Jump to content

mosedavid

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by mosedavid

  1. mosedavid

    Charlie, Thanks so much for helping me, I can't quite believe there are people like you online. That I'm able to go online and get my own personal helper from start to finish is not service I'm used to getting regardless of cost. You are a star my man.

  2. mosedavid
    Thank you very much your a saint. Will comment on your feed rather than here. Suffice to say, problem seems to be gone.
  3. mosedavid
    adwcleaner text S1.txt # AdwCleaner v2.303 - Logfile created 06/10/2013 at 15:43:00 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : tiggs - TIGGS-PC # Boot Mode : Normal # Running from : C:\Users\tiggs_2\Desktop\malware stuff\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : \END Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\tiggs\AppData\Local\PackageAware Folder Deleted : C:\Users\tiggs\AppData\LocalLow\Conduit Folder Deleted : C:\Users\tiggs\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\tiggs_2\AppData\LocalLow\AskToolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\Software\Conduit Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\tiggs\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\tiggs_2\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1527 octets] - [10/06/2013 02:20:35] AdwCleaner[R2].txt - [1587 octets] - [10/06/2013 15:41:37] AdwCleaner[s1].txt - [1542 octets] - [10/06/2013 15:43:00] ########## EOF - \AdwCleaner[s1].txt - [1602 octets] ########## Security Checkup text output: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.0 Java™ 6 Update 30 Java™ 7 Update 4 Java version out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe tiggs_2 Desktop malware stuff SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. mosedavid
    Just to add, I don't see anything worth keeping in that file list/log
  5. mosedavid
    I deleted the 3 folders (haven't cleared the recycle bin yet) - I didn't recognise the files. I did the scan and heres the log AdwCleanerR1.txt
  6. mosedavid
    ok.... Ewbo folder empty, Folder Tisier: 1 file.. diwo.vyv created 06/06/13 31kb. Folder Syviy 1 file.. locked file tatyo.vyh 05/06 390kb. The Programdata folder contains an icon file - a orange red black striped shield 10kb 02/06 aswMBR.txt
  7. mosedavid
    ok seems to work now combofix log.txt
  8. mosedavid
    sorry...don't know whats going on here, I was able to upload files, now I cant hence pasting the log
  9. mosedavid
    sorry - upload didn't work there ill try again - still not working, will have to just post it here: ComboFix 13-06-08.02 - tiggs 10/06/2013 0:06.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1322 [GMT 1:00] Running from: c:\users\tiggs_2\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))) . . 2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\tiggs\AppData\Local\temp 2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-09 22:13 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DF5C5B-5AE4-43FD-8199-9064FC8FE317}\mpengine.dll 2013-06-09 21:18 . 2013-06-09 21:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-09 17:55 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-07 22:16 . 2013-06-07 22:16 -------- d-----r- C:\Sandbox 2013-06-07 22:04 . 2013-06-07 22:04 -------- d-----w- c:\program files\Sandboxie 2013-06-07 21:22 . 2013-06-09 22:57 -------- d-----w- c:\users\tiggs_2\AppData\Local\temp 2013-06-07 15:55 . 2013-06-07 16:47 -------- d-----w- c:\programdata\SecTaskMan 2013-06-07 15:52 . 2013-06-07 15:52 -------- d-----w- c:\users\tiggs_2\AppData\Local\TopArcadeHits 2013-06-07 07:23 . 2013-06-07 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll 2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files\Microsoft Security Client 2013-06-07 07:12 . 2013-06-07 07:12 100352 ----a-w- c:\windows\system32\dfboottime.exe 2013-06-07 06:29 . 2013-06-07 06:29 -------- d-----w- c:\program files\Defraggler 2013-06-05 18:12 . 2013-06-07 16:36 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Ebwo 2013-06-05 18:12 . 2013-06-05 20:08 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Tiseir 2013-06-05 18:12 . 2013-06-05 18:12 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Syviy 2013-06-02 21:50 . 2013-06-05 19:48 -------- d-----w- c:\programdata\58D13EDBA73FA446000058D0E610AA2F 2013-05-17 17:46 . 2013-04-05 06:50 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-05-17 17:46 . 2013-04-05 05:26 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-17 17:46 . 2013-04-05 06:52 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-05-17 17:46 . 2013-04-05 05:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-05-17 17:46 . 2013-04-05 06:50 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-17 17:46 . 2013-04-05 05:28 1767424 ----a-w- c:\windows\SysWow64\wininet.dll 2013-05-17 17:46 . 2013-04-05 06:52 2242048 ----a-w- c:\windows\system32\wininet.dll 2013-05-17 17:46 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll 2013-05-17 17:46 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-05-16 11:12 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 11:12 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 11:12 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-16 11:12 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-16 11:12 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-16 11:12 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-16 11:11 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-16 11:11 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-16 11:11 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-16 11:11 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 18:39 . 2013-02-08 22:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 18:39 . 2013-02-08 22:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-03 15:15 . 2011-06-17 10:01 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-02 15:29 . 2011-01-19 16:51 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-12 14:45 . 2013-04-24 08:28 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 13:50 . 2013-02-20 05:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 13:16 . 2013-03-19 13:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-19 13:16 . 2013-03-19 13:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-19 13:16 . 2013-03-19 13:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-19 13:16 . 2013-03-19 13:16 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-19 13:16 . 2013-03-19 13:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-19 13:16 . 2013-03-19 13:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-19 13:16 . 2013-03-19 13:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-19 13:16 . 2013-03-19 13:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-19 13:16 . 2013-03-19 13:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-19 13:16 . 2013-03-19 13:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-19 13:16 . 2013-03-19 13:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-19 13:16 . 2013-03-19 13:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-19 13:16 . 2013-03-19 13:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-19 13:16 . 2013-03-19 13:16 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-19 13:16 . 2013-03-19 13:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-19 13:16 . 2013-03-19 13:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-19 13:16 . 2013-03-19 13:16 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-19 13:16 . 2013-03-19 13:16 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-19 13:16 . 2013-03-19 13:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-19 13:16 . 2013-03-19 13:16 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-19 13:16 . 2013-03-19 13:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-19 13:16 . 2013-03-19 13:16 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-19 13:16 . 2013-03-19 13:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-19 13:16 . 2013-03-19 13:16 441856 ----a-w- c:\windows\system32\html.iec 2013-03-19 13:16 . 2013-03-19 13:16 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-19 13:16 . 2013-03-19 13:16 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-19 13:16 . 2013-03-19 13:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-19 13:16 . 2013-03-19 13:16 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-19 13:16 . 2013-03-19 13:16 235008 ----a-w- c:\windows\system32\url.dll 2013-03-19 13:16 . 2013-03-19 13:16 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-19 13:16 . 2013-03-19 13:16 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-19 13:16 . 2013-03-19 13:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-19 13:16 . 2013-03-19 13:16 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-19 13:16 . 2013-03-19 13:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-19 13:16 . 2013-03-19 13:16 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-19 13:16 . 2013-03-19 13:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-19 13:16 . 2013-03-19 13:16 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 13:16 . 2013-03-19 13:16 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-19 13:16 . 2013-03-19 13:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-19 13:16 . 2013-03-19 13:16 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-19 13:16 . 2013-03-19 13:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-19 13:16 . 2013-03-19 13:16 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-19 13:16 . 2013-03-19 13:16 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-19 13:16 . 2013-03-19 13:16 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-19 13:16 . 2013-03-19 13:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-03-19 13:14 . 2013-03-19 13:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-19 13:14 . 2013-03-19 13:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-03-19 13:14 . 2013-03-19 13:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-03-19 13:14 . 2013-03-19 13:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-03-19 13:14 . 2013-03-19 13:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-03-19 13:14 . 2013-03-19 13:14 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-03-19 13:14 . 2013-03-19 13:14 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-03-19 13:14 . 2013-03-19 13:14 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-03-19 13:14 . 2013-03-19 13:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-03-19 13:14 . 2013-03-19 13:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-03-19 13:14 . 2013-03-19 13:14 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-03-19 13:14 . 2013-03-19 13:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-03-19 13:14 . 2013-03-19 13:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-03-19 13:14 . 2013-03-19 13:14 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-03-19 13:14 . 2013-03-19 13:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-03-19 13:14 . 2013-03-19 13:14 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-03-19 13:14 . 2013-03-19 13:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-03-19 13:14 . 2013-03-19 13:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-03-19 13:14 . 2013-03-19 13:14 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-03-19 13:14 . 2013-03-19 13:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-03-19 13:13 . 2013-03-19 13:13 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-03-19 13:13 . 2013-03-19 13:13 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-03-19 13:13 . 2013-03-19 13:13 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-03-19 13:13 . 2013-03-19 13:13 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-03-19 13:13 . 2013-03-19 13:13 293376 ----a-w- c:\windows\SysWow64\dxgi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}] 2013-06-07 15:52 153432 ----a-w- c:\users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-12-02 08:01 120104 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-05-24 6154008] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-23 1288784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 A2DDA;A2 Direct Disk Access Support Driver;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys [x] R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 18:39] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003Core.job - c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003UA.job - c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24] . 2013-06-09 c:\windows\Tasks\TopArcadeHits.job - c:\users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [2013-06-07 15:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-12-02 08:04 137512 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.24.243.4 62.24.202.70 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59, dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d, dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02 "{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b, e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:a6,5b,f3,54,4c,2f,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-10 00:11:32 ComboFix-quarantined-files.txt 2013-06-09 23:11 ComboFix2.txt 2013-06-09 22:59 ComboFix3.txt 2013-06-07 21:22 ComboFix4.txt 2013-06-07 16:18 . Pre-Run: 167,613,399,040 bytes free Post-Run: 167,542,128,640 bytes free . - - End Of File - - 6254D048F475374B59482A706E335949 D41D8CD98F00B204E9800998ECF8427E
  10. mosedavid
    find enclosed combofix file.... 'tophatarcade'??
  11. mosedavid
    didn't read note at very bottom of your message - sos.... internet is working, windows update is working (updated last month) and as far as I can see the firewall is on and functioning. Do I run fix damage tool anyway?? I just noticed that internet explorer wanted me to download wuapp.exe. assume that is normal and from when I clicked on windows update? Didn't notice it before as it was at the bottom of the screen.
  12. mosedavid
    Hi, thanks for your support... did as you said, performed the full scan - no threats were found (obviously not quite right!) 'nothing to clean up'. I only performed this scan once because of this and I did not restart. The 2 files are added. mbar-log-2013-06-09 (22-18-52).txt system-log.txt
  13. mosedavid
    Thankyou so much for your reply. I ran the tool, disabling realtime protection MSE while doing the scan. Internet was connected while scanning. Here is the 'report': RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : tiggs [Admin rights] Mode : Scan -- Date : 06/09/2013 18:53:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [TASK][sUSP PATH] TopArcadeHits.job : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND [TASK][sUSP PATH] McQcModifier-5c47-a7b0 : C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [-] -> FOUND [TASK][sUSP PATH] TopArcadeHits : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++ --- User --- [MBR] 1716d59367171f5770942fc48ebf069b [bSP] a7154dd655db8a306c264ff1caa08842 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 226373 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_06092013_02d1853.txt >> RKreport[1]_S_06092013_02d1853.txt
  14. mosedavid
    My wife's laptop has become infected over the last couple of days. I believe she either clicked on a rogue link on a Facebook page or a rogue holidays email. Before posting here I have tried unsuccessfully to remove this with malwarebytes and various scans with MS security essentials. Malwarebytes found Malware.packer.T, Rogue.ErrorRepair.Proffessional, Rootkit.0Access, Trojan.Zbot, Malware.Packer.VDG (x2) I can sometimes find these files but they keep on coming back. For DDS CCleaner disabled, internet disabled, MSE realtime protection disabled............................ please find Attach.txt: Am just hoping someone can assist me on this. . . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 19/01/2011 14:20:06 System Uptime: 09/06/2013 14:44:44 (1 hours ago) . Motherboard: Acer | | Aspire 7741 Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 157.057 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: TCP/IP Protocol Driver Device ID: ROOT\LEGACY_TCPIP\0000 Manufacturer: Name: TCP/IP Protocol Driver PNP Device ID: ROOT\LEGACY_TCPIP\0000 Service: Tcpip . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: A2 Direct Disk Access Support Driver Device ID: ROOT\LEGACY_A2DDA\0000 Manufacturer: Name: A2 Direct Disk Access Support Driver PNP Device ID: ROOT\LEGACY_A2DDA\0000 Service: A2DDA . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Privacyware Filter Driver Device ID: ROOT\LEGACY_PWIPF6\0000 Manufacturer: Name: Privacyware Filter Driver PNP Device ID: ROOT\LEGACY_PWIPF6\0000 Service: pwipf6 . ==== System Restore Points =================== . RP337: 07/06/2013 16:41:14 - Removed Rapport RP338: 07/06/2013 16:42:37 - Removed Rapport RP339: 07/06/2013 16:45:21 - Removed Rapport . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 3Connect 7-Zip 9.20 Acer Crystal Eye webcam Ver:1.1.158.203 Acer ePower Management Acer eRecovery Management Acer Registration Acer ScreenSaver Acer Updater Adobe Flash Player 11 ActiveX Alcor Micro USB Card Reader Broadcom Gigabit NetLink Controller CCleaner CyberLink PowerDVD 9 Defraggler Foxit Reader Google Update Helper HL-2270DW Huawei modem Identity Card Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java™ 6 Update 30 Java™ 7 Update 4 JavaFX 2.1.0 Junk Mail filter update Kobo Launch Manager Macromedia Shockwave Player Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) MyWinLocker NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 Rapport Realtek High Definition Audio Driver Sandboxie 3.76 (64-bit) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 09/06/2013 14:45:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pwipf6 09/06/2013 14:44:58, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading 09/06/2013 14:44:58, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 09/06/2013 14:44:54, Error: volmgr [46] - Crash dump initialization failed! 07/06/2013 23:28:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 07/06/2013 23:28:37, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 07/06/2013 23:28:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 07/06/2013 22:19:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 07/06/2013 17:13:31, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 07/06/2013 09:31:40, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 07/06/2013 07:39:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI Backup Now 5 Scheduler Service service to connect. 07/06/2013 07:39:02, Error: Service Control Manager [7000] - The NTI Backup Now 5 Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1 Run by tiggs at 15:39:17 on 2013-06-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1281 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\RapportService.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\x64\RapportInjService_x64.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Sandboxie\32\SbieSvc.exe C:\Program Files\Sandboxie\SandboxieCrypto.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 62.24.243.4 62.24.202.70 TCP: Interfaces\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9} : DHCPNameServer = 62.24.243.4 62.24.202.70 TCP: Interfaces\{81D3D150-46C7-457E-88BD-8F0AC9114739} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8} : DHCPNameServer = 62.24.243.4 62.24.202.70 TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\4514E44444D2535354332344 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\75C414E4731303 : DHCPNameServer = 135.196.0.6 135.196.0.14 TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\A5978554C4F5142474E4F5132323232323 : DHCPNameServer = 195.74.113.58 195.74.113.62 195.74.113.58 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned> x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Acer ePower Management] "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" x64-Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464] R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-6-16 1740696] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-12 325200] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-12 865824] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-11 13336] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-11 2320920] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-2-11 240160] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-11 56344] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-6-16 86016] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-12 158848] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-12 271872] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-6 245760] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-6-16 117248] S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2011-6-16 13952] S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2011-6-16 421376] S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2009-12-2 305448] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\System32\drivers\s0017bus.sys [2008-10-21 113704] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\System32\drivers\s0017mdfl.sys [2008-10-21 19496] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\System32\drivers\s0017mdm.sys [2008-10-21 152616] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0017mgmt.sys [2008-10-21 133160] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\System32\drivers\s0017nd5.sys [2008-10-21 34856] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0017obex.sys [2008-10-21 128552] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\System32\drivers\s0017unic.sys [2008-10-21 145960] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-20 1255736] . =============== Created Last 30 ================ . 2013-06-09 14:02:04 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9858469-E945-4703-97C7-4DB8006637C3}\mpengine.dll 2013-06-07 22:16:04 -------- d-----r- C:\Sandbox 2013-06-07 22:11:52 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-07 22:04:04 -------- d-----w- C:\Program Files\Sandboxie 2013-06-07 21:23:05 -------- d-sh--w- C:\$RECYCLE.BIN 2013-06-07 16:18:36 -------- d-----w- C:\Users\tiggs\AppData\Local\temp 2013-06-07 16:07:36 98816 ----a-w- C:\Windows\sed.exe 2013-06-07 16:07:36 256000 ----a-w- C:\Windows\PEV.exe 2013-06-07 16:07:36 208896 ----a-w- C:\Windows\MBR.exe 2013-06-07 15:55:28 -------- d-----w- C:\ProgramData\SecTaskMan 2013-06-07 07:23:42 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll 2013-06-07 07:20:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-06-07 07:20:35 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-06-07 07:12:41 100352 ----a-w- C:\Windows\System32\dfboottime.exe 2013-06-07 06:29:56 -------- d-----w- C:\Program Files\Defraggler 2013-06-02 21:50:27 -------- d-----w- C:\ProgramData\58D13EDBA73FA446000058D0E610AA2F 2013-05-17 17:46:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 17:46:59 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 17:46:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-05-17 17:46:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-05-17 17:46:57 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 17:46:56 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-05-16 11:12:10 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-16 11:12:09 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-16 11:12:09 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-16 11:12:01 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-16 11:11:59 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-16 11:11:59 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-16 11:11:57 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-16 11:11:49 3153920 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-05-15 18:39:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 18:39:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 13:14:01 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-19 13:13:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-03-19 13:13:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-03-19 13:13:59 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-03-19 13:13:59 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-03-19 13:13:59 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-03-19 13:13:59 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-03-19 13:13:59 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-03-19 13:13:59 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-03-19 13:13:59 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-03-19 13:13:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-03-19 13:13:59 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-03-19 13:13:59 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-03-19 13:13:59 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe . ============= FINISH: 15:39:25.90 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.