Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

safesearch.ch on Chrome - tried ZOEK.EXE 5.0 - failed to complete backup


  • Please log in to reply
2 replies to this topic

#1 MasonAlarms

MasonAlarms

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:03:40 PM

Posted 15 March 2015 - 09:29 AM

I've had safesearch.ch highjacking my chrome search and can't get rid of it.  Found ZOEK and ran the following script:

 

createsrpoint;
emptyfolderscheck;delete
Quickscan;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
 
...after 4 hours now, the script has been stuck on :
 
Zoek.exe v5.0.0.0 Updated 13-March-2015
Tool run by peter on Sun 03/15/2015 at  6:22:15.03.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Peter\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck  6:23:40.06 =====
 
--- Create Environment Variables  6:23:41.36 
--- Create System Restore Point  6:23:54.66 
--- Checking Input  6:24:02.55 
--- AU AppData Check  6:25:04.19 
--- Remove From Windows Installer  6:25:06.66 
--- Empty Folders Check  6:26:24.08 
--- Registry HKLM Software Check  6:26:24.09 
--- Quick Launch Shortcut Check  6:26:33.96 
--- IE Startpage Check  6:26:41.62 
--- Program Files DB Check  6:26:59.42 
--- C:\Users\administrator\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Default\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Default User\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Lori\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Peter\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Peter.MASONALARMS\AppData\Roaming DB Check  6:27:40.16 
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check  6:27:40.16 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check  6:27:40.16 
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check  6:27:40.16 
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check  6:27:40.16 
--- C:\Users\Peter DB Check  6:30:27.33 
--- C:\PROGRA~3 DB Check  6:30:56.61 
--- C:\Users\administrator\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Default\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Default User\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Lori\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Peter\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Peter.MASONALARMS\AppData\Local DB Check  6:31:04.48 
--- C:\Users\Public\AppData\Local DB Check  6:31:04.48 
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check  6:31:04.48 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check  6:31:04.48 
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check  6:31:04.48 
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check  6:31:04.48 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  6:33:12.68 
--- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  6:33:21.15 
--- Tasks DB Check  6:33:26.57 
--- Downloads DB Check  6:33:29.98 
--- C:\Users\administrator\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Users\Lori\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Users\Peter\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Users\Peter.MASONALARMS\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  6:33:33.96 
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check  6:33:33.96 
--- Tasks2 DB Check  6:34:37.62 
--- Documents DB Check  6:35:02.63 
--- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ypwzedt1.default DB Check  6:35:11.10 
--- C:\Users\Public\Desktop DB Check  6:35:13.21 
--- C:\Users\Peter\Desktop DB Check  6:35:17.61 
--- Services DB Check  6:35:25.09 
--- FF prefs.js DB Check  6:35:44.73 
--- Del by CLSID  6:36:21.85 
--- Delete Services  6:36:55.23 
--- Batch Commands  6:36:57.99 
--- Delete files\folders  6:36:58.05 
--- Create Backups  6:36:58.17 
--- Recently Created  6:37:01.23 
--- StartUp Information  6:40:23.82 
--- Firefox Extensions  6:40:37.72 
--- Firefox Plugins  6:40:38.04 
--- Chrome Look  6:41:37.56 
--- Create Backups  6:43:00.21 
 
...so, I created this account to request assist.  See the following that you required:
 
ComboFix 15-03-09.01 - peter 03/10/2015  19:56:52.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8140.5637 [GMT -4:00]
Running from: c:\users\Peter\Downloads\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\608E74678F.sys
c:\programdata\ntuser.pol
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-11 to 2015-03-11  )))))))))))))))))))))))))))))))
.
.
2015-03-11 00:05 . 2015-03-11 00:05 -------- d-----w- c:\users\Peter.MASONALARMS\AppData\Local\temp
2015-03-11 00:05 . 2015-03-11 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-11 00:05 . 2015-03-11 00:05 -------- d-----w- c:\users\administrator\AppData\Local\temp
2015-03-10 23:51 . 2015-03-10 23:51 -------- d-----w- c:\programdata\Configuration
2015-03-10 23:47 . 2015-03-10 23:47 -------- d-----w- c:\users\Peter\AppData\Roaming\SparkTrust Driver Updater
2015-03-10 23:47 . 2015-03-10 23:47 -------- d-----w- c:\program files (x86)\SparkTrust Driver Updater
2015-03-09 19:32 . 2015-03-09 19:33 -------- d-----w- c:\users\Lori
2015-02-26 03:16 . 2015-02-26 03:16 -------- d-----w- c:\users\Peter\AppData\Local\ElevatedDiagnostics
2015-02-20 17:09 . 2015-02-20 17:10 -------- d-----w- c:\users\Peter\AppData\Local\Citrix
2015-02-20 15:48 . 2015-02-20 15:49 -------- d-----w- C:\NPE
2015-02-17 17:48 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-17 17:48 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-17 17:48 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-17 17:48 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-17 00:37 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-17 00:37 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-17 00:37 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-17 00:37 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 15:02 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 15:01 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-12 15:01 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-12 15:01 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-12 15:01 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-12 15:01 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-12 15:01 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-12 15:01 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-12 15:01 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 20:50 . 2015-02-10 20:50 -------- d-----w- c:\program files\Microsoft.NET
2015-02-10 20:48 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-02-10 20:48 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2015-02-10 20:48 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-02-10 20:48 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-02-10 20:48 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-02-10 20:42 . 2015-02-10 20:42 -------- d-----w- c:\program files (x86)\Like
2015-02-10 20:42 . 2015-02-10 20:52 -------- d-----w- c:\users\Peter\AppData\Local\Fast Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-23 22:55 . 2014-10-10 20:11 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-13 13:05 . 2014-10-01 15:57 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-28 14:08 . 2014-09-15 18:32 319912 ----a-w- c:\windows\system32\javaws.exe
2015-01-28 14:08 . 2014-09-15 18:32 191400 ----a-w- c:\windows\system32\javaw.exe
2015-01-28 14:08 . 2014-09-15 18:32 190888 ----a-w- c:\windows\system32\java.exe
2015-01-28 14:08 . 2014-09-15 18:32 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-28 14:07 . 2014-10-16 17:34 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 04:03 . 2014-09-15 16:07 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-12-19 03:06 . 2015-01-14 10:59 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 10:59 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2159cb25-ef9a-54c1-b43c-e30d1a4a8277}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2014-04-21 18944]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 90209]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 197339]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 493568]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 3983]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 448]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 101376]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7946]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2015-03-09 41540]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-11-26 200000]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2015-01-14 200000]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2015-01-14 200000]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2015-02-18 200000]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 45056]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7680]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 15360]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7168]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 10936320]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2146304]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 353792]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 5402624]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 52505]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2030]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 20480]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 447]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 448]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 251904]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 68608]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 172032]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 122880]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1171456]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 98304]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 323584]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 11921]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 8475]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 11995]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2658]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1632]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 8123]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 293376]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 211456]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 57344]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 112128]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 20480]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7168]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 279040]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 46080]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1580]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 3459]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 243712]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-07-22 5120]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 228155]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2498560]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 139264]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 131584]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 155648]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 9216]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 39424]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 304640]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18944]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 843]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 22016]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 285184]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 545280]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 88576]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 270093]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 90112]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1640]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 1984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 7466]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 592568]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 443]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 14848]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18944]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 27136]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7540]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 920]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 10640]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 46592]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 13824]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 73728]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 49152]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 327680]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7499264]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-05-19 62464]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268288]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 20480]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 68608]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 311296]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 41984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2007040]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 50176]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 36864]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 32768]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 75264]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-05-19 27648]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1499136]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 102400]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 77824]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 69632]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 397312]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 4071424]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 618496]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 59904]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 950272]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 724992]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 180224]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 27648]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 252928]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 339456]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 7680]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 34304]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 5632]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 35328]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 245760]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 475136]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 311296]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 327680]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 454656]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 98304]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 6062]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1445888]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 16384]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 20480]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 13303808]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 53248]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 174592]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 618496]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 131072]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 573440]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1466368]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1490944]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 425984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1699840]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 860]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 74240]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 25600]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 968704]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 57344]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 67584]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1118208]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1365504]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 21504]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 86016]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 393216]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2232320]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 454656]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 537088]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 0]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 1130]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 1545]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 896]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 487]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 0]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 1530]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 0]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 816]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 243]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 1532]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18012]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2008-05-20 1347584]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 268984]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 18446]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 134656]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 45142]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 151624]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 73216]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 208]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 317516]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2308792]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 582]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 448]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 955904]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 6168]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 8192]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 26112]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-09-15 258]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 138240]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 27136]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 57736]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 130048]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 15872]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 81920]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 26624]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 2081280]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 152576]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 80896]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 205312]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 29880]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 336]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-04-21 32640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"ihccontrol"="c:\program files (x86)\Instant Housecall\InstantHousecall.exe" [2014-10-18 2006080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Act! Integration.lnk - c:\program files (x86)\ACT\Act for Windows\Act!.Integration.exe D [2014-4-21 101376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 Act! Scheduler;Act! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IHCserver;Instant Housecall Service;c:\program files (x86)\Instant Housecall\InstantHousecall.exe;c:\program files (x86)\Instant Housecall\InstantHousecall.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]
R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20150309.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20150309.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20150308.003\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20150308.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x]
S2 ActSmartTaskService;ACT! Smart Task Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 12:58 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15 17:32]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Invitation {312D28A7-332C-4EE0-90D0-2D57CF662AED}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Invitation {9865C3CD-4E23-4D1C-9653-12EB81F0F192}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Invitation {F6C39D27-BC8C-4D2C-9F0B-942C6E37EFC2}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Update {312D28A7-332C-4EE0-90D0-2D57CF662AED}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Update {9865C3CD-4E23-4D1C-9653-12EB81F0F192}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\EPSON WF-7620 Series Update {F6C39D27-BC8C-4D2C-9F0B-942C6E37EFC2}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-27 00:20]
.
2015-03-10 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3655922375-1452274939-3464468309-1114.job
- c:\users\Peter\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-08 16:42]
.
2015-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15 18:31]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15 18:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-01-27 1617920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.safesear.ch/web/?type=20150210-175-sshome-ie-df&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.225 10.0.0.226
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ypwzedt1.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-10  20:19:35
ComboFix-quarantined-files.txt  2015-03-11 00:19
.
Pre-Run: 153,723,854,848 bytes free
Post-Run: 153,330,860,032 bytes free
.
- - End Of File - - 86E0C6AC501AFA005303BBD2FB80BEEF
A36C5E4F47E84449FF07ED3517B43A31
 

....other symptom since the ZOEK.EXE freezeup, browser windows auto scroll downwards when I'm viewing it.  Launching TaskMgr shows ZOEK.EXE is still running.

...it' Sunday, so I'll let it run overnight but I don't expect it to complete by itself.  Whenever I try to close the ZOEK.EXE, it ask me to wait.

Attached Files



BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:40 PM

Posted 19 March 2015 - 08:24 AM

Hi MasonAlarms,

Welcome to the BleepingComputer Technical Support Forums! I am Blackbird and I'll be helping during the malware removal process.

Where did you get the advise to run ComboFix? This is a tool that shouldn't be used without supervision of a trained Malware Analyst, like the members of the Malware Response Team here at BleepingComputer. I really advise you to never use this tool again on your own behalf, as it can do harm to your system and even make it unbootable if not used properly.

For now, please read this topic and follow-up the instructions given in it:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Please post both logfiles from FRST in your next reply by using copy/paste.

Good luck! :)
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 MasonAlarms

MasonAlarms
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:03:40 PM

Posted 19 March 2015 - 08:31 AM

Thanks for the advise.

 

All fixed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users