Jump to content

Slow startup, random freezes


Recommended Posts

I tried removing some services that look rather fishy but it won't take the changes. Here's the current log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:27:03 PM, on 1/14/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Users\Administrator\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\SysWOW64\rpcnet.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8287 bytes

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

HijackThis doesn't work very well on Windows 7. Are you noticing anything strange on your computer?

  • Please download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed.

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon and allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

Link to post
Share on other sites

DDS Results:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2

Run by Administrator at 16:59:08 on 2013-01-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2725 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{06D20DED-4222-4748-AEBE-F3C2A9AE412C} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{06D20DED-4222-4748-AEBE-F3C2A9AE412C}\4457D626279616 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{56554565-3699-4DB9-8036-8D2456160D60} : DHCPNameServer = 10.100.10.16 10.100.11.16

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361110t435l0404z1k5v47321259

x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742z&r=27361110t435l0404z1k5v47321259

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120701080550.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R?2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-12-28 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-12-28 339776]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-11-17 868896]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-13 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-28 241016]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-12-28 182312]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-14 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-14 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-14 168384]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-7-20 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-7-20 158976]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-7-20 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-12-28 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-12-28 515528]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2010-9-14 760168]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2010-9-14 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-13 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-13 201304]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-13 201304]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]

S3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-12-28 69672]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-12-28 106112]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-7-20 246376]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]

S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

S4 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-28 218320]

S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290896]

S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232]

.

=============== Created Last 30 ================

.

2013-01-27 21:49:11 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2013-01-27 21:48:35 -------- d-----w- C:\Program Files\iPod

2013-01-27 21:48:34 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-27 21:48:34 -------- d-----w- C:\Program Files\iTunes

2013-01-27 21:48:34 -------- d-----w- C:\Program Files (x86)\iTunes

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-01-27 21:43:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-01-14 18:26:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-14 18:26:43 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2013-01-14 18:26:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-01-14 18:26:08 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs

2013-01-14 04:15:40 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-14 03:02:24 751104 ----a-w- C:\windows\System32\win32spl.dll

2013-01-14 03:02:23 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-14 03:02:04 2001408 ----a-w- C:\windows\System32\msxml6.dll

2013-01-14 03:02:04 1880064 ----a-w- C:\windows\System32\msxml3.dll

2013-01-14 03:02:04 1388544 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-14 03:02:03 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-14 03:02:02 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-01-14 03:02:01 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-14 03:00:39 424960 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-14 02:59:23 3147264 ----a-w- C:\windows\System32\win32k.sys

2013-01-14 02:18:31 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2013-01-14 02:18:31 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\1_HPZPPWN7.DLL

2013-01-02 02:19:42 -------- d-----w- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics

2013-01-02 01:59:50 1133568 ----a-w- C:\windows\System32\FntCache.dll

2013-01-02 01:59:49 1863680 ----a-w- C:\windows\System32\ExplorerFrame.dll

2013-01-02 01:59:48 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-01-02 01:59:48 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-01-02 01:59:48 229888 ----a-w- C:\windows\System32\XpsRasterService.dll

2013-01-02 01:59:48 1495040 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll

2013-01-02 01:59:48 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll

2013-01-02 01:59:47 144384 ----a-w- C:\windows\System32\cdd.dll

2012-12-31 17:51:27 -------- d-----w- C:\windows\en

2012-12-31 17:49:04 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll

2012-12-31 17:49:04 523088 ----a-w- C:\windows\System32\d3dx10_42.dll

2012-12-31 17:49:04 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll

2012-12-31 17:49:04 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll

2012-12-31 16:33:00 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ea6c8501cde7742d\InstallManager_WLE_WLE.exe

2012-12-31 16:32:38 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\726572a71cde77422\MeshBetaRemover.exe

2012-12-31 16:32:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\66fcba371cde7741a\DXSETUP.exe

2012-12-31 16:32:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\66fcba371cde7741a\DSETUP.dll

2012-12-31 16:32:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\66fcba371cde7741a\dsetup32.dll

2012-12-31 16:32:17 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\652a2c811cde77419\DSETUP.dll

2012-12-31 16:32:17 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\652a2c811cde77419\DXSETUP.exe

2012-12-31 16:32:17 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\652a2c811cde77419\dsetup32.dll

2012-12-31 16:31:28 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live

2012-12-31 16:31:05 257024 ----a-w- C:\windows\System32\mfreadwrite.dll

2012-12-31 16:31:05 206848 ----a-w- C:\windows\System32\mfps.dll

2012-12-31 16:31:05 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll

2012-12-31 16:31:05 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL

2012-12-31 16:31:05 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL

2012-12-31 16:31:04 4068864 ----a-w- C:\windows\System32\mf.dll

2012-12-31 16:31:04 3181568 ----a-w- C:\windows\SysWow64\mf.dll

2012-12-31 15:37:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Windows Live Writer

2012-12-31 15:37:51 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live Writer

2012-12-31 15:35:44 589936 ----a-w- C:\windows\System32\dsNcSmartCardProv.dll

2012-12-31 15:35:44 421488 ----a-w- C:\windows\System32\dsNcCredProv.dll

2012-12-31 15:35:29 -------- d-----w- C:\Program Files (x86)\Juniper Networks

2012-12-31 15:18:47 859072 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-12-31 15:18:47 779704 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-12-31 15:16:57 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Juniper Networks

2012-12-29 05:22:45 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-29 05:22:45 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-29 05:22:45 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-29 05:22:45 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-29 05:07:33 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-29 05:07:33 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2013-01-27 21:57:07 17920 ----a-w- C:\windows\System32\rpcnetp.exe

2013-01-27 21:56:42 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll

2013-01-27 21:56:42 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll

2013-01-27 21:56:28 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe

2013-01-07 02:38:08 74752 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-01-07 02:38:07 161792 ----a-w- C:\windows\SysWow64\msls31.dll

2013-01-07 02:38:07 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-01-07 02:38:06 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-01-07 02:38:05 110592 ----a-w- C:\windows\SysWow64\IEAdvpack.dll

2013-01-07 02:38:04 86528 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-01-07 02:38:04 76800 ----a-w- C:\windows\SysWow64\SetIEInstalledDate.exe

2013-01-07 02:38:04 48640 ----a-w- C:\windows\SysWow64\mshtmler.dll

2013-01-07 02:38:03 63488 ----a-w- C:\windows\SysWow64\tdc.ocx

2013-01-07 02:38:03 367104 ----a-w- C:\windows\SysWow64\html.iec

2013-01-07 02:38:01 74752 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-01-07 02:38:00 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-12-26 14:55:26 69672 ----a-w- C:\windows\System32\drivers\cfwids.sys

2012-12-26 14:52:44 339776 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2012-12-26 14:52:34 182312 ----a-w- C:\windows\System32\mfevtps.exe

2012-12-26 14:51:34 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2012-12-26 14:51:24 106112 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2012-12-26 14:50:48 771096 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2012-12-26 14:49:42 515528 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2012-12-26 14:49:00 309400 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2012-12-26 14:48:30 178840 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2012-12-07 05:41:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 05:35:34 2745856 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 05:04:20 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 04:57:38 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 03:21:08 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs

2012-11-30 05:50:00 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:50:00 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:50:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:49:28 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:46:35 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 05:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 05:06:49 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:33:03 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:56:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:56:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:56:34 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:56:33 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:51:41 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:51:41 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:51:41 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:51:41 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 10:32:45 801280 ----a-w- C:\windows\System32\usp10.dll

2012-11-22 09:33:26 627712 ----a-w- C:\windows\SysWow64\usp10.dll

2012-11-20 00:10:29 58288 ------w- C:\windows\SysWow64\rpcnet.exe

2012-11-09 05:34:27 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:49:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-31 20:10:00 829264 ----a-w- C:\windows\System32\msvcr100.dll

2012-10-31 20:10:00 773968 ----a-w- C:\windows\SysWow64\msvcr100.dll

2012-10-31 20:10:00 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll

2012-10-31 20:10:00 158536 ----a-w- C:\windows\System32\atl100.dll

2012-10-31 20:10:00 138056 ----a-w- C:\windows\SysWow64\atl100.dll

.

============= FINISH: 17:02:58.74 ===============

Link to post
Share on other sites

Howdy napotopia. :)

Thank you for the DDS log.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Thanks, TheDarkKnight.

Below is the log for Combofix:

ComboFix 13-01-30.04 - Administrator 01/30/2013 20:02:30.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2712 [GMT -5:00]

Running from: c:\users\Administrator\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\Documents\NTILiveUpdateV9.dll

c:\users\Public\Documents\NTIMMV9Acer.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))

.

.

2013-01-31 01:12 . 2013-01-31 01:12 -------- d-----w- c:\users\veronica\AppData\Local\temp

2013-01-31 01:12 . 2013-01-31 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-27 21:49 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-01-27 21:48 . 2013-01-27 21:48 -------- d-----w- c:\program files\iPod

2013-01-27 21:48 . 2013-01-27 21:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-27 21:48 . 2013-01-27 21:49 -------- d-----w- c:\program files\iTunes

2013-01-27 21:48 . 2013-01-27 21:49 -------- d-----w- c:\program files (x86)\iTunes

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-01-27 21:43 . 2013-01-27 21:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-01-27 21:42 . 2013-01-27 21:43 -------- d-----w- c:\program files (x86)\QuickTime

2013-01-14 18:26 . 2013-01-14 19:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-14 18:26 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-01-14 18:26 . 2013-01-14 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-01-14 18:26 . 2013-01-14 18:26 -------- d-----w- c:\users\Administrator\AppData\Local\Programs

2013-01-14 04:15 . 2013-01-12 08:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-14 03:02 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-01-14 03:02 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-14 03:02 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll

2013-01-14 03:02 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll

2013-01-14 03:02 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-14 03:02 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-14 03:02 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-14 03:02 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-14 03:00 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-14 02:59 . 2012-11-23 03:45 3147264 ----a-w- c:\windows\system32\win32k.sys

2013-01-14 02:18 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL

2013-01-02 02:19 . 2013-01-14 02:14 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics

2013-01-02 01:59 . 2010-11-02 05:12 1133568 ----a-w- c:\windows\system32\FntCache.dll

2013-01-02 01:59 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll

2013-01-02 01:59 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-01-02 01:59 . 2011-01-26 06:53 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-01-02 01:59 . 2010-11-02 05:18 229888 ----a-w- c:\windows\system32\XpsRasterService.dll

2013-01-02 01:59 . 2010-11-02 04:41 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll

2013-01-02 01:59 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll

2013-01-02 01:59 . 2011-01-26 06:31 144384 ----a-w- c:\windows\system32\cdd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-31 00:54 . 2010-07-20 08:23 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2013-01-31 00:23 . 2011-09-22 22:41 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2013-01-31 00:23 . 2010-07-20 08:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2013-01-31 00:22 . 2010-07-20 08:23 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2013-01-14 12:25 . 2012-08-04 17:03 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-12 20:46 . 2012-12-29 05:07 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-12 20:46 . 2012-12-29 05:07 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-31 17:49 . 2010-06-24 16:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-12-31 15:33 . 2012-12-31 15:18 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-31 15:33 . 2012-12-31 15:18 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-26 14:55 . 2011-12-29 02:14 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-12-26 14:52 . 2011-12-29 02:14 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-12-26 14:52 . 2011-12-29 02:14 182312 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-26 14:51 . 2011-12-29 02:14 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-12-26 14:51 . 2011-12-29 02:14 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-12-26 14:50 . 2011-12-29 02:14 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-12-26 14:49 . 2011-12-29 02:14 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-12-26 14:49 . 2011-12-29 02:14 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-12-26 14:48 . 2011-12-29 02:14 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-12-16 16:52 . 2012-12-29 05:22 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:40 . 2012-12-29 05:22 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25 . 2012-12-29 05:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:25 . 2012-12-29 05:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-11-30 04:56 . 2013-01-14 03:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-20 00:10 . 2011-09-22 22:41 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2012-11-09 05:34 . 2012-12-28 02:42 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:49 . 2012-12-28 02:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:27 . 2012-12-28 02:35 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 04:48 . 2012-12-28 02:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]

R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290896]

R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 20:46]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-44663677-415769327-1437879827-1000Core.job

- c:\users\veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 22:30]

.

2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-44663677-415769327-1437879827-1000UA.job

- c:\users\veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 22:30]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-44663677-415769327-1437879827-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 22:43]

.

2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-44663677-415769327-1437879827-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 22:43]

.

2013-01-02 c:\windows\Tasks\Norton Security Scan for veronica.job

- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-04-15 08:30]

.

.

--------- X64 Entries -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SYSTEM32\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,63,66,

4c,45,3f,3a,67,3d,52,66,31,7c,06,0b,5a

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:75,6b,31,29,b0,f2,cd,01

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a3,94,39,12,74,15,42,b4,ec,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,a3,94,39,12,74,15,42,b4,ec,8c,\

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrator"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrator"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrator"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrator"

.

[HKEY_USERS\S-1-5-21-44663677-415769327-1437879827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrator"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\0a\02\0b\032+?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-30 20:24:43

ComboFix-quarantined-files.txt 2013-01-31 01:24

.

Pre-Run: 231,914,708,992 bytes free

Post-Run: 231,907,291,136 bytes free

.

- - End Of File - - 7CD393FDDC8C5E952A121D2BDE36944B

Link to post
Share on other sites

Hello napotopia. :)

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

What issues are currently on your computer?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.