sincitymx

trying to install autocad 2014 and I keep getting error messages relating to the VBScript error. I've completely uninstalled autocad and I'm still getting the error. I've already tried the fix they recommend and it doesn't help. maybe its a virus or something I'm thinking. I appreciate any help.

Everything looks good so far, EST seems to have removed the threats and I've done combo fix, malware, est, roguekiller, and TDS and they haven't found anything that's deemed a threat.

seems to be getting better. doing additional scans right now to verify it's clean.

C:\Windows\SysWOW64\igfxupdate.exe Win32/BitCoinMiner.O application C:\Qoobox\Quarantine\C\Users\PGN\AppData\Roaming\xf-autocad-kg_x32.exe.vir a variant of MSIL/Injector.ABU trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe.vir a variant of MSIL/Injector.ABU trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\SysWOW64\update\igfxupdate.exe.vir Win32/BitCoinMiner.N application cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\07.06.2013_17.01.42\susp0001\svc0000\tsk0000.dta Win64/CoinMiner.B trojan cleaned by deleting - quarantined C:\Windows\System32\igfxupdate.exe Win32/BitCoinMiner.O application cleaned by deleting - quarantined Q:\PAYTON\Backup Set 2013-04-24 121439\Backup Files 2013-04-24 121439\Backup files 1.zip multiple threats deleted - quarantined thanks

ComboFix 13-06-18.02 - PGN 06/18/2013 9:24.6.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16307.13198 [GMT -7:00] Running from: c:\users\PGN\Desktop\ComboFix.exe Command switches used :: c:\users\PGN\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe . . ((((((((((((((((((((((((( Files Created from 2013-05-18 to 2013-06-18 ))))))))))))))))))))))))))))))) . . 2013-06-18 16:26 . 2013-06-18 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-12 10:01 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2013-06-12 09:14 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 13:56 . 2013-06-11 13:56 -------- d-----w- c:\windows\ERUNT 2013-06-11 13:56 . 2013-06-11 13:56 -------- d-----w- C:\JRT 2013-06-10 18:54 . 2013-06-10 18:54 -------- d-----w- c:\users\PGN\IGC 2013-06-10 17:53 . 2013-06-10 17:53 208216 ----a-w- c:\windows\system32\drivers\20230112.sys 2013-06-10 15:25 . 2013-06-10 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-10 15:25 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-10 14:55 . 2010-11-20 12:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui 2013-06-10 14:01 . 2013-06-10 14:02 -------- d-----w- c:\program files\Windows XP Mode 2013-06-08 00:22 . 2013-06-08 00:22 -------- d-----w- c:\users\PGN\AppData\Roaming\Malwarebytes 2013-06-08 00:02 . 2013-06-08 00:02 -------- d-----w- C:\TDSSKiller_Quarantine 2013-06-07 23:46 . 2013-06-07 23:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-07 13:29 . 2013-06-07 13:29 -------- d-----w- c:\program files (x86)\Avolve Software 2013-06-05 20:55 . 2013-06-05 20:55 -------- d-----w- c:\program files\MOSCHIP 2013-06-05 15:33 . 2013-06-05 16:42 -------- d-----w- c:\users\PGN\AppData\Roaming\iPumper 2013-06-05 14:43 . 2013-06-10 16:10 -------- d-----w- c:\users\PGN\AppData\Local\ElevatedDiagnostics 2013-06-05 13:59 . 2013-06-18 14:30 -------- d-----r- c:\users\PGN\Virtual Machines 2013-06-05 13:51 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys 2013-06-05 13:51 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll 2013-06-05 13:51 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys 2013-06-05 13:25 . 2013-06-05 13:25 -------- d-----w- c:\program files\Microsoft Games 2013-05-22 19:11 . 2013-05-22 19:11 -------- d-----w- c:\program files (x86)\Aide PDF to DXF Converter 2013-05-21 04:00 . 2013-05-21 04:00 5079256 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2013-05-21 04:00 . 2013-05-21 04:00 4843712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2013-05-21 04:00 . 2013-05-21 04:00 25367232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL 2013-05-21 03:34 . 2013-05-21 03:34 6795992 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2013-05-21 03:34 . 2013-05-21 03:34 6572736 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2013-05-21 03:33 . 2013-05-21 03:33 35345600 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 10:01 . 2013-04-23 13:14 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 13:10 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 16:07 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-24 16:05 . 2013-04-26 16:06 269824 ----a-w- c:\windows\SysWow64\igfxupdate.exe 2013-04-24 16:05 . 2013-04-24 16:05 410112 ----a-w- c:\windows\system32\taskhost.rs 2013-04-24 16:05 . 2013-04-24 16:05 269824 ----a-w- c:\windows\system32\SearchEngine.rs 2013-04-24 13:16 . 2013-04-24 13:16 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-24 13:16 . 2013-04-24 13:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-24 13:16 . 2013-04-24 13:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-24 13:16 . 2013-04-24 13:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-24 13:16 . 2013-04-24 13:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-24 13:16 . 2013-04-24 13:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-24 13:16 . 2013-04-24 13:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-24 13:16 . 2013-04-24 13:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-24 13:16 . 2013-04-24 13:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-24 13:16 . 2013-04-24 13:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-24 13:16 . 2013-04-24 13:16 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-24 13:16 . 2013-04-24 13:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-24 13:16 . 2013-04-24 13:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-24 13:16 . 2013-04-24 13:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-24 13:16 . 2013-04-24 13:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-24 13:16 . 2013-04-24 13:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-24 13:16 . 2013-04-24 13:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-24 13:16 . 2013-04-24 13:16 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-24 13:16 . 2013-04-24 13:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-24 13:16 . 2013-04-24 13:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-24 13:16 . 2013-04-24 13:16 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-24 13:16 . 2013-04-24 13:16 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-24 13:16 . 2013-04-24 13:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-24 13:16 . 2013-04-24 13:16 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-24 13:16 . 2013-04-24 13:16 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-24 13:16 . 2013-04-24 13:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-24 13:16 . 2013-04-24 13:16 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-24 13:16 . 2013-04-24 13:16 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-24 13:16 . 2013-04-24 13:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-24 13:16 . 2013-04-24 13:16 441856 ----a-w- c:\windows\system32\html.iec 2013-04-24 13:16 . 2013-04-24 13:16 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-24 13:16 . 2013-04-24 13:16 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-24 13:16 . 2013-04-24 13:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-24 13:16 . 2013-04-24 13:16 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-24 13:16 . 2013-04-24 13:16 235008 ----a-w- c:\windows\system32\url.dll 2013-04-24 13:16 . 2013-04-24 13:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-24 13:16 . 2013-04-24 13:16 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-24 13:16 . 2013-04-24 13:16 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-24 13:16 . 2013-04-24 13:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-24 13:16 . 2013-04-24 13:16 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-24 13:16 . 2013-04-24 13:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-24 13:16 . 2013-04-24 13:16 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-24 13:16 . 2013-04-24 13:16 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-24 13:16 . 2013-04-24 13:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-24 13:16 . 2013-04-24 13:16 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-24 13:16 . 2013-04-24 13:16 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-24 13:16 . 2013-04-24 13:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-24 13:16 . 2013-04-24 13:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-24 13:16 . 2013-04-24 13:16 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-24 13:14 . 2013-04-24 13:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-24 13:14 . 2013-04-24 13:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-24 13:14 . 2013-04-24 13:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-04-24 13:14 . 2013-04-24 13:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-04-24 13:14 . 2013-04-24 13:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-04-24 13:14 . 2013-04-24 13:14 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-04-24 13:14 . 2013-04-24 13:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-04-24 13:14 . 2013-04-24 13:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-24 13:14 . 2013-04-24 13:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-04-24 13:14 . 2013-04-24 13:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-04-24 13:14 . 2013-04-24 13:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-04-24 13:14 . 2013-04-24 13:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-24 13:14 . 2013-04-24 13:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-04-24 13:14 . 2013-04-24 13:14 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-04-24 13:14 . 2013-04-24 13:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-04-24 13:14 . 2013-04-24 13:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-04-24 13:14 . 2013-04-24 13:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-24 13:14 . 2013-04-24 13:14 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-04-24 13:14 . 2013-04-24 13:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-04-24 13:14 . 2013-04-24 13:14 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-04-24 13:14 . 2013-04-24 13:14 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-24 13:14 . 2013-04-24 13:14 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-04-24 13:14 . 2013-04-24 13:14 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-04-24 13:14 . 2013-04-24 13:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-04-24 13:14 . 2013-04-24 13:14 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-24 13:14 . 2013-04-24 13:14 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-24 13:14 . 2013-04-24 13:14 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-04-24 13:14 . 2013-04-24 13:14 194560 ----a-w- c:\windows\system32\d3d10_1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "Power Manager Startup Utility"="c:\program files (x86)\Lenovo\PowerMgr\DPMHost.exe" [2012-02-22 23352] "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LBAEvent;Lenovo LBA Event Service;c:\program files\Lenovo\LBAI\LBAEvent.exe;c:\program files\Lenovo\LBAI\LBAEvent.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [x] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x] S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x] S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LBAI;Lenovo application interface driver;c:\windows\system32\Drivers\LBAI.sys;c:\windows\SYSNATIVE\Drivers\LBAI.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 StnPport;PCIe to Multi Mode Parallel Port;c:\windows\system32\DRIVERS\StnPport.sys;c:\windows\SYSNATIVE\DRIVERS\StnPport.sys [x] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 19019699 *NewlyCreated* - 24317562 *Deregistered* - 19019699 *Deregistered* - 24317562 *Deregistered* - NisDrv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 01:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54] . 2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 12343400] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-05-24 289648] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 208.13.143.36 65.41.120.51 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-18 09:27:16 ComboFix-quarantined-files.txt 2013-06-18 16:27 ComboFix2.txt 2013-06-18 15:49 ComboFix3.txt 2013-06-11 14:20 ComboFix4.txt 2013-06-11 14:04 ComboFix5.txt 2013-06-18 16:06 . Pre-Run: 867,914,506,240 bytes free Post-Run: 867,608,342,528 bytes free . - - End Of File - - C88248299C9799CC88A840E18B07E8B2 D41D8CD98F00B204E9800998ECF8427E

ComboFix 13-06-18.02 - PGN 06/18/2013 9:07:07.5.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16307.13474 [GMT -7:00] Running from: C:\Users\PGN\Desktop\ComboFix.exe Command switches used :: C:\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2013-05-18 to 2013-06-18 ))))))))))))))))))))))))))))))) 2013-06-18 16:09:09 . 2013-06-18 16:09:09 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-06-12 10:01:30 . 2013-05-17 01:25:26 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll 2013-06-12 09:14:31 . 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-06-11 13:56:08 . 2013-06-11 13:56:08 -------- d-----w- C:\Windows\ERUNT 2013-06-11 13:56:06 . 2013-06-11 13:56:06 -------- d-----w- C:\JRT 2013-06-10 18:54:15 . 2013-06-10 18:54:19 -------- d-----w- C:\Users\PGN\IGC 2013-06-10 17:53:13 . 2013-06-10 17:53:13 208216 ----a-w- C:\Windows\system32\drivers\20230112.sys 2013-06-10 15:25:05 . 2013-06-10 15:25:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-10 15:25:05 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-06-10 14:55:48 . 2010-11-20 12:09:36 2048 ----a-w- C:\Windows\system32\drivers\en-US\vpcusb.sys.mui 2013-06-10 14:01:54 . 2013-06-10 14:02:00 -------- d-----w- C:\Program Files\Windows XP Mode 2013-06-08 00:22:59 . 2013-06-08 00:22:59 -------- d-----w- C:\Users\PGN\AppData\Roaming\Malwarebytes 2013-06-08 00:02:50 . 2013-06-08 00:02:50 -------- d-----w- C:\TDSSKiller_Quarantine 2013-06-07 23:46:55 . 2013-06-07 23:56:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-07 13:29:26 . 2013-06-07 13:29:26 -------- d-----w- C:\Program Files (x86)\Avolve Software 2013-06-06 19:49:05 . 2012-04-02 06:41:00 8032256 ----a-w- C:\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe 2013-06-05 20:55:51 . 2013-06-05 20:55:51 -------- d-----w- C:\Program Files\MOSCHIP 2013-06-05 15:33:48 . 2013-06-05 16:42:01 -------- d-----w- C:\Users\PGN\AppData\Roaming\iPumper 2013-06-05 14:43:59 . 2013-06-10 16:10:22 -------- d-----w- C:\Users\PGN\AppData\Local\ElevatedDiagnostics 2013-06-05 13:59:53 . 2013-06-18 14:30:04 -------- d-----r- C:\Users\PGN\Virtual Machines 2013-06-05 13:51:06 . 2010-11-20 13:34:04 194944 ----a-w- C:\Windows\system32\drivers\vpchbus.sys 2013-06-05 13:51:06 . 2010-11-20 13:27:28 15872 ----a-w- C:\Windows\system32\vpchbuspipe.dll 2013-06-05 13:51:06 . 2010-11-20 11:35:34 95232 ----a-w- C:\Windows\system32\drivers\vpcusb.sys 2013-06-05 13:25:59 . 2013-06-05 13:25:59 -------- d-----w- C:\Program Files\Microsoft Games 2013-05-22 19:11:45 . 2013-05-22 19:11:46 -------- d-----w- C:\Program Files (x86)\Aide PDF to DXF Converter 2013-05-21 04:00:18 . 2013-05-21 04:00:18 5079256 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2013-05-21 04:00:18 . 2013-05-21 04:00:18 4843712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2013-05-21 04:00:18 . 2013-05-21 04:00:18 25367232 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL 2013-05-21 03:34:04 . 2013-05-21 03:34:04 6795992 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe 2013-05-21 03:34:04 . 2013-05-21 03:34:04 6572736 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll 2013-05-21 03:33:36 . 2013-05-21 03:33:36 35345600 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-06-12 10:01:45 . 2013-04-23 13:14:08 75825640 ----a-w- C:\Windows\system32\MRT.exe 2013-05-14 13:10:49 . 2011-03-29 01:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 16:07:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe 2013-04-24 16:05:58 . 2013-04-26 16:06:00 269824 ----a-w- C:\Windows\SysWow64\igfxupdate.exe 2013-04-24 16:05:58 . 2013-04-24 16:05:58 410112 ----a-w- C:\Windows\system32\taskhost.rs 2013-04-24 16:05:58 . 2013-04-24 16:05:58 269824 ----a-w- C:\Windows\system32\SearchEngine.rs 2013-04-24 13:16:14 . 2013-04-24 13:16:14 226304 ----a-w- C:\Windows\system32\elshyph.dll 2013-04-24 13:16:14 . 2013-04-24 13:16:14 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll 2013-04-24 13:16:14 . 2013-04-24 13:16:14 158720 ----a-w- C:\Windows\SysWow64\msls31.dll 2013-04-24 13:16:14 . 2013-04-24 13:16:14 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2013-04-24 13:16:13 . 2013-04-24 13:16:13 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx 2013-04-24 13:16:13 . 2013-04-24 13:16:13 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-04-24 13:16:13 . 2013-04-24 13:16:13 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll 2013-04-24 13:16:13 . 2013-04-24 13:16:13 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll 2013-04-24 13:16:13 . 2013-04-24 13:16:13 361984 ----a-w- C:\Windows\SysWow64\html.iec 2013-04-24 13:16:13 . 2013-04-24 13:16:13 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 138752 ----a-w- C:\Windows\SysWow64\wextract.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 12800 ----a-w- C:\Windows\SysWow64\mshta.exe 2013-04-24 13:16:13 . 2013-04-24 13:16:13 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll 2013-04-24 13:16:13 . 2013-04-24 13:16:12 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-04-24 13:16:12 . 2013-04-24 13:16:12 97280 ----a-w- C:\Windows\system32\mshtmled.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 81408 ----a-w- C:\Windows\system32\icardie.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 77312 ----a-w- C:\Windows\system32\tdc.ocx 2013-04-24 13:16:12 . 2013-04-24 13:16:12 762368 ----a-w- C:\Windows\system32\ieapfltr.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 62976 ----a-w- C:\Windows\system32\pngfilt.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 599552 ----a-w- C:\Windows\system32\vbscript.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 51200 ----a-w- C:\Windows\system32\imgutil.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 48640 ----a-w- C:\Windows\system32\mshtmler.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 452096 ----a-w- C:\Windows\system32\dxtmsft.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 441856 ----a-w- C:\Windows\system32\html.iec 2013-04-24 13:16:12 . 2013-04-24 13:16:12 281600 ----a-w- C:\Windows\system32\dxtrans.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 27648 ----a-w- C:\Windows\system32\licmgr10.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 270848 ----a-w- C:\Windows\system32\iedkcs32.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 247296 ----a-w- C:\Windows\system32\webcheck.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 235008 ----a-w- C:\Windows\system32\url.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 216064 ----a-w- C:\Windows\system32\msls31.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 197120 ----a-w- C:\Windows\system32\msrating.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 173568 ----a-w- C:\Windows\system32\ieUnatt.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 167424 ----a-w- C:\Windows\system32\iexpress.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl 2013-04-24 13:16:12 . 2013-04-24 13:16:12 149504 ----a-w- C:\Windows\system32\occache.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 144896 ----a-w- C:\Windows\system32\wextract.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat 2013-04-24 13:16:12 . 2013-04-24 13:16:12 13824 ----a-w- C:\Windows\system32\mshta.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 136192 ----a-w- C:\Windows\system32\iepeers.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll 2013-04-24 13:16:12 . 2013-04-24 13:16:12 12800 ----a-w- C:\Windows\system32\msfeedssync.exe 2013-04-24 13:16:12 . 2013-04-24 13:16:12 102912 ----a-w- C:\Windows\system32\inseng.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 522752 ----a-w- C:\Windows\system32\XpsGdiConverter.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 465920 ----a-w- C:\Windows\system32\WMPhoto.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 4096 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3928064 ----a-w- C:\Windows\system32\d2d1.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 363008 ----a-w- C:\Windows\system32\dxgi.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3584 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 2776576 ----a-w- C:\Windows\system32\msmpeg2vdec.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 2560 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 1682432 ----a-w- C:\Windows\system32\XpsPrint.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 1175552 ----a-w- C:\Windows\system32\FntCache.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-24 13:14:02 . 2013-04-24 13:14:02 10752 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 648192 ----a-w- C:\Windows\system32\d3d10level9.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 333312 ----a-w- C:\Windows\system32\d3d10_1core.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 296960 ----a-w- C:\Windows\system32\d3d10core.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 245248 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 221184 ----a-w- C:\Windows\system32\UIAnimation.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-04-24 13:14:01 . 2013-04-24 13:14:01 194560 ----a-w- C:\Windows\system32\d3d10_1.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 22:13:50 1216416] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 03:04:54 284440] "IMSS"="C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 04:38:36 133400] "USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 17:40:44 291608] "Power Manager Startup Utility"="C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe" [2012-02-22 08:19:18 23352] "Fastboot"="C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 06:29:21 1091376] "Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 12:59:15 155488] "Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 00:24:30 4351712] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 22:13:40 36760] C:\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ xf-autocad-kg_x32.exe [2012-4-1 8032256] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys;C:\Windows\SYSNATIVE\DRIVERS\Fastboot.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x] S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LBAEvent;Lenovo LBA Event Service;C:\Program Files\Lenovo\LBAI\LBAEvent.exe;C:\Program Files\Lenovo\LBAI\LBAEvent.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE;C:\Windows\SysWOW64\NLSSRV32.EXE [x] S2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [x] S2 Sentinel64;Sentinel64;C:\Windows\System32\Drivers\Sentinel64.sys;C:\Windows\SYSNATIVE\Drivers\Sentinel64.sys [x] S2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x] S2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x] S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys;C:\Windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LBAI;Lenovo application interface driver;C:\Windows\system32\Drivers\LBAI.sys;C:\Windows\SYSNATIVE\Drivers\LBAI.sys [x] S3 StnPport;PCIe to Multi Mode Parallel Port;C:\Windows\system32\DRIVERS\StnPport.sys;C:\Windows\SYSNATIVE\DRIVERS\StnPport.sys [x] S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys;C:\Windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - 19019699 *NewlyCreated* - 24317562 *Deregistered* - 19019699 *Deregistered* - 24317562 *Deregistered* - NisDrv [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 01:56:10 1165776 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-06-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54:13 . 2013-04-11 02:54:11] 2013-06-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54:13 . 2013-04-11 02:54:11] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 02:14:25 12343400] "LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-05-24 21:54:14 289648] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 06:01:28 415680] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm TCP: DhcpNameServer = 208.13.143.36 65.41.120.51 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file)

here it is... ComboFix.txt

attached attach.txt dds.txt

Been trying for a week now to get this virus off my computer and our usual computer guy is away on vacation. I've ran TDSkiller in safe mode and I still can't get my CPU clean.