[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

Thank you very much your a saint. Will comment on your feed rather than here. Suffice to say, problem seems to be gone.

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

adwcleaner text S1.txt

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 15:43:00

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : tiggs - TIGGS-PC

# Boot Mode : Normal

# Running from : C:\Users\tiggs_2\Desktop\malware stuff\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : \END

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\tiggs\AppData\Local\PackageAware

Folder Deleted : C:\Users\tiggs\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\tiggs\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\tiggs_2\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\Software\Conduit

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\tiggs\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\tiggs_2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1527 octets] - [10/06/2013 02:20:35]

AdwCleaner[R2].txt - [1587 octets] - [10/06/2013 15:41:37]

AdwCleaner[s1].txt - [1542 octets] - [10/06/2013 15:43:00]

########## EOF - \AdwCleaner[s1].txt - [1602 octets] ##########

Security Checkup text output:

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

JavaFX 2.1.0

Java™ 6 Update 30

Java™ 7 Update 4

Java version out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

tiggs_2 Desktop malware stuff SecurityCheck.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

Just to add, I don't see anything worth keeping in that file list/log

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

I deleted the 3 folders (haven't cleared the recycle bin yet) - I didn't recognise the files. I did the scan and heres the log

AdwCleanerR1.txt

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

ok.... Ewbo folder empty, Folder Tisier: 1 file.. diwo.vyv created 06/06/13 31kb. Folder Syviy 1 file.. locked file tatyo.vyh 05/06 390kb. The Programdata folder contains an icon file - a orange red black striped shield 10kb 02/06

aswMBR.txt

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

ok seems to work now

combofix log.txt

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

sorry...don't know whats going on here, I was able to upload files, now I cant hence pasting the log

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

sorry - upload didn't work there ill try again - still not working, will have to just post it here: ComboFix 13-06-08.02 - tiggs 10/06/2013 0:06.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1322 [GMT 1:00]

Running from: c:\users\tiggs_2\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))

.

.

2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\tiggs\AppData\Local\temp

2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-09 22:13 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DF5C5B-5AE4-43FD-8199-9064FC8FE317}\mpengine.dll

2013-06-09 21:18 . 2013-06-09 21:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-09 17:55 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-07 22:16 . 2013-06-07 22:16 -------- d-----r- C:\Sandbox

2013-06-07 22:04 . 2013-06-07 22:04 -------- d-----w- c:\program files\Sandboxie

2013-06-07 21:22 . 2013-06-09 22:57 -------- d-----w- c:\users\tiggs_2\AppData\Local\temp

2013-06-07 15:55 . 2013-06-07 16:47 -------- d-----w- c:\programdata\SecTaskMan

2013-06-07 15:52 . 2013-06-07 15:52 -------- d-----w- c:\users\tiggs_2\AppData\Local\TopArcadeHits

2013-06-07 07:23 . 2013-06-07 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll

2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files\Microsoft Security Client

2013-06-07 07:12 . 2013-06-07 07:12 100352 ----a-w- c:\windows\system32\dfboottime.exe

2013-06-07 06:29 . 2013-06-07 06:29 -------- d-----w- c:\program files\Defraggler

2013-06-05 18:12 . 2013-06-07 16:36 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Ebwo

2013-06-05 18:12 . 2013-06-05 20:08 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Tiseir

2013-06-05 18:12 . 2013-06-05 18:12 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Syviy

2013-06-02 21:50 . 2013-06-05 19:48 -------- d-----w- c:\programdata\58D13EDBA73FA446000058D0E610AA2F

2013-05-17 17:46 . 2013-04-05 06:50 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-05-17 17:46 . 2013-04-05 05:26 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-05-17 17:46 . 2013-04-05 06:52 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-05-17 17:46 . 2013-04-05 05:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-05-17 17:46 . 2013-04-05 06:50 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-05-17 17:46 . 2013-04-05 05:28 1767424 ----a-w- c:\windows\SysWow64\wininet.dll

2013-05-17 17:46 . 2013-04-05 06:52 2242048 ----a-w- c:\windows\system32\wininet.dll

2013-05-17 17:46 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll

2013-05-17 17:46 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-05-16 11:12 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-16 11:12 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-16 11:12 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-16 11:12 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-16 11:12 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-16 11:12 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-16 11:11 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-16 11:11 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-16 11:11 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-16 11:11 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 18:39 . 2013-02-08 22:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 18:39 . 2013-02-08 22:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-03 15:15 . 2011-06-17 10:01 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 15:29 . 2011-01-19 16:51 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-12 14:45 . 2013-04-24 08:28 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 13:50 . 2013-02-20 05:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 13:16 . 2013-03-19 13:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-19 13:16 . 2013-03-19 13:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-19 13:16 . 2013-03-19 13:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-19 13:16 . 2013-03-19 13:16 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-19 13:16 . 2013-03-19 13:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-19 13:16 . 2013-03-19 13:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-19 13:16 . 2013-03-19 13:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-19 13:16 . 2013-03-19 13:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-19 13:16 . 2013-03-19 13:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-19 13:16 . 2013-03-19 13:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-19 13:16 . 2013-03-19 13:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-19 13:16 . 2013-03-19 13:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-19 13:16 . 2013-03-19 13:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-19 13:16 . 2013-03-19 13:16 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-19 13:16 . 2013-03-19 13:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-19 13:16 . 2013-03-19 13:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-19 13:16 . 2013-03-19 13:16 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-19 13:16 . 2013-03-19 13:16 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-19 13:16 . 2013-03-19 13:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-19 13:16 . 2013-03-19 13:16 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-19 13:16 . 2013-03-19 13:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-19 13:16 . 2013-03-19 13:16 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-19 13:16 . 2013-03-19 13:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-19 13:16 . 2013-03-19 13:16 441856 ----a-w- c:\windows\system32\html.iec

2013-03-19 13:16 . 2013-03-19 13:16 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-19 13:16 . 2013-03-19 13:16 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-19 13:16 . 2013-03-19 13:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-19 13:16 . 2013-03-19 13:16 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-19 13:16 . 2013-03-19 13:16 235008 ----a-w- c:\windows\system32\url.dll

2013-03-19 13:16 . 2013-03-19 13:16 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-19 13:16 . 2013-03-19 13:16 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-19 13:16 . 2013-03-19 13:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-19 13:16 . 2013-03-19 13:16 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-19 13:16 . 2013-03-19 13:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-19 13:16 . 2013-03-19 13:16 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-19 13:16 . 2013-03-19 13:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-19 13:16 . 2013-03-19 13:16 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-19 13:16 . 2013-03-19 13:16 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-19 13:16 . 2013-03-19 13:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-19 13:16 . 2013-03-19 13:16 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-19 13:16 . 2013-03-19 13:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-19 13:16 . 2013-03-19 13:16 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-19 13:16 . 2013-03-19 13:16 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-19 13:16 . 2013-03-19 13:16 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-19 13:16 . 2013-03-19 13:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-03-19 13:14 . 2013-03-19 13:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-19 13:14 . 2013-03-19 13:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-03-19 13:14 . 2013-03-19 13:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-03-19 13:14 . 2013-03-19 13:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-03-19 13:14 . 2013-03-19 13:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-03-19 13:14 . 2013-03-19 13:14 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-03-19 13:14 . 2013-03-19 13:14 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-03-19 13:14 . 2013-03-19 13:14 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-03-19 13:14 . 2013-03-19 13:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-03-19 13:14 . 2013-03-19 13:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-03-19 13:14 . 2013-03-19 13:14 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-03-19 13:14 . 2013-03-19 13:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-03-19 13:14 . 2013-03-19 13:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-03-19 13:14 . 2013-03-19 13:14 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-03-19 13:14 . 2013-03-19 13:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-03-19 13:14 . 2013-03-19 13:14 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-03-19 13:14 . 2013-03-19 13:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-03-19 13:14 . 2013-03-19 13:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-03-19 13:14 . 2013-03-19 13:14 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-03-19 13:14 . 2013-03-19 13:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-03-19 13:13 . 2013-03-19 13:13 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-03-19 13:13 . 2013-03-19 13:13 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-03-19 13:13 . 2013-03-19 13:13 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-03-19 13:13 . 2013-03-19 13:13 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-03-19 13:13 . 2013-03-19 13:13 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]

2013-06-07 15:52 153432 ----a-w- c:\users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-12-02 08:01 120104 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-05-24 6154008]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-23 1288784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 A2DDA;A2 Direct Disk Access Support Driver;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]

R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 18:39]

.

2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35]

.

2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35]

.

2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003Core.job

- c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24]

.

2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003UA.job

- c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24]

.

2013-06-09 c:\windows\Tasks\TopArcadeHits.job

- c:\users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [2013-06-07 15:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-12-02 08:04 137512 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.24.243.4 62.24.202.70

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,

dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,

dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02

"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,

e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a6,5b,f3,54,4c,2f,cc,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-10 00:11:32

ComboFix-quarantined-files.txt 2013-06-09 23:11

ComboFix2.txt 2013-06-09 22:59

ComboFix3.txt 2013-06-07 21:22

ComboFix4.txt 2013-06-07 16:18

.

Pre-Run: 167,613,399,040 bytes free

Post-Run: 167,542,128,640 bytes free

.

- - End Of File - - 6254D048F475374B59482A706E335949

D41D8CD98F00B204E9800998ECF8427E

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

find enclosed combofix file.... 'tophatarcade'??

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

didn't read note at very bottom of your message - sos.... internet is working, windows update is working (updated last month) and as far as I can see the firewall is on and functioning. Do I run fix damage tool anyway?? I just noticed that internet explorer wanted me to download wuapp.exe. assume that is normal and from when I clicked on windows update? Didn't notice it before as it was at the bottom of the screen.

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

Hi, thanks for your support... did as you said, performed the full scan - no threats were found (obviously not quite right!) 'nothing to clean up'. I only performed this scan once because of this and I did not restart. The 2 files are added.

mbar-log-2013-06-09 (22-18-52).txt

system-log.txt

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

Thankyou so much for your reply. I ran the tool, disabling realtime protection MSE while doing the scan. Internet was connected while scanning. Here is the 'report':

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : tiggs [Admin rights]

Mode : Scan -- Date : 06/09/2013 18:53:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[TASK][sUSP PATH] TopArcadeHits.job : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND

[TASK][sUSP PATH] McQcModifier-5c47-a7b0 : C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [-] -> FOUND

[TASK][sUSP PATH] TopArcadeHits : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++

--- User ---

[MBR] 1716d59367171f5770942fc48ebf069b

[bSP] a7154dd655db8a306c264ff1caa08842 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 226373 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_06092013_02d1853.txt >>

RKreport[1]_S_06092013_02d1853.txt

[Laptop Malware - Packer? Zbot? Rootkit.0Access?]

My wife's laptop has become infected over the last couple of days. I believe she either clicked on a rogue link on a Facebook page or a rogue holidays email. Before posting here I have tried unsuccessfully to remove this with malwarebytes and various scans with MS security essentials. Malwarebytes found Malware.packer.T, Rogue.ErrorRepair.Proffessional, Rootkit.0Access, Trojan.Zbot, Malware.Packer.VDG (x2) I can sometimes find these files but they keep on coming back. For DDS CCleaner disabled, internet disabled, MSE realtime protection disabled............................ please find Attach.txt: Am just hoping someone can assist me on this. .

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 19/01/2011 14:20:06

System Uptime: 09/06/2013 14:44:44 (1 hours ago)

.

Motherboard: Acer | | Aspire 7741

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 157.057 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: TCP/IP Protocol Driver

Device ID: ROOT\LEGACY_TCPIP\0000

Manufacturer:

Name: TCP/IP Protocol Driver

PNP Device ID: ROOT\LEGACY_TCPIP\0000

Service: Tcpip

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: A2 Direct Disk Access Support Driver

Device ID: ROOT\LEGACY_A2DDA\0000

Manufacturer:

Name: A2 Direct Disk Access Support Driver

PNP Device ID: ROOT\LEGACY_A2DDA\0000

Service: A2DDA

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Privacyware Filter Driver

Device ID: ROOT\LEGACY_PWIPF6\0000

Manufacturer:

Name: Privacyware Filter Driver

PNP Device ID: ROOT\LEGACY_PWIPF6\0000

Service: pwipf6

.

==== System Restore Points ===================

.

RP337: 07/06/2013 16:41:14 - Removed Rapport

RP338: 07/06/2013 16:42:37 - Removed Rapport

RP339: 07/06/2013 16:45:21 - Removed Rapport

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

3Connect

7-Zip 9.20

Acer Crystal Eye webcam Ver:1.1.158.203

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe Flash Player 11 ActiveX

Alcor Micro USB Card Reader

Broadcom Gigabit NetLink Controller

CCleaner

CyberLink PowerDVD 9

Defraggler

Foxit Reader

Google Update Helper

HL-2270DW

Huawei modem

Identity Card

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 30

Java™ 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

Kobo

Launch Manager

Macromedia Shockwave Player

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyWinLocker

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Rapport

Realtek High Definition Audio Driver

Sandboxie 3.76 (64-bit)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

09/06/2013 14:45:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pwipf6

09/06/2013 14:44:58, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading

09/06/2013 14:44:58, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

09/06/2013 14:44:54, Error: volmgr [46] - Crash dump initialization failed!

07/06/2013 23:28:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

07/06/2013 23:28:37, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

07/06/2013 23:28:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

07/06/2013 22:19:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

07/06/2013 17:13:31, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

07/06/2013 09:31:40, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

07/06/2013 07:39:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI Backup Now 5 Scheduler Service service to connect.

07/06/2013 07:39:02, Error: Service Control Manager [7000] - The NTI Backup Now 5 Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

DDS.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1

Run by tiggs at 15:39:17 on 2013-06-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1281 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\RapportService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\x64\RapportInjService_x64.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Sandboxie\SandboxieRpcSs.exe

C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Sandboxie\32\SbieSvc.exe

C:\Program Files\Sandboxie\SandboxieCrypto.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 62.24.243.4 62.24.202.70

TCP: Interfaces\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9} : DHCPNameServer = 62.24.243.4 62.24.202.70

TCP: Interfaces\{81D3D150-46C7-457E-88BD-8F0AC9114739} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8} : DHCPNameServer = 62.24.243.4 62.24.202.70

TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\4514E44444D2535354332344 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\75C414E4731303 : DHCPNameServer = 135.196.0.6 135.196.0.14

TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\A5978554C4F5142474E4F5132323232323 : DHCPNameServer = 195.74.113.58 195.74.113.62 195.74.113.58

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>

x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"

x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Acer ePower Management] "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"

x64-Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]

R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-6-16 1740696]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-12 325200]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-12 865824]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-11 13336]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-11 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-2-11 240160]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-11 56344]

R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-6-16 86016]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-12 158848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-12 271872]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-6 245760]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-6-16 117248]

S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2011-6-16 13952]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2011-6-16 421376]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2009-12-2 305448]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\System32\drivers\s0017bus.sys [2008-10-21 113704]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\System32\drivers\s0017mdfl.sys [2008-10-21 19496]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\System32\drivers\s0017mdm.sys [2008-10-21 152616]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0017mgmt.sys [2008-10-21 133160]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\System32\drivers\s0017nd5.sys [2008-10-21 34856]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0017obex.sys [2008-10-21 128552]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\System32\drivers\s0017unic.sys [2008-10-21 145960]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-20 1255736]

.

=============== Created Last 30 ================

.

2013-06-09 14:02:04 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9858469-E945-4703-97C7-4DB8006637C3}\mpengine.dll

2013-06-07 22:16:04 -------- d-----r- C:\Sandbox

2013-06-07 22:11:52 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-07 22:04:04 -------- d-----w- C:\Program Files\Sandboxie

2013-06-07 21:23:05 -------- d-sh--w- C:\$RECYCLE.BIN

2013-06-07 16:18:36 -------- d-----w- C:\Users\tiggs\AppData\Local\temp

2013-06-07 16:07:36 98816 ----a-w- C:\Windows\sed.exe

2013-06-07 16:07:36 256000 ----a-w- C:\Windows\PEV.exe

2013-06-07 16:07:36 208896 ----a-w- C:\Windows\MBR.exe

2013-06-07 15:55:28 -------- d-----w- C:\ProgramData\SecTaskMan

2013-06-07 07:23:42 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll

2013-06-07 07:20:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-06-07 07:20:35 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-06-07 07:12:41 100352 ----a-w- C:\Windows\System32\dfboottime.exe

2013-06-07 06:29:56 -------- d-----w- C:\Program Files\Defraggler

2013-06-02 21:50:27 -------- d-----w- C:\ProgramData\58D13EDBA73FA446000058D0E610AA2F

2013-05-17 17:46:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 17:46:59 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 17:46:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-05-17 17:46:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-05-17 17:46:57 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 17:46:56 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-05-16 11:12:10 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-16 11:12:09 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-16 11:12:09 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-16 11:12:01 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-16 11:11:59 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-16 11:11:59 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-16 11:11:57 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-16 11:11:49 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2013-05-15 18:39:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 18:39:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 13:14:01 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-19 13:13:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-03-19 13:13:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-03-19 13:13:59 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-03-19 13:13:59 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-03-19 13:13:59 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-03-19 13:13:59 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-03-19 13:13:59 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-03-19 13:13:59 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-03-19 13:13:59 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-03-19 13:13:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-03-19 13:13:59 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-03-19 13:13:59 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-03-19 13:13:59 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 15:39:25.90 ===============