mosedavid
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mosedavid
-
-
adwcleaner text S1.txt
# AdwCleaner v2.303 - Logfile created 06/10/2013 at 15:43:00
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : tiggs - TIGGS-PC
# Boot Mode : Normal
# Running from : C:\Users\tiggs_2\Desktop\malware stuff\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : \END
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\tiggs\AppData\Local\PackageAware
Folder Deleted : C:\Users\tiggs\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\tiggs\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\tiggs_2\AppData\LocalLow\AskToolbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\Software\Conduit
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
***** [internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\tiggs\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\tiggs_2\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1527 octets] - [10/06/2013 02:20:35]
AdwCleaner[R2].txt - [1587 octets] - [10/06/2013 15:41:37]
AdwCleaner[s1].txt - [1542 octets] - [10/06/2013 15:43:00]
########## EOF - \AdwCleaner[s1].txt - [1602 octets] ##########
Security Checkup text output:
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java™ 6 Update 30
Java™ 7 Update 4
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
tiggs_2 Desktop malware stuff SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Just to add, I don't see anything worth keeping in that file list/log
-
I deleted the 3 folders (haven't cleared the recycle bin yet) - I didn't recognise the files. I did the scan and heres the log
-
ok.... Ewbo folder empty, Folder Tisier: 1 file.. diwo.vyv created 06/06/13 31kb. Folder Syviy 1 file.. locked file tatyo.vyh 05/06 390kb. The Programdata folder contains an icon file - a orange red black striped shield 10kb 02/06
-
ok seems to work now
-
sorry...don't know whats going on here, I was able to upload files, now I cant hence pasting the log
-
sorry - upload didn't work there ill try again - still not working, will have to just post it here: ComboFix 13-06-08.02 - tiggs 10/06/2013 0:06.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1322 [GMT 1:00]
Running from: c:\users\tiggs_2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\tiggs\AppData\Local\temp
2013-06-09 23:09 . 2013-06-09 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-09 22:13 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35DF5C5B-5AE4-43FD-8199-9064FC8FE317}\mpengine.dll
2013-06-09 21:18 . 2013-06-09 21:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-09 17:55 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-07 22:16 . 2013-06-07 22:16 -------- d-----r- C:\Sandbox
2013-06-07 22:04 . 2013-06-07 22:04 -------- d-----w- c:\program files\Sandboxie
2013-06-07 21:22 . 2013-06-09 22:57 -------- d-----w- c:\users\tiggs_2\AppData\Local\temp
2013-06-07 15:55 . 2013-06-07 16:47 -------- d-----w- c:\programdata\SecTaskMan
2013-06-07 15:52 . 2013-06-07 15:52 -------- d-----w- c:\users\tiggs_2\AppData\Local\TopArcadeHits
2013-06-07 07:23 . 2013-06-07 07:23 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll
2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-07 07:20 . 2013-06-07 07:20 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-07 07:12 . 2013-06-07 07:12 100352 ----a-w- c:\windows\system32\dfboottime.exe
2013-06-07 06:29 . 2013-06-07 06:29 -------- d-----w- c:\program files\Defraggler
2013-06-05 18:12 . 2013-06-07 16:36 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Ebwo
2013-06-05 18:12 . 2013-06-05 20:08 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Tiseir
2013-06-05 18:12 . 2013-06-05 18:12 -------- d-----w- c:\users\tiggs_2\AppData\Roaming\Syviy
2013-06-02 21:50 . 2013-06-05 19:48 -------- d-----w- c:\programdata\58D13EDBA73FA446000058D0E610AA2F
2013-05-17 17:46 . 2013-04-05 06:50 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 17:46 . 2013-04-05 05:26 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-05-17 17:46 . 2013-04-05 06:52 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 17:46 . 2013-04-05 05:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 17:46 . 2013-04-05 06:50 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-17 17:46 . 2013-04-05 05:28 1767424 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-17 17:46 . 2013-04-05 06:52 2242048 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 17:46 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 17:46 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-05-16 11:12 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 11:12 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 11:12 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 11:12 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 11:12 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 11:12 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 11:11 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 11:11 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 11:11 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 11:11 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:39 . 2013-02-08 22:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:39 . 2013-02-08 22:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-03 15:15 . 2011-06-17 10:01 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2011-01-19 16:51 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 08:28 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 13:50 . 2013-02-20 05:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 13:16 . 2013-03-19 13:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-19 13:16 . 2013-03-19 13:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-19 13:16 . 2013-03-19 13:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-19 13:16 . 2013-03-19 13:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-19 13:16 . 2013-03-19 13:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-19 13:16 . 2013-03-19 13:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-19 13:16 . 2013-03-19 13:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-19 13:16 . 2013-03-19 13:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-19 13:16 . 2013-03-19 13:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-19 13:16 . 2013-03-19 13:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-19 13:16 . 2013-03-19 13:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-19 13:16 . 2013-03-19 13:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-19 13:16 . 2013-03-19 13:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-19 13:16 . 2013-03-19 13:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-19 13:16 . 2013-03-19 13:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-19 13:16 . 2013-03-19 13:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-19 13:16 . 2013-03-19 13:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-19 13:16 . 2013-03-19 13:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-19 13:16 . 2013-03-19 13:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-19 13:16 . 2013-03-19 13:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-19 13:16 . 2013-03-19 13:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-19 13:16 . 2013-03-19 13:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-19 13:16 . 2013-03-19 13:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-19 13:16 . 2013-03-19 13:16 441856 ----a-w- c:\windows\system32\html.iec
2013-03-19 13:16 . 2013-03-19 13:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-19 13:16 . 2013-03-19 13:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-19 13:16 . 2013-03-19 13:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-19 13:16 . 2013-03-19 13:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-19 13:16 . 2013-03-19 13:16 235008 ----a-w- c:\windows\system32\url.dll
2013-03-19 13:16 . 2013-03-19 13:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-19 13:16 . 2013-03-19 13:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-19 13:16 . 2013-03-19 13:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-19 13:16 . 2013-03-19 13:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-19 13:16 . 2013-03-19 13:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-19 13:16 . 2013-03-19 13:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 13:16 . 2013-03-19 13:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-19 13:16 . 2013-03-19 13:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-19 13:16 . 2013-03-19 13:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-19 13:16 . 2013-03-19 13:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-19 13:16 . 2013-03-19 13:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-19 13:16 . 2013-03-19 13:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-19 13:16 . 2013-03-19 13:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-19 13:16 . 2013-03-19 13:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-19 13:16 . 2013-03-19 13:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-19 13:16 . 2013-03-19 13:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-19 13:16 . 2013-03-19 13:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-19 13:16 . 2013-03-19 13:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-19 13:14 . 2013-03-19 13:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-19 13:14 . 2013-03-19 13:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-19 13:14 . 2013-03-19 13:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-19 13:14 . 2013-03-19 13:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-19 13:14 . 2013-03-19 13:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-19 13:14 . 2013-03-19 13:14 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-19 13:14 . 2013-03-19 13:14 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-19 13:14 . 2013-03-19 13:14 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-19 13:14 . 2013-03-19 13:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-19 13:14 . 2013-03-19 13:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-19 13:14 . 2013-03-19 13:14 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-19 13:14 . 2013-03-19 13:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-19 13:14 . 2013-03-19 13:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-19 13:14 . 2013-03-19 13:14 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-19 13:14 . 2013-03-19 13:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-19 13:14 . 2013-03-19 13:14 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-19 13:14 . 2013-03-19 13:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-19 13:14 . 2013-03-19 13:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-19 13:14 . 2013-03-19 13:14 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-19 13:14 . 2013-03-19 13:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-03-19 13:13 . 2013-03-19 13:13 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-19 13:13 . 2013-03-19 13:13 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-19 13:13 . 2013-03-19 13:13 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-19 13:13 . 2013-03-19 13:13 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-19 13:13 . 2013-03-19 13:13 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
2013-06-07 15:52 153432 ----a-w- c:\users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-12-02 08:01 120104 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-05-24 6154008]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-23 1288784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys;e:\personal\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 18:39]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-19 14:35]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003Core.job
- c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2506838112-3824164392-1848823327-1003UA.job
- c:\users\tiggs_2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 15:24]
.
2013-06-09 c:\windows\Tasks\TopArcadeHits.job
- c:\users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [2013-06-07 15:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-12-02 08:04 137512 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.24.243.4 62.24.202.70
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,
dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,
dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02
"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,
e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a6,5b,f3,54,4c,2f,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-10 00:11:32
ComboFix-quarantined-files.txt 2013-06-09 23:11
ComboFix2.txt 2013-06-09 22:59
ComboFix3.txt 2013-06-07 21:22
ComboFix4.txt 2013-06-07 16:18
.
Pre-Run: 167,613,399,040 bytes free
Post-Run: 167,542,128,640 bytes free
.
- - End Of File - - 6254D048F475374B59482A706E335949
D41D8CD98F00B204E9800998ECF8427E
-
find enclosed combofix file.... 'tophatarcade'??
-
didn't read note at very bottom of your message - sos.... internet is working, windows update is working (updated last month) and as far as I can see the firewall is on and functioning. Do I run fix damage tool anyway?? I just noticed that internet explorer wanted me to download wuapp.exe. assume that is normal and from when I clicked on windows update? Didn't notice it before as it was at the bottom of the screen.
-
Hi, thanks for your support... did as you said, performed the full scan - no threats were found (obviously not quite right!) 'nothing to clean up'. I only performed this scan once because of this and I did not restart. The 2 files are added.
-
Thankyou so much for your reply. I ran the tool, disabling realtime protection MSE while doing the scan. Internet was connected while scanning. Here is the 'report':
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tiggs [Admin rights]
Mode : Scan -- Date : 06/09/2013 18:53:30
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][sUSP PATH] TopArcadeHits.job : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND
[TASK][sUSP PATH] McQcModifier-5c47-a7b0 : C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [-] -> FOUND
[TASK][sUSP PATH] TopArcadeHits : C:\Users\tiggs_2\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22A23T0 +++++
--- User ---
[MBR] 1716d59367171f5770942fc48ebf069b
[bSP] a7154dd655db8a306c264ff1caa08842 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 226373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_06092013_02d1853.txt >>
RKreport[1]_S_06092013_02d1853.txt
-
My wife's laptop has become infected over the last couple of days. I believe she either clicked on a rogue link on a Facebook page or a rogue holidays email. Before posting here I have tried unsuccessfully to remove this with malwarebytes and various scans with MS security essentials. Malwarebytes found Malware.packer.T, Rogue.ErrorRepair.Proffessional, Rootkit.0Access, Trojan.Zbot, Malware.Packer.VDG (x2) I can sometimes find these files but they keep on coming back. For DDS CCleaner disabled, internet disabled, MSE realtime protection disabled............................ please find Attach.txt: Am just hoping someone can assist me on this. .
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/01/2011 14:20:06
System Uptime: 09/06/2013 14:44:44 (1 hours ago)
.
Motherboard: Acer | | Aspire 7741
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 157.057 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: A2 Direct Disk Access Support Driver
Device ID: ROOT\LEGACY_A2DDA\0000
Manufacturer:
Name: A2 Direct Disk Access Support Driver
PNP Device ID: ROOT\LEGACY_A2DDA\0000
Service: A2DDA
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Privacyware Filter Driver
Device ID: ROOT\LEGACY_PWIPF6\0000
Manufacturer:
Name: Privacyware Filter Driver
PNP Device ID: ROOT\LEGACY_PWIPF6\0000
Service: pwipf6
.
==== System Restore Points ===================
.
RP337: 07/06/2013 16:41:14 - Removed Rapport
RP338: 07/06/2013 16:42:37 - Removed Rapport
RP339: 07/06/2013 16:45:21 - Removed Rapport
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
7-Zip 9.20
Acer Crystal Eye webcam Ver:1.1.158.203
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe Flash Player 11 ActiveX
Alcor Micro USB Card Reader
Broadcom Gigabit NetLink Controller
CCleaner
CyberLink PowerDVD 9
Defraggler
Foxit Reader
Google Update Helper
HL-2270DW
Huawei modem
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 30
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Kobo
Launch Manager
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Rapport
Realtek High Definition Audio Driver
Sandboxie 3.76 (64-bit)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
09/06/2013 14:45:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pwipf6
09/06/2013 14:44:58, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
09/06/2013 14:44:58, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
09/06/2013 14:44:54, Error: volmgr [46] - Crash dump initialization failed!
07/06/2013 23:28:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
07/06/2013 23:28:37, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/06/2013 23:28:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
07/06/2013 22:19:47, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
07/06/2013 17:13:31, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
07/06/2013 09:31:40, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
07/06/2013 07:39:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI Backup Now 5 Scheduler Service service to connect.
07/06/2013 07:39:02, Error: Service Control Manager [7000] - The NTI Backup Now 5 Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
DDS.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.4.1
Run by tiggs at 15:39:17 on 2013-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2805.1281 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\RapportService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\tiggs_2\AppData\Local\Trusteer\Rapport\app\bin\x64\RapportInjService_x64.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\tiggs_2\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 62.24.243.4 62.24.202.70
TCP: Interfaces\{05F5C9FB-F1EF-4EC2-854E-F89080E690A9} : DHCPNameServer = 62.24.243.4 62.24.202.70
TCP: Interfaces\{81D3D150-46C7-457E-88BD-8F0AC9114739} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8} : DHCPNameServer = 62.24.243.4 62.24.202.70
TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\4514E44444D2535354332344 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\75C414E4731303 : DHCPNameServer = 135.196.0.6 135.196.0.14
TCP: Interfaces\{CB4B13A2-468C-4290-B69F-7DBFB83126D8}\A5978554C4F5142474E4F5132323232323 : DHCPNameServer = 195.74.113.58 195.74.113.62 195.74.113.58
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
x64-Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-6-16 1740696]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-12 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-12 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-11 13336]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-11 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-2-11 240160]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-11 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-6-16 86016]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-12 158848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-12 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-6 245760]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-6-16 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2011-6-16 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2011-6-16 421376]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2009-12-2 305448]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\System32\drivers\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\System32\drivers\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\System32\drivers\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0017mgmt.sys [2008-10-21 133160]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\System32\drivers\s0017nd5.sys [2008-10-21 34856]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\System32\drivers\s0017unic.sys [2008-10-21 145960]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-20 1255736]
.
=============== Created Last 30 ================
.
2013-06-09 14:02:04 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9858469-E945-4703-97C7-4DB8006637C3}\mpengine.dll
2013-06-07 22:16:04 -------- d-----r- C:\Sandbox
2013-06-07 22:11:52 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-07 22:04:04 -------- d-----w- C:\Program Files\Sandboxie
2013-06-07 21:23:05 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-07 16:18:36 -------- d-----w- C:\Users\tiggs\AppData\Local\temp
2013-06-07 16:07:36 98816 ----a-w- C:\Windows\sed.exe
2013-06-07 16:07:36 256000 ----a-w- C:\Windows\PEV.exe
2013-06-07 16:07:36 208896 ----a-w- C:\Windows\MBR.exe
2013-06-07 15:55:28 -------- d-----w- C:\ProgramData\SecTaskMan
2013-06-07 07:23:42 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{033AC854-7511-4559-84F9-BAC735FE6462}\gapaengine.dll
2013-06-07 07:20:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-07 07:20:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-07 07:12:41 100352 ----a-w- C:\Windows\System32\dfboottime.exe
2013-06-07 06:29:56 -------- d-----w- C:\Program Files\Defraggler
2013-06-02 21:50:27 -------- d-----w- C:\ProgramData\58D13EDBA73FA446000058D0E610AA2F
2013-05-17 17:46:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 17:46:59 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 17:46:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 17:46:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 17:46:57 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 17:46:56 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-05-16 11:12:10 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-16 11:12:09 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 11:12:09 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-16 11:12:01 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-16 11:11:59 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 11:11:59 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-16 11:11:57 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-16 11:11:49 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-05-15 18:39:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 18:39:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 13:14:01 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 13:13:59 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-03-19 13:13:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-03-19 13:13:59 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-03-19 13:13:59 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-03-19 13:13:59 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-03-19 13:13:59 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-03-19 13:13:59 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-03-19 13:13:59 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-03-19 13:13:59 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-03-19 13:13:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-19 13:13:59 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-03-19 13:13:59 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-03-19 13:13:59 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 15:39:25.90 ===============
Laptop Malware - Packer? Zbot? Rootkit.0Access?
in Resolved Malware Removal Logs
Posted
Thank you very much your a saint. Will comment on your feed rather than here. Suffice to say, problem seems to be gone.