Jump to content

Winpatrol alert


Recommended Posts

At the suggestion of CWB I am posting for further help on an alert I got this morning from Winpatrol, which might be suspicious.

 

"Winpatrol came up with a box telling me that "rundll32 netman.dll,ProcessQueue" wanted to run and did I accept the change message this morning. I said no and thought I'd ask if anyone knew what it could be? The same thing happened on my laptop as well but I haven't downloaded anything suspicious, only latest Microsoft updates and Avast and Malwarebytes updates."

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Nigel at 11:37:52 on 2014-03-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8183.4659 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.



TCP: NameServer = 192.168.0.1
TCP: Interfaces\{240E531C-01C5-4567-BF72-B504E86C3735} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5F1AEC1F-9D1D-40D2-8F50-1491A7A73146} : DHCPNameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{86CAA214-65E8-4352-B03D-396AF9D236C8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ACE43CAF-4513-49FA-B22F-A34A7D0542A3} : DHCPNameServer = 192.168.1.254
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\w24mgqft.default-1383000727538\
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-29 208928]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-12-11 108832]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-12-22 316312]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-4-15 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-4-15 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-4-15 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-12-11 117024]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-29 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-29 423240]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-28 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-3-19 282712]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-3-19 397848]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-3-17 3783672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-29 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-30 50344]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-2-1 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-2-1 135824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]
R2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.EXE [2012-3-16 72192]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-7-12 66560]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-3-19 1444120]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-11-4 660184]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084696]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-8-13 8712096]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-8-13 567712]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-3-17 367200]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-1 84816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-8-13 13688]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-26 25928]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2010-4-7 446304]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-8-13 66424]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-8-13 15736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-10-29 12744]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2010-1-16 7808]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2009-12-24 716800]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-12-4 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-12-4 41280]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-11-4 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-18 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-21 31800]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
S3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2010-1-16 7808]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-18 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2 1255736]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2x.sys [2009-1-13 560128]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-03-30 14:08:15    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-28 10:29:04    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE92E7FD-656E-4E27-A731-A6615A6E3313}\mpengine.dll
2014-03-17 10:30:59    367200    ----a-w-    C:\Windows\System32\drivers\afcdp.sys
2014-03-17 10:30:40    --------    d-----w-    C:\Users\Nigel\AppData\Roaming\FEAD492A-CD0D-4374-873B-8CB96934D069
2014-03-12 12:19:40    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 12:19:40    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 12:19:39    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 12:19:39    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 12:07:16    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-04 17:11:08    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 17:11:08    --------    d-----w-    C:\Program Files\iTunes
2014-03-04 17:11:08    --------    d-----w-    C:\Program Files\iPod
2014-03-04 17:11:08    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-03-30 14:08:16    84816    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-03-30 14:08:16    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-30 14:08:16    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-03-30 14:08:16    208928    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-30 14:08:16    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-30 14:08:15    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-03-19 21:27:40    316312    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2014-03-17 10:30:52    1462560    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2014-03-12 12:07:33    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 12:07:33    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-17 16:24:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 16:24:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:38:53.62 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 29/10/2009 16:44:15
System Uptime: 31/03/2014 09:34:38 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P7P55D LE
Processor: Intel® Core i7 CPU         860  @ 2.80GHz | LGA1156 | 3497/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 101.249 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 167.988 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP906: 17/03/2014 22:37:35 - Windows Update
RP907: 18/03/2014 09:28:00 - Installed Rapport
RP908: 20/03/2014 16:13:56 - Installed Rapport
RP909: 21/03/2014 09:49:51 - Windows Update
RP911: 25/03/2014 09:14:52 - Revo Uninstaller Pro's restore point - QuickTime 7
RP912: 25/03/2014 09:19:06 - Windows Update
RP914: 27/03/2014 16:42:38 - Revo Uninstaller Pro's restore point - Google Toolbar for Internet Explorer
RP915: 28/03/2014 10:28:25 - Windows Update
RP916: 30/03/2014 15:05:54 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
3DMark06
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Color Common Settings
Adobe Color Video Profiles CS CS4
Adobe Creative Cloud
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 12 Plugin
Adobe Help Center 2.1
Adobe Help Manager
Adobe Illustrator CS6
Adobe Media Player
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Reader XI (11.0.06)
Adobe Setup
AdobeColorCommonSetRGB
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
avast! Free Antivirus
Belkin 54Mbps Wireless Network Adapter
Bonjour
CamRanger Firmware Update 6
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities Digital Photo Professional
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix XenApp Web Plugin
Download Navigator
Dropbox
Dropbox Export Plug-in version 1.6.0 for Adobe Lightroom
Epson Connect Guide
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson Network Guide XP-750 Series
EPSON Scan
Epson User's Guide XP-750 Series
EPSON XP-750 Series Printer Uninstall
EpsonNet Print
eReg
ERUNT 1.1j
Eye-One Diagnostics
Eye-One Match 3.6.2
Eye-One Share
FastPictureViewer Codec Pack 3.1
Google Earth
Google Update Helper
Helicon Focus 5.3.14
HiJackThis
HydraVision
i1_driver_installer_utility_i1Match version 1.0
inSSIDer
iTunes
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Camera Codec Pack
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Works 6-9 Converter
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Neuratron PhotoScore Lite
Noise Ninja 2 (Standalone Version)
Opanda IExif 2.3
PDF Settings CS6
PDFCreator
Photomatix Pro version 4.0.2
Photomatix Pro version 4.1.4
Photomatix Pro version 5.0
PhotoTools 2.5
Pixel Bender Toolkit
Rapport
Recuva
Revo Uninstaller Pro 3.0.8
Secunia PSI (3.0.0.9015)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Sibelius 5
Sibelius Scorch (all browsers)
Sibelius Scorch (Firefox, Opera, Netscape only)
Sibelius Sounds Essentials
Singapore Airlines PC Timetable
Spelling Dictionaries Support For Adobe Reader 9
The Photographer's Ephemeris
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell® Blacklist™
Tone Mapping Plug-In 2.1 64-bit
Tone Mapping Plug-In 2.2 64-bit
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz B&W Effects
Topaz B&W Effects (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Detail 3
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
True Image 2013
Trusteer Endpoint Protection
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
25/03/2014 09:22:21, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.169.729.0).
.
==== End Of File ===========================
 

 

Look forward to hearing your comments thank you.

 

 

Link to post
Share on other sites

  • Root Admin

This appears to probably be from some type of installer.  Did you recently install some type of software?
 
 

Hosted service - netman.dll is typically associtated with identifier name of cda9f1373805af88f6fa4f2064bba24d with and identifier of Netman. A Windows Hosted Service is a service that is implemented as dynamically-linked library (DLL) run under the (Service Host) SvcHost process.
Startup files (all users) run once - netman.dll is registered with the run identifier 'NCInstallQueue' and the execution command 'rundll32 netman.dll,ProcessQueue' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. RunOnce keys are used to launch a service or background process whenever a user logs into Windows. Once the application is launched for the first time its entry will be removed from the Registry so it does not run again when the user logins again. Applications here are designed to be used primarily by Setup programs.

Network Connections Manager is loaded by svchost.exe (Host Process for Windows Services by Microsoft)

You actually asked this same question back on 11/15/2013 and I did not locate that information at the time but the logs then as now are not showing anything obviously wrong.

https://forums.malwarebytes.org/index.php?showtopic=136632

The log does show that your .TXT file association is not correct and should be fixed.
 

From the link here are various file type association registry fixes
Windows 7: Default File Type Associations - Restore

Specifically here is the one for .TXT files.  You should download it and save it to your computer and then locate it and double click on it to merge it and it should fix your file associations for .TXT files
txt - Text document files. The default program is Notepad

Here is a similar post on the WinHelpOnline site

File Association Fixes for Windows 7

Link to post
Share on other sites

Thanks Ron, I have downloaded some updates recently - do I need to just accept the change, or can I find out where its coming from? Winpatrol says it can't verify the site owner and programme details.

 

I've run the txt fix - thank you for that.

Link to post
Share on other sites

  • Root Admin

Well it's a one time run and often probably if not run at the right time it may not matter.  For now probably just ignore it and next time you do updates or software installs just realize that you're the one that initiated it and that something like this is probably to be expected.  When you've not installed any software of updates and it just shows up out of the blue is when you want to deny it.

 

Unless there is something else here we should be done.  You can delete the FRST program and the folder it created if you like or save them as they're copies of your current Registry.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.