TechSpot

Laptop running slow and won't allow some critical updates...logs attached

Solved
By mcIrishgurl
Oct 4, 2012
Topic Status:
Not open for further replies.
  1. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    No it's not there.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's search in manually, then...

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  3. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    lSystemLook 30.07.11 by jpshortstuff
    Log created at 14:07 on 10/10/2012 by Jonathan
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*frostwire*"
    C:\Program Files (x86)\FrostWire\App\DefaultData\FrostWire\frostwire.props --a---- 731 bytes [17:50 13/07/2008] [17:50 13/07/2008] 4ACA886DA80574B85601EAA2425428B4
    C:\Program Files (x86)\FrostWire\App\DefaultData\settings\FrostWirePortableSettings.ini --a---- 76 bytes [23:44 23/03/2008] [23:44 23/03/2008] B3D987A478A619A668B924F2096F6504
    C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.exe --a---- 114688 bytes [04:50 20/11/2010] [04:50 20/11/2010] 4939D0506630168E691C7D389435A773
    C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.ico --a---- 60064 bytes [04:50 20/11/2010] [04:50 20/11/2010] 754490D01DE6F6E361D7D133ECB13C20
    C:\Program Files (x86)\FrostWire\App\frostwire\FrostWire.jar --a---- 8199991 bytes [08:00 17/02/2011] [08:00 17/02/2011] BBAFC3D46F43BE794DBD328D3C37F2E9
    C:\Program Files (x86)\FrostWire\Data\settings\FrostWirePortableSettings.ini --a---- 685 bytes [08:09 17/02/2011] [08:09 17/02/2011] 1120AB10DF6C56A0A1276C4BB9C4244C
    C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\frostwire.props --a---- 916 bytes [08:09 17/02/2011] [08:09 17/02/2011] C6418ECA9A73F956154D8B05318E6EFF
    C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme.fwtp --a---- 880 bytes [08:09 17/02/2011] [08:09 17/02/2011] D74F1C8B608C39EBC6276A2717CF871D
    C:\Program Files (x86)\FrostWire\Other\Source\frostwire logo.ai --a---- 337513 bytes [20:50 13/07/2008] [20:50 13/07/2008] 3E7236CCB4335EB2069A0677B3DEF4EF
    C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.ini --a---- 460 bytes [16:59 31/07/2008] [16:59 31/07/2008] 2E26B203B47C68118D09BB1ECCCBB223
    C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.jpg --a---- 35937 bytes [17:24 16/01/2008] [17:24 16/01/2008] 92983E999E12CE1DB6BD786F9E6BB9FE
    C:\Program Files (x86)\FrostWire\Other\Source\FrostWirePortable.nsi --a---- 13491 bytes [18:12 13/07/2008] [18:12 13/07/2008] 6064A2ACE07AA99A86E71E0CC0E4C061
    C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk --a---- 1049 bytes [21:14 08/07/2011] [22:54 08/07/2011] 6228EDD8105D745CB1C66AFCA8FDE9E1
    C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire\FrostWire.lnk --a---- 840 bytes [21:14 08/07/2011] [22:54 08/07/2011] 7E425D73CAABE1AE88E8CFD31743AEC2

    ========== folderfind ==========

    Searching for "*frostwire*"
    C:\Program Files (x86)\FrostWire d------ [21:14 08/07/2011]
    C:\Program Files (x86)\FrostWire\App\frostwire d------ [21:14 08/07/2011]
    C:\Program Files (x86)\FrostWire\App\DefaultData\FrostWire d------ [21:14 08/07/2011]
    C:\Program Files (x86)\FrostWire\Data\settings\FrostWire d------ [21:14 08/07/2011]
    C:\Program Files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme d------ [21:14 08/07/2011]
    C:\Users\Jonathan\Frostwire d------ [19:10 09/07/2011]
    C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire d------ [21:14 08/07/2011]
    C:\Users\Jonathan\Documents\FrostWire d------ [18:45 09/07/2011]
    C:\Users\Jonathan\Music\Frostwire d------ [16:32 28/07/2011]

    ========== regfind ==========

    Searching for "frostwire"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Program Files (x86)\FrostWire\FrostWire.exe"="VISTARTM"

    -= EOF =
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  5. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    Log...

    ComboFix 12-10-10.02 - Jonathan 10/10/2012 14:33:37.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4346 [GMT -5:00]
    Running from: c:\users\Jonathan\Downloads\ComboFix.exe
    Command switches used :: c:\users\Jonathan\Documents\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FrostWire
    c:\program files (x86)\FrostWire\App\AppInfo\appicon.ico
    c:\program files (x86)\FrostWire\App\AppInfo\appinfo.ini
    c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\frostwire.props
    c:\program files (x86)\FrostWire\App\DefaultData\FrostWire\installation.props
    c:\program files (x86)\FrostWire\App\DefaultData\settings\FrostWirePortableSettings.ini
    c:\program files (x86)\FrostWire\App\frostwire\aopalliance.jar
    c:\program files (x86)\FrostWire\App\frostwire\clink.jar
    c:\program files (x86)\FrostWire\App\frostwire\commons-codec-1.3.jar
    c:\program files (x86)\FrostWire\App\frostwire\commons-logging.jar
    c:\program files (x86)\FrostWire\App\frostwire\daap.jar
    c:\program files (x86)\FrostWire\App\frostwire\EULA.txt
    c:\program files (x86)\FrostWire\App\frostwire\forms.jar
    c:\program files (x86)\FrostWire\App\frostwire\foxtrot.jar
    c:\program files (x86)\FrostWire\App\frostwire\FrostWire.exe
    c:\program files (x86)\FrostWire\App\frostwire\FrostWire.ico
    c:\program files (x86)\FrostWire\App\frostwire\FrostWire.jar
    c:\program files (x86)\FrostWire\App\frostwire\gettext-commons.jar
    c:\program files (x86)\FrostWire\App\frostwire\GPL2.txt
    c:\program files (x86)\FrostWire\App\frostwire\GPL3.txt
    c:\program files (x86)\FrostWire\App\frostwire\gson-1.4.jar
    c:\program files (x86)\FrostWire\App\frostwire\guice-1.0.jar
    c:\program files (x86)\FrostWire\App\frostwire\hashes
    c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0-alpha3.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpclient-4.0.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0-beta2.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpcore-4.0.1.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0-beta2.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpcore-nio-4.0.1.jar
    c:\program files (x86)\FrostWire\App\frostwire\httpcore-niossl-4.0-alpha7.jar
    c:\program files (x86)\FrostWire\App\frostwire\icu4j.jar
    c:\program files (x86)\FrostWire\App\frostwire\inspection.props
    c:\program files (x86)\FrostWire\App\frostwire\jaudiotagger.jar
    c:\program files (x86)\FrostWire\App\frostwire\jcip-annotations.jar
    c:\program files (x86)\FrostWire\App\frostwire\jcraft.jar
    c:\program files (x86)\FrostWire\App\frostwire\jdic.dll
    c:\program files (x86)\FrostWire\App\frostwire\jdic.jar
    c:\program files (x86)\FrostWire\App\frostwire\jdic_stub.jar
    c:\program files (x86)\FrostWire\App\frostwire\jflac.jar
    c:\program files (x86)\FrostWire\App\frostwire\jl.jar
    c:\program files (x86)\FrostWire\App\frostwire\jmdns.jar
    c:\program files (x86)\FrostWire\App\frostwire\jogg.jar
    c:\program files (x86)\FrostWire\App\frostwire\jorbis.jar
    c:\program files (x86)\FrostWire\App\frostwire\jython.jar
    c:\program files (x86)\FrostWire\App\frostwire\launch.properties
    c:\program files (x86)\FrostWire\App\frostwire\log.txt
    c:\program files (x86)\FrostWire\App\frostwire\log4j.jar
    c:\program files (x86)\FrostWire\App\frostwire\log4j.properties
    c:\program files (x86)\FrostWire\App\frostwire\looks.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-all.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-azureus.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-collection.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-common.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-http.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-io.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-mojito.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-net.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-nio.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-resources.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-rudp.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-security.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-setting.jar
    c:\program files (x86)\FrostWire\App\frostwire\lw-statistic.jar
    c:\program files (x86)\FrostWire\App\frostwire\messages.jar
    c:\program files (x86)\FrostWire\App\frostwire\mp3spi.jar
    c:\program files (x86)\FrostWire\App\frostwire\onion-common.jar
    c:\program files (x86)\FrostWire\App\frostwire\onion-fec.jar
    c:\program files (x86)\FrostWire\App\frostwire\pmf.ico
    c:\program files (x86)\FrostWire\App\frostwire\ProgressTabs.jar
    c:\program files (x86)\FrostWire\App\frostwire\seenMessages.dat
    c:\program files (x86)\FrostWire\App\frostwire\splash.jar
    c:\program files (x86)\FrostWire\App\frostwire\SystemUtilities.dll
    c:\program files (x86)\FrostWire\App\frostwire\SystemUtilitiesA.dll
    c:\program files (x86)\FrostWire\App\frostwire\themes.jar
    c:\program files (x86)\FrostWire\App\frostwire\tray.dll
    c:\program files (x86)\FrostWire\App\frostwire\tritonus.jar
    c:\program files (x86)\FrostWire\App\frostwire\Uninstall.exe
    c:\program files (x86)\FrostWire\App\frostwire\vorbisspi.jar
    c:\program files (x86)\FrostWire\App\readme.txt
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\frostwire.props
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\installation.props
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\library.dat
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\mojito.props
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme.fwtp
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\theme.txt
    c:\program files (x86)\FrostWire\Data\settings\FrostWire\themes\frostwirePro_theme\version.txt
    c:\program files (x86)\FrostWire\Data\settings\FrostWirePortableSettings.ini
    c:\program files (x86)\FrostWire\Other\Help\images\donation_button.png
    c:\program files (x86)\FrostWire\Other\Help\images\favicon.ico
    c:\program files (x86)\FrostWire\Other\Help\images\help_background_footer.png
    c:\program files (x86)\FrostWire\Other\Help\images\help_background_header.png
    c:\program files (x86)\FrostWire\Other\Help\images\help_logo_top.png
    c:\program files (x86)\FrostWire\Other\Source\AppSource.txt
    c:\program files (x86)\FrostWire\Other\Source\frostwire logo.ai
    c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.ini
    c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.jpg
    c:\program files (x86)\FrostWire\Other\Source\FrostWirePortable.nsi
    c:\program files (x86)\FrostWire\Other\Source\License.txt
    c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller-old.nsi
    c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.bmp
    c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstaller.nsi
    c:\program files (x86)\FrostWire\Other\Source\PortableApps.comInstallerLANG_ENGLISH.nsh
    c:\program files (x86)\FrostWire\Other\Source\ReadINIStrWithDefault.nsh
    c:\program files (x86)\FrostWire\Other\Source\Readme.txt
    c:\users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire.lnk
    c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
    c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire\FrostWire.lnk
    c:\users\Jonathan\Documents\FrostWire
    c:\users\Jonathan\Documents\FrostWire\Torrents\Lil' Wayne - How To Love.mp3.torrent
    c:\users\Jonathan\Documents\FrostWire\Torrents\Lil Wayne ft.Rick Ross - John (2011 Explicit)@JB59.mp4.torrent
    c:\users\Jonathan\Frostwire
    c:\users\Jonathan\Frostwire\Lil' Wayne - How To Love.mp3.torrent
    c:\users\Jonathan\Music\Frostwire
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-10 19:38 . 2012-10-10 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-10 16:41 . 2012-10-10 16:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\offreg.dll
    2012-10-10 16:08 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06BEBFB0-3B34-46DD-B880-4BD72B27CBE2}\mpengine.dll
    2012-10-10 15:53 . 2012-10-10 15:53 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-10-09 18:10 . 2012-10-09 18:10 -------- d-----w- c:\program files (x86)\ESET
    2012-10-05 18:03 . 2012-10-05 18:04 -------- d-----w- c:\programdata\HitmanPro
    2012-10-05 01:40 . 2012-10-05 01:43 -------- d-----w- c:\users\Jonathan\Tracing
    2012-10-04 22:30 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-10-04 21:02 . 2012-10-04 21:02 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-04 18:19 . 2012-10-04 18:19 -------- d-----w- C:\FRST
    2012-10-04 04:22 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-10-04 02:44 . 2012-10-04 02:44 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
    2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-04 02:43 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-04 02:43 . 2012-10-04 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-04 02:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-10-04 02:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-10-04 01:46 . 2012-10-04 01:46 -------- d-----w- c:\users\Jonathan\AppData\Local\Secunia PSI
    2012-10-04 01:45 . 2012-10-04 01:45 -------- d-----w- c:\program files (x86)\Secunia
    2012-10-04 00:21 . 2012-10-04 00:21 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
    2012-10-04 00:20 . 2012-10-04 00:21 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-10-04 00:20 . 2012-10-04 00:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-10-04 00:13 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2012-10-04 00:13 . 2012-10-04 00:15 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2012-10-04 00:08 . 2012-10-04 00:08 -------- d-----w- c:\users\Jonathan\AppData\Local\Macromedia
    2012-10-03 23:55 . 2012-10-03 23:55 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    2012-10-03 23:41 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-10-03 23:41 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-10-03 23:41 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-10-03 23:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-10-03 23:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 23:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-10-03 23:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-10-03 22:50 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-10-03 22:35 . 2012-10-03 22:35 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-10-03 22:28 . 2012-10-03 23:29 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-03 22:23 . 2012-10-03 22:23 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-10-03 22:23 . 2012-10-03 22:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-10-03 22:22 . 2012-10-03 22:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-03 22:22 . 2012-10-03 22:22 -------- d-----w- c:\program files (x86)\Java
    2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\users\Jonathan\AppData\Local\Mozilla
    2012-10-03 22:00 . 2012-10-03 22:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-10-03 21:42 . 2012-10-03 21:42 -------- d-----w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-03 23:29 . 2011-06-13 20:14 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-03 22:22 . 2011-07-09 18:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-18 02:29 . 2011-05-31 04:25 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-07-27 20:51 . 2012-07-27 20:51 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2012-07-27 20:51 . 2012-07-27 20:51 53656 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-07-18 18:15 . 2012-08-24 08:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-17 19:55 . 2010-10-14 03:28 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-07-17 19:52 . 2010-10-14 03:28 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-07-17 19:52 . 2011-05-20 18:23 177144 ----a-w- c:\windows\system32\mfevtps.exe
    2012-07-17 19:51 . 2011-05-20 18:23 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-07-17 19:51 . 2010-10-14 03:28 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-07-17 19:50 . 2010-10-14 03:28 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-07-17 19:49 . 2010-10-14 03:28 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-07-17 19:48 . 2010-10-14 03:28 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-07-17 19:48 . 2010-10-14 03:28 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-07-16 12:30 . 2012-07-16 12:30 4024320 ----a-w- c:\program files (x86)\GUT67B1.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
    2012-06-11 21:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 250288]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 136176]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-31 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 23:29]
    .
    2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
    .
    2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 20:17]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D10AB58E-75A9-4575-B9C4-BC677D6061AC}\653405962716475637: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\xf9im9nl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\06\01\1b\16-(R"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-10 14:40:03
    ComboFix-quarantined-files.txt 2012-10-10 19:40
    ComboFix2.txt 2012-10-07 23:55
    .
    Pre-Run: 570,574,077,952 bytes free
    Post-Run: 570,426,544,128 bytes free
    .
    - - End Of File - - BA723B039C0489C8C22C7EA78830F8D2
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Is it gone?
  7. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent! We will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  9. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    I have windows7 and was able to create restore point and do the disk cleanup...but I don't have a tab called more options there to do the the system restore and shadow backup clean up...how do you do that for my version of windows? also I downloaded the slim version of ccleaner and did those steps and already have the regular free version of ccleaner...what's the difference between the slim free and regular free and which one should I keep because I don't need 2 versions...

    log....

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 4.6
    Secunia PSI (3.0.0.4001)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java 7 Update 7
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You can get rid of either one. The slim version doesn't include the toolbar or browser, but if you're smart about installing programs, then you won't install the toolbar or web browser they try to get you to install. The slim version just helps us ensure you don't install that extra stuff.

    For deleting the old Restore Points, go to CCleaner, click the Tools > System Restore tab. Select all of the current Restore Points, and click on Remove. The one you just created, you won't be able to delete.
  11. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    Ok...thanks...did that...what is next?
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  13. mcIrishgurl

    mcIrishgurl TechSpot Enthusiast Topic Starter Posts: 134

    No, not at this time...so I'm good to go? if so, thank you SO VERY much!
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Indeed. Marked as solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.