Google Redirect Help Needed... and Thanks!

mikeinmadison · July 20, 2012

Here are the log files, and thank you for your help!!

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Acer at 11:34:38 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2631 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

mStart Page = hxxp://acer.msn.com

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.0.1 216.165.129.158

TCP: Interfaces\{1B6F547B-C1FB-4F9F-AB2B-33613D4C4DB1} : DhcpNameServer = 192.168.2.1 192.168.0.1 216.165.129.158

TCP: Interfaces\{1B6F547B-C1FB-4F9F-AB2B-33613D4C4DB1}\075726C69636 : DhcpNameServer = 10.28.1.41 10.28.1.42

TCP: Interfaces\{1B6F547B-C1FB-4F9F-AB2B-33613D4C4DB1}\C4962627162797D275962756C6563737 : DhcpNameServer = 10.100.100.243 10.100.100.245

TCP: Interfaces\{6228EAF3-1BD6-4A0D-A0CF-FB1ED07DDAA8} : DhcpNameServer = 10.54.120.10

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll

BHO-X64: CtxIEInterceptorBHO - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8w7vj0e8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8w7vj0e8.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8w7vj0e8.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-9-6 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-6 867712]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-4-8 244624]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-16 144640]

R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-4-27 624856]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-19 1153368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2320920]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2012-3-29 57344]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-27 172912]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-16 50432]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 16:27:38 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-07-20 16:23:08 -------- d-----w- C:\Users\Acer\AppData\Roaming\Ad-Aware Antivirus

2012-07-20 16:04:55 -------- d-----w- C:\$RECYCLE.BIN

2012-07-20 15:58:23 98816 ----a-w- C:\Windows\sed.exe

2012-07-20 15:58:23 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-20 15:58:23 256000 ----a-w- C:\Windows\PEV.exe

2012-07-20 15:58:23 208896 ----a-w- C:\Windows\MBR.exe

2012-07-20 02:04:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-07-20 02:04:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-18 17:38:47 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair

2012-07-18 17:35:16 -------- d-----w- C:\ProgramData\Innovative Solutions

2012-07-18 17:35:15 -------- d-----w- C:\Users\Acer\AppData\Local\Innovative Solutions

2012-07-18 17:35:14 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions

2012-07-18 17:35:13 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl

2012-07-18 17:35:11 -------- d-----w- C:\Program Files (x86)\Innovative Solutions

2012-07-18 17:29:39 -------- d-----w- C:\Program Files\CCleaner

2012-07-12 13:58:19 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 14:56:40 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-06-30 14:42:52 -------- d-----w- C:\Users\Acer\AppData\Local\Macromedia

2012-06-30 04:38:04 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-30 04:38:04 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-21 15:09:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 15:08:50 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 15:08:39 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 15:08:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-30 14:40:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-30 14:40:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-29 01:23:50 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-29 01:23:46 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 11:35:07.19 ===============

Attach:.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/6/2011 10:06:52 AM

System Uptime: 7/20/2012 11:28:24 AM (0 hours ago)

.

Motherboard: Acer | | JE70_CP

Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 541.082 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP29: 6/21/2012 10:08:26 AM - Windows Update

RP30: 7/1/2012 5:05:04 PM - Scheduled Checkpoint

RP31: 7/9/2012 7:34:10 PM - Scheduled Checkpoint

RP32: 7/12/2012 8:54:29 AM - Windows Update

RP33: 7/18/2012 12:08:00 PM - Installed Java 6 Update 33

RP34: 7/18/2012 12:35:20 PM - After installing Advanced Uninstaller PRO

RP35: 7/20/2012 10:58:26 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

µTorrent

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.2 MUI

Advanced Uninstaller PRO - Version 11

Alcor Micro USB Card Reader

Atheros Client Installation Program

Backup Manager Basic

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Citrix Authentication Manager

Citrix Receiver

Citrix Receiver (HDX Flash Redirection)

Citrix Receiver Inside

Citrix Receiver(Aero)

Citrix Receiver(DV)

Citrix Receiver(USB)

CyberLink PowerDVD 9

eBay Worldwide

Free Window Registry Repair

Identity Card

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Java Auto Updater

Java 6 Update 33

Launch Manager

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MyWinLocker 4

MyWinLocker Suite

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Online Plug-in

OpenOffice.org 3.3

Pandora Service

PX Profile Update

Qualcomm Atheros Fast Reconnect

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Self-service Plug-in

Shredder

Spybot - Search & Destroy

Text Twist 2 1.00

The KMPlayer (remove only)

Times Reader

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2008 x64 Redistributables

Welcome Center

.

==== Event Viewer Messages From Past Week ========

.

7/20/2012 11:28:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 11:27:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/20/2012 11:13:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 11:12:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/20/2012 11:12:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/20/2012 11:12:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/20/2012 11:12:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/20/2012 11:12:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 ctxusbm discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6

7/20/2012 11:12:24 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 11:03:45 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

7/20/2012 11:02:52 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/20/2012 11:02:29 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/19/2012 8:38:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

7/19/2012 6:31:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

7/19/2012 6:31:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Office Software Protection Platform service to connect.

7/19/2012 6:31:12 PM, Error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 3:59:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/19/2012 3:59:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

7/19/2012 3:59:20 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/19/2012 3:59:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

7/19/2012 3:58:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

7/19/2012 3:58:42 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

7/17/2012 9:13:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

screen317 · July 20, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

mikeinmadison · July 20, 2012

Here are the 4 logs: MBAM, Combofix, DDS, and Attach:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.18.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Acer :: ACER-PC [administrator]

7/20/2012 4:31:50 PM

mbam-log-2012-07-20 (16-31-50).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 211318

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-07-20.02 - Acer 07/20/2012 16:36:31.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2566 [GMT -5:00]

Running from: c:\users\Acer\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

2012-07-20 21:39 . 2012-07-20 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 16:27 . 2012-07-20 16:27 -------- d-----w- c:\programdata\Lavasoft

2012-07-20 16:27 . 2012-07-20 16:27 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-07-20 16:23 . 2012-07-20 16:23 -------- d-----w- c:\users\Acer\AppData\Roaming\Ad-Aware Antivirus

2012-07-20 02:04 . 2012-07-20 02:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-20 02:04 . 2012-07-20 02:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-18 17:38 . 2012-07-18 17:41 -------- d-----w- c:\program files (x86)\Free Window Registry Repair

2012-07-18 17:35 . 2012-07-18 17:35 -------- d-----w- c:\programdata\Innovative Solutions

2012-07-18 17:35 . 2012-07-18 17:35 -------- d-----w- c:\users\Acer\AppData\Local\Innovative Solutions

2012-07-18 17:35 . 2012-07-18 17:35 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions

2012-07-18 17:35 . 2009-11-05 18:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl

2012-07-18 17:35 . 2012-07-18 17:35 -------- d-----w- c:\program files (x86)\Innovative Solutions

2012-07-18 17:29 . 2012-07-18 17:29 -------- d-----w- c:\program files\CCleaner

2012-07-12 13:58 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 14:56 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-30 14:42 . 2012-06-30 14:42 -------- d-----w- c:\users\Acer\AppData\Local\Macromedia

2012-06-30 04:38 . 2012-06-30 04:38 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-30 04:38 . 2012-06-30 04:38 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-21 15:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 15:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 15:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 15:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 15:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 15:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 15:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 15:08 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 15:08 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 13:56 . 2012-05-22 02:42 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 18:46 . 2012-03-19 21:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 14:40 . 2012-04-07 01:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-30 14:40 . 2012-04-07 01:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-29 01:23 . 2012-04-29 18:31 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-29 01:23 . 2012-04-24 00:14 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-04 11:06 . 2012-06-14 14:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 14:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 14:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-14 14:25 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-14 14:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-14 14:25 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-14 14:25 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-14 14:25 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-14 14:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-14 14:25 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-14 14:25 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-14 14:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-14 14:25 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-14 14:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-07-20_16.04.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-07-20 16:30 41826 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-20 16:30 41532 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-06 15:08 . 2012-07-20 16:30 8620 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3995506755-762254212-3564669608-1000_UserData.bin

+ 2012-07-20 21:40 . 2012-07-20 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-20 16:03 . 2012-07-20 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-20 21:40 . 2012-07-20 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-20 16:03 . 2012-07-20 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-19 22:42 . 2012-07-20 21:29 223524 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-07-20 13:43 624622 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-20 16:33 624622 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-20 16:33 106708 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-20 13:43 106708 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-07-20 16:02 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-20 21:39 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-09-06 15:08 . 2012-07-20 16:02 43565496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3995506755-762254212-3564669608-1000-8192.dat

+ 2011-09-06 15:08 . 2012-07-20 21:39 43565496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3995506755-762254212-3564669608-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-29 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-30 113120]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{51725DDC-C46BD20A-06020101}_0;PCDSRVC{51725DDC-C46BD20A-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\acer\appdata\local\temp\vkxlewflnmop\pcdrdiag\bin\pcdsrvc_x64.pkms [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-06 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 93272]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-04-08 22912]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-04-08 20328]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-04-08 62584]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-29 203264]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-05 867712]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-28 624856]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-10 57344]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-29 7455744]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-29 268800]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 192.168.2.1 192.168.0.1 216.165.129.158

FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8w7vj0e8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{51725DDC-C46BD20A-06020101}_0]

"ImagePath"="\??\c:\users\acer\appdata\local\temp\vkxlewflnmop\pcdrdiag\bin\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-07-20 16:43:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-20 21:43

ComboFix2.txt 2012-07-20 16:08

.

Pre-Run: 580,892,037,120 bytes free

Post-Run: 580,732,329,984 bytes free

.

- - End Of File - - F933F08323E4135DCB296871568D1896

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Acer at 16:50:15 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2648 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE