I already have a thread about this computer here:
http://www.techist.com/forums/f51/can-anyone-diagnose-243421/
I brought Combofix and Hijack This over from my PC and here are the results, Is there anything glaring?
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2654 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 16:07 . 2011-03-18 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 15:48 . 2011-02-23 14:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3C461E4-BAFE-4910-9B97-E4682C465CE5}\mpengine.dll
2011-03-08 02:44 . 2011-03-08 02:44 -------- d-----w- c:\users\Adam\AppData\Roaming\IObit
2011-03-08 02:44 . 2011-03-08 02:44 -------- d-----w- c:\program files (x86)\IObit
2011-03-08 02:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-08 02:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-08 01:32 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-03-07 23:29 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-03-07 23:28 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-07 23:28 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-07 23:27 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-07 23:27 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-03-07 23:27 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-07 23:27 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-03-07 23:27 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-03-07 23:27 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-03-07 23:27 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-03-07 23:27 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-03-07 23:27 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-03-07 23:26 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-03-07 23:26 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-07 23:26 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-07 23:26 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-07 23:26 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-07 23:26 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-03-07 23:26 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-03-07 23:26 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-03-07 23:26 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-03-07 23:26 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-03-07 23:20 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-07 23:20 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-07 23:20 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-07 23:20 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 17:44 . 2011-02-24 17:44 -------- d-----w- c:\programdata\Hitman Pro
2011-02-20 22:42 . 2011-03-07 23:06 -------- d-----w- C:\fa73562d9e9c629eddf2b8
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2010-09-11 19:12 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 23:09 . 2010-12-23 21:45 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-23 21:45 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2009-04-09 1704960]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-09 149280]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-03-08 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-08 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273602105416l0368z1k5t48l1d710
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273602105416l0368z1k5t48l1d710
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\2i3oy2pz.default\
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-381073107-1990045009-2876037378-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-381073107-1990045009-2876037378-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-18 12:09:31
ComboFix-quarantined-files.txt 2011-03-18 16:09
.
Pre-Run: 135,445,458,944 bytes free
Post-Run: 135,087,910,912 bytes free
.
ï€ - End Of File - - B0E28FF0DF5C24B57BBAC588DC2F4D1C
http://www.techist.com/forums/f51/can-anyone-diagnose-243421/
I brought Combofix and Hijack This over from my PC and here are the results, Is there anything glaring?
COMBOFIX LOG RESULTS
ComboFix 11-03-16.01 - Adam 03/18/2011 12:01:15.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2654 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 16:07 . 2011-03-18 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 15:48 . 2011-02-23 14:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3C461E4-BAFE-4910-9B97-E4682C465CE5}\mpengine.dll
2011-03-08 02:44 . 2011-03-08 02:44 -------- d-----w- c:\users\Adam\AppData\Roaming\IObit
2011-03-08 02:44 . 2011-03-08 02:44 -------- d-----w- c:\program files (x86)\IObit
2011-03-08 02:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-08 02:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-08 01:32 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-03-07 23:29 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-03-07 23:28 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-07 23:28 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-07 23:27 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-07 23:27 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-03-07 23:27 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-07 23:27 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-03-07 23:27 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-03-07 23:27 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-03-07 23:27 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-03-07 23:27 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-03-07 23:27 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-03-07 23:26 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-03-07 23:26 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-07 23:26 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-07 23:26 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-07 23:26 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-07 23:26 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-03-07 23:26 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-03-07 23:26 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-03-07 23:26 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-03-07 23:26 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-03-07 23:20 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-07 23:20 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-07 23:20 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-07 23:20 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 17:44 . 2011-02-24 17:44 -------- d-----w- c:\programdata\Hitman Pro
2011-02-20 22:42 . 2011-03-07 23:06 -------- d-----w- C:\fa73562d9e9c629eddf2b8
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2010-09-11 19:12 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-20 23:09 . 2010-12-23 21:45 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-12-23 21:45 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2009-04-09 1704960]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-09 149280]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-03-08 21:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-08 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273602105416l0368z1k5t48l1d710
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=273602105416l0368z1k5t48l1d710
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\2i3oy2pz.default\
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-381073107-1990045009-2876037378-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-381073107-1990045009-2876037378-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-18 12:09:31
ComboFix-quarantined-files.txt 2011-03-18 16:09
.
Pre-Run: 135,445,458,944 bytes free
Post-Run: 135,087,910,912 bytes free
.
ï€ - End Of File - - B0E28FF0DF5C24B57BBAC588DC2F4D1C