ComboFix 11-12-24.10 - Toni 26/12/2011 7:45.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8174.6753 [GMT 11:00] Running from: c:\users\Toni\Desktop\ComboFix.exe AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))) . . 2011-12-25 20:51 . 2011-12-25 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-24 02:05 . 2006-06-19 02:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll 2011-12-24 02:05 . 2006-05-25 04:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll 2011-12-24 02:05 . 2005-08-25 14:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll 2011-12-24 02:05 . 2003-02-02 09:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2011-12-24 02:05 . 2002-03-05 14:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2011-12-24 02:05 . 2011-12-24 02:05 -------- d-----w- c:\program files (x86)\Trojan Remover 2011-12-24 02:05 . 2011-12-24 02:05 -------- d-----w- c:\programdata\Simply Super Software 2011-12-23 23:38 . 2011-12-23 23:38 -------- d-----w- c:\program files (x86)\Trend Micro 2011-12-23 16:11 . 2011-12-24 00:51 -------- d-----w- c:\programdata\SecTaskMan 2011-12-23 16:11 . 2011-12-23 16:11 -------- d-----w- c:\program files (x86)\Security Task Manager 2011-12-23 16:04 . 2011-12-23 16:04 -------- d-----w- c:\program files (x86)\ESET 2011-12-23 15:46 . 2011-12-23 16:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-12-23 15:46 . 2011-12-23 15:50 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-12-23 15:40 . 2011-08-31 06:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-23 15:40 . 2011-12-23 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-23 15:03 . 2011-12-23 15:03 -------- d-----w- c:\programdata\Malwarebytes 2011-12-23 14:00 . 2011-12-23 14:50 -------- d-----w- c:\program files\Windows 7 Manager 2011-12-20 16:01 . 2011-12-20 16:01 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-12-18 03:08 . 2011-12-18 03:36 -------- d-----w- c:\program files (x86)\MP3Gain 2011-12-18 03:04 . 2011-12-18 03:04 -------- d-----w- c:\program files (x86)\NCH Software 2011-12-18 03:04 . 2011-12-18 03:04 -------- d-----w- c:\program files (x86)\NCH Swift Sound 2011-12-18 03:03 . 2011-12-18 03:03 -------- d-----w- c:\program files (x86)\Audacity 2011-12-18 00:50 . 2011-12-18 00:50 -------- d-----w- c:\program files (x86)\mIRC 2011-12-18 00:08 . 2011-12-18 00:08 -------- d-----w- c:\windows\system32\SPReview 2011-12-18 00:08 . 2011-12-18 00:08 -------- d-----w- c:\windows\system32\EventProviders 2011-12-17 18:59 . 2010-11-20 13:27 299520 ----a-w- c:\windows\system32\tsmf.dll 2011-12-17 18:58 . 2010-11-20 13:27 124928 ----a-w- c:\windows\system32\wiavideo.dll 2011-12-17 18:57 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2011-12-17 18:57 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2011-12-17 18:57 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-12-17 18:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-12-17 18:55 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2011-12-17 18:54 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2011-12-17 02:39 . 2011-12-17 02:39 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-12-17 02:39 . 2011-12-17 02:39 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-16 21:42 . 2011-12-16 21:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-16 21:42 . 2011-12-16 21:42 -------- d-----w- c:\windows\system32\Macromed 2011-12-16 15:37 . 2011-12-16 15:37 -------- d-----w- c:\windows\SysWow64\spool 2011-12-16 15:37 . 2011-12-16 15:37 -------- d-----w- c:\program files (x86)\Adobe Media Player 2011-12-16 15:35 . 2011-12-16 15:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2011-12-16 15:35 . 2011-12-16 15:42 -------- d-----w- c:\program files\Common Files\Adobe 2011-12-16 14:13 . 2011-12-16 14:13 -------- dc----w- c:\windows\system32\DRVSTORE 2011-12-16 14:13 . 2009-05-18 02:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-12-16 14:13 . 2008-04-17 01:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2011-12-16 14:13 . 2008-04-17 01:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2011-12-16 14:11 . 2011-12-16 14:11 -------- d-----w- c:\program files\iPod 2011-12-16 14:11 . 2011-12-16 14:13 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2011-12-16 14:11 . 2011-12-16 14:13 -------- d-----w- c:\program files\iTunes 2011-12-16 14:11 . 2011-12-16 14:13 -------- d-----w- c:\program files (x86)\iTunes 2011-12-16 14:11 . 2011-12-16 14:11 -------- d-----w- c:\programdata\Apple Computer 2011-12-16 14:11 . 2011-12-16 14:11 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-12-16 14:10 . 2011-12-16 14:10 -------- d-----w- c:\program files\Common Files\Apple 2011-12-16 14:10 . 2011-12-23 14:02 -------- d-----w- c:\program files\Bonjour 2011-12-16 14:10 . 2011-12-16 14:10 -------- d-----w- c:\program files (x86)\Bonjour 2011-12-16 14:10 . 2011-12-16 14:11 -------- d-----w- c:\program files (x86)\Common Files\Apple 2011-12-16 14:10 . 2011-12-16 14:10 -------- d-----w- c:\programdata\Apple 2011-12-16 09:41 . 2011-12-16 22:29 -------- d-----w- c:\programdata\VirtualizedApplications 2011-12-16 05:47 . 2011-12-16 05:47 -------- d-----w- c:\program files (x86)\MSXML 4.0 2011-12-16 05:47 . 2011-12-16 05:47 -------- d-----w- c:\windows\SysWow64\Wat 2011-12-16 05:47 . 2011-12-16 05:47 -------- d-----w- c:\windows\system32\Wat 2011-12-16 05:46 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-12-16 05:46 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-12-16 05:46 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-12-16 05:46 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-12-16 05:46 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-12-16 04:54 . 2007-10-21 16:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll 2011-12-16 04:43 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe 2011-12-16 04:43 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi 2011-12-16 04:43 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi 2011-12-16 04:43 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe 2011-12-16 04:43 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll 2011-12-16 04:43 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll 2011-12-16 04:43 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll 2011-12-16 04:43 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2011-12-16 04:41 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2011-12-16 04:41 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2011-12-16 04:41 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2011-12-16 04:41 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2011-12-16 04:41 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2011-12-16 04:41 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-12-16 04:41 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-12-16 04:41 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-12-16 04:41 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-12-16 04:41 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-12-16 04:41 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-12-16 04:41 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-12-16 04:39 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-12-16 04:38 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2011-12-16 04:36 . 2011-07-16 02:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-12-16 04:35 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-16 04:35 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-16 04:34 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 04:34 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-12-16 04:34 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe 2011-12-16 04:34 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-12-16 04:34 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll 2011-12-16 04:34 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-12-16 04:34 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-12-16 04:34 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-12-16 04:34 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-12-16 04:34 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-12-16 04:34 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-12-16 04:34 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-12-16 04:33 . 2011-12-16 04:33 -------- d-----w- c:\program files\Media Player Classic - Home Cinema 2011-12-16 04:29 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-16 04:29 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-12-16 04:29 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-12-16 04:29 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-12-16 04:29 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-12-16 04:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-12-16 04:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-12-16 04:29 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 04:29 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-16 04:02 . 2011-12-16 04:47 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2011-12-16 03:54 . 2011-12-16 03:54 -------- d-----w- c:\program files (x86)\uTorrent 2011-12-16 03:48 . 2011-12-25 14:00 -------- d-----w- c:\program files (x86)\Opera 2011-12-16 03:28 . 2011-12-23 14:27 -------- d-----w- c:\users\Toni 2011-12-16 03:27 . 2011-12-16 03:27 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-18 00:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-12-18 00:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-10-15 01:16 . 2010-11-15 13:48 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-10-15 01:16 . 2010-01-06 02:04 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2011-10-15 01:16 . 2010-01-06 02:04 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-10-15 01:16 . 2010-01-06 02:04 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 01:16 . 2010-01-06 02:04 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-10-15 01:16 . 2010-01-06 02:04 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2011-10-15 01:16 . 2010-01-06 02:04 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-10-15 01:16 . 2010-01-06 02:04 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-15 01:16 . 2010-01-06 02:04 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 407920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304] "VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-06 189296] "MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-10-30 124136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-11-16 704032] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-26 1129760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-16 1038088] R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x] R3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2011/04/13 11:07];c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-05-19 19:33 146928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2010-11-06 315248] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-06 257904] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-11-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-11-18 161168] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-13 508264] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-13 219496] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-491127301-559857171-678421067-1001Core.job - c:\users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 03:42] . 2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-491127301-559857171-678421067-1001UA.job - c:\users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 03:42] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-10 11580520] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "combofix"="c:\combofix\CF30015.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://acer.msn.com mStart Page = hxxp://acer.msn.com uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\rmx905d3.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6E090BD5-4EF5-4bf0-A968-74049E88E935}] "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2011-12-26 07:56:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-25 20:56 . Pre-Run: 607,917,838,336 bytes free Post-Run: 607,443,652,608 bytes free . - - End Of File - - 56683486229A8CDC038DAAE068CF4B81