-22 00:29 99384 ----a-w- c:\users\Jeff\AppData\Roaming\inst.exe
2013-02-28 00:52 . 2009-12-22 00:29 82816 ----a-w- c:\users\Jeff\AppData\Roaming\pcouffin.sys
2013-02-14 04:26 . 2010-03-15 04:17 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-10 03:25 . 2011-09-29 18:35 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-10 03:25 . 2010-01-12 17:03 2854344 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2010-01-12 17:03 15275744 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-10 01:04 . 2010-07-09 20:27 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2010-07-09 20:27 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2010-07-09 20:27 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2010-07-09 20:27 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 01:04 . 2010-01-12 04:19 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2010-01-12 04:19 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-30 10:53 . 2009-10-02 16:11 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 20:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 20:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2013-01-05 05:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 01:50 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 01:50 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 01:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 01:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 01:50 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 01:50 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 01:50 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 01:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 01:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 01:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 01:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 01:50 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 01:50 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 01:50 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 01:50 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 01:50 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 01:50 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 01:50 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 01:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 01:50 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 01:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 01:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 01:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 01:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 01:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 01:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 01:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 01:50 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 01:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 01:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 01:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 01:50 55296 ----a-w- c:\windows\SysWow64\cero.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSync.exe" [2013-02-13 12343648]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"MusicManager"="c:\users\Jeff\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-01-29 3858600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2012-07-14 5831680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLUA"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 3 (0x3)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-02-11 38456]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2011-12-06 50472]
R3 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-20 1039872]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-05-12 11776]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-22 82816]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R4 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2012-02-20 605040]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-28 14456]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-10-21 32424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 rpcnetp;rpcnetp;rpcnetp [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 70344]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 93272]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-08-31 16384]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 21520]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-09 1044648]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-10-27 2560]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MSSQL$TRACKIT;SQL Server (TRACKIT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-10-05 40832]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-10-05 84864]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-09-02 288256]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2010-03-05 75624]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 12288]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 267296]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdia
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2492272126-1598020779-2127758990-1000Core.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-20 17:44]
.
2012-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2492272126-1598020779-2127758990-1000UA.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-20 17:44]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492272126-1598020779-2127758990-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:45]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492272126-1598020779-2127758990-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 00:45]
.
2013-03-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7bbb7b4f-66da-418e-b0d1-d2b5e77b3da0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-03-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8725adaa-91d9-40dd-9167-5fcb6cdbac25.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-02-13 18:53 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-27 309248]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-10-29 1437064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download with Xilisoft iPhone Magic Platinum - c:\program files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.192.20 10.52.50.10
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{63478872-a091-11de-97f6-806e6f6e6963} - c:\programdata\wscntfy.exe
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-Active@ UNDELETE 7 Enterprise - e:\nerd stuff\Active UNDELETE7 Enterprise\UNWISE.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Minigolf Deluxe Demo - c:\sierra\MgDeluxeDemo\Uninst.isu
AddRemove-VMware_Workstation - c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8c,71,05,50,a2,1d,ac,ea,51,67,11,37,39,a7,5b,7a,e9,5c,a9,17,b8,
e8,2d,5f,15,7d,f5,23,5d,90,ca,35,57,cb,70,00,48,0a,b2,3d,c0,95,85,6d,de,93,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0e,97,5f,49,26,83,93,be,bd,58,c5,62,b6,69,b5,29,4f,95,83,33,11,
10,27,1c,f5,74,7f,3c,9b,17,a8,da,8e,a7,64,b6,92,4b,2c,a5,aa,49,ba,96,e6,81,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8c,71,05,50,a2,1d,ac,ea,51,67,11,37,39,a7,5b,7a,e9,5c,a9,17,b8,
e8,2d,5f,15,7d,f5,23,5d,90,ca,35,57,cb,70,00,48,0a,b2,3d,c0,95,85,6d,de,93,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \37C5EB2B5B076D44]
"1"=hex:c9,79,69,4e,3d,a7,2b,2e,39,90,d1,21,b7,06,1b,4a,71,58,51,57,5e,93,d0,
87,b1,de,e3,2f,d3,c6,54,84
"2"=hex:e7,27,cf,42,f4,44,fe,c6,76,b9,01,5b,8d,a1,e7,a3,0b,92,3c,9d,f2,34,8f,
12,7a,a8,71,f2,2f,77,70,41,1f,10,57,54,31,fe,ca,e8
"3"=hex:c9,79,69,4e,3d,a7,2b,2e,39,90,d1,21,b7,06,1b,4a,71,58,51,57,5e,93,d0,
87,d3,a1,56,07,fe,e9,ed,5d,63,43,a8,79,69,5c,96,f5,16,c0,37,ea,62,de,2c,0d,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \37C5EB2B5B076D44\F4D9536879BA6642]
"1"=hex:c9,79,69,4e,3d,a7,2b,2e,a9,3f,42,59,36,dc,b2,cf,19,d8,95,d3,c6,6b,9f,
8d,4e,e1,69,38,67,f5,a9,04,5a,79,51,78,59,6b,1b,63,6c,a8,c6,5c,c6,ab,88,24
"2"=hex:d2,4c,5a,cd,82,f8,df,90
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:85,61,fe,fc,a7,58,24,fd,86,de,72,8f,47,4d,0a,7e,83,3d,10,99,a5,35,45,
2a,33,5e,6a,d1,48,ad,60,64,42,0b,87,10,ed,f1,37,8c,63,2f,1d,b1,60,4a,fc,a6,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
cb,7c,17,6e,0b,c5,cd,e3,0b,e5,29,b5,a8,1d,1b,67,b0,43,3d,25,e7,4d,a1,59,48,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0e,97,5f,49,26,83,93,be,bd,58,c5,62,b6,69,b5,29,4f,95,83,33,11,
10,27,1c,f5,74,7f,3c,9b,17,a8,da,8e,a7,64,b6,92,4b,2c,a5,aa,49,ba,96,e6,81,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\windows\System32\rpcnetp.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
c:\program files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\CCM\SCNotification.exe
c:\program files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
.
**************************************************************************
.
Completion time: 2013-03-05 00:49:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-05 05:49
.
Pre-Run: 155,702,108,160 bytes free
Post-Run: 154,910,298,112 bytes free
.
- - End Of File - - 0A9B56F673E239607346A4398A2F3A44

Posted 2 months ago #

Top

joefuf

Member

Posts: 121

I was doing so well today until just now. I even noticed a few minutes ago that I can see the tags on my MP3 files which had been an issue that had been plaguing me for almost a year. Glad something that we did fixed that... Anyway, I was just trying to get to this link (an MSNBC jobs page I found on Google) when I was redirected to this link:

http://216.172.54.31/feed/go.p.....eab0be8794

Any further suggestions? I've run SAS, ComboFix, MSEP, Malwarebytes Pro, and ADW Cleaner...

Posted 2 months ago #

Top

StringJunky

Member

Posts: 2454

Post a Hijack This log

http://www.softpedia.com/get/I.....This.shtml

Posted 2 months ago #

Top

StringJunky

Member

Posts: 2454

I'll have a gander at the Hijack This log but have thought of a plan. Uninstall FF and Chrome with Revo on Advanced setting. The browsers standard uninstall routines will run first then Revo will run a scan. Follow the prompts and delete all it finds then reboot. Make sure to uninstall everything even settings and profiles,

You can save your bookmarks in Chrome first by going to Settings > Bookmarks > Bookmark Manager > Organize > Export Bookmarks to HTML File. To restore later use the Import command in the same location.

In Firefox: Settings > Bookmarks > Show All Bookmarks > Import And Backup > Export Bookmarks To HTML. Use Import option to restore.

http://www.softpedia.com/get/T.....ller.shtml

Then Install Comodo Program Manager: http://programs-manager.comodo.com/

Install Chrome and Firefox. See if your issues have resolved. Comodo wil have monitored the installations and if the problem remains, hopefully on uninstalling the browsers again with Comodo, it can find the hidden problem because it tracked the installation of the browsers at the start if it hijacks the browsers again. Make sure, like Revo, to remove all it shows after the standard uninstall routine and reboot. Reinstall browsers again and check them.

This is as far as I can help you and you really need expert help if it fails.

Tony

Posted 2 months ago #

Top

joefuf

Member

Posts: 121

Sorry for the delay - I've been on Spring Break haha.

Below is the log that I generated from HijackThis. Let me know if you see anything before I try uninstalling things.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:10 PM, on 3/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Users\Jeff\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files (x86)\HomeKeylogger\KeyLogger.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Program Files (x86)\HomeKeylogger\KeyLogger.exe
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Jeff\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [AdobeBridge] (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [MusicManager] "C:\Users\Jeff\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2492272126-1598020779-2127758990-1018\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with Xilisoft iPhone Magic Platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: dldt_device - Unknown owner - C:\Windows\system32\dldtcoms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: lxdp_device - Unknown owner - C:\Windows\system32\lxdpcoms.exe (file missing)
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17489 bytes

Posted 2 months ago #

Top

StringJunky

Member

Posts: 2454

Have you installed Home Keylogger?

Posted 2 months ago #

Top

joefuf

Member

Posts: 121

Yeah, I installed it myself. It's fine to stay.

Posted 2 months ago #

Top

StringJunky

Member

Posts: 2454

Apart from that my research doesn't show anything untoward. Bear in mind I'm not an expert.

Posted 2 months ago #

Top

« Previous 1 2 3

How-To Geek

SECTIONS

WINDOWS

LINUX

OFFICE

WALLPAPER

MOBILE

HARDWARE

IT TECH

NEWS

ABOUT

CONTACT

FOLLOW US

TWITTER

GOOGLE+

FACEBOOK

RSS

ALL ARTICLES

FEATURES ONLY

DAILY DOWNLOADS

NEWS

The How-To Geek Forums Have Migrated to Discourse

Join the Discussion at discuss.howtogeek.com

How-To Geek Forums / Windows 7

Browser possibly getting hijacked