ComboFix 13-08-31.01 - Brian Carroll 08/31/2013 20:45:53.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.2296 [GMT -4:00] Running from: c:\users\Brian Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15MNTQ0L\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Brian Carroll\AppData\Roaming\skype.ini . . ((((((((((((((((((((((((( Files Created from 2013-08-01 to 2013-09-01 ))))))))))))))))))))))))))))))) . . 2013-09-01 00:03 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27C0A548-5D84-4DF3-B6B6-26832EB94813}\mpengine.dll 2013-08-31 22:19 . 2013-08-31 22:19 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Macromedia 2013-08-31 21:12 . 2013-08-31 21:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-31 19:23 . 2013-08-31 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-31 19:23 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\users\Brian Carroll\AppData\Roaming\Malwarebytes 2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\programdata\Malwarebytes 2013-08-31 14:30 . 2013-08-31 14:30 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Programs 2013-08-30 22:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-30 13:49 . 2013-08-30 13:49 -------- d-----w- c:\programdata\HP 2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Mozilla 2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-08-29 16:14 . 2012-11-08 03:00 81920 ----a-w- c:\windows\SysWow64\mvusbews.dll 2013-08-29 16:11 . 2013-08-29 16:11 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio 2013-08-29 16:10 . 2013-08-29 16:11 -------- d-----w- C:\LJM1130_M1210_MFP_Full_Solution 2013-08-29 15:06 . 2012-09-29 17:25 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPM1210PP.dll 2013-08-29 15:05 . 2012-11-08 11:00 49152 ----a-w- c:\windows\system32\HPM1210SMs.dll 2013-08-29 15:05 . 2012-09-29 17:26 1366528 ----a-w- c:\windows\system32\HPM1210SM.exe 2013-08-29 15:05 . 2012-09-29 17:25 409088 ----a-w- c:\windows\system32\HPM1210LM.DLL 2013-08-29 15:04 . 2012-11-08 11:00 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2013-08-29 15:04 . 2012-11-08 11:00 16896 ----a-w- c:\windows\system32\drivers\HPM1210FAX.sys 2013-08-29 15:03 . 2012-11-08 11:00 89600 ----a-w- c:\windows\system32\m1210wia2.dll 2013-08-29 15:03 . 2012-11-08 11:00 38912 ----a-w- c:\windows\system32\HPImgFlt.dll 2013-08-29 15:00 . 2013-08-29 15:00 -------- d-----w- c:\program files\HP 2013-08-29 14:14 . 2013-08-29 14:14 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-08-29 14:04 . 2013-08-29 14:14 -------- d-----w- c:\programdata\HitmanPro 2013-08-22 15:54 . 2013-08-22 15:53 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B0EBC3-4DAB-4E1C-BB44-8522B13E570F}\gapaengine.dll 2013-08-15 07:12 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll 2013-08-15 07:12 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll 2013-08-14 12:18 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 12:18 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 12:18 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-14 12:18 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-14 12:18 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-14 12:18 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-14 12:18 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-14 12:18 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-14 12:18 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-14 12:18 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-14 12:18 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 12:18 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-31 22:17 . 2012-11-16 12:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-31 22:17 . 2012-11-16 12:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-17 02:51 . 2012-10-02 07:14 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-07-09 04:45 . 2013-08-14 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-05 07:07 . 2013-06-05 07:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-05 07:07 . 2013-06-05 07:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-06-05 07:07 . 2013-06-05 07:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-06-05 07:07 . 2013-06-05 07:07 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-06-05 07:07 . 2013-06-05 07:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-06-05 07:07 . 2013-06-05 07:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-06-05 07:07 . 2013-06-05 07:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-06-05 07:07 . 2013-06-05 07:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-06-05 07:07 . 2013-06-05 07:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-06-05 07:07 . 2013-06-05 07:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-06-05 07:07 . 2013-06-05 07:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-06-05 07:07 . 2013-06-05 07:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-06-05 07:07 . 2013-06-05 07:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-06-05 07:07 . 2013-06-05 07:07 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-06-05 07:07 . 2013-06-05 07:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-06-05 07:07 . 2013-06-05 07:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-06-05 07:07 . 2013-06-05 07:07 216064 ----a-w- c:\windows\system32\msls31.dll 2013-06-05 07:07 . 2013-06-05 07:07 197120 ----a-w- c:\windows\system32\msrating.dll 2013-06-05 07:07 . 2013-06-05 07:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-05 07:07 . 2013-06-05 07:07 81408 ----a-w- c:\windows\system32\icardie.dll 2013-06-05 07:07 . 2013-06-05 07:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-06-05 07:07 . 2013-06-05 07:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-06-05 07:07 . 2013-06-05 07:07 441856 ----a-w- c:\windows\system32\html.iec 2013-06-05 07:07 . 2013-06-05 07:07 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-06-05 07:07 . 2013-06-05 07:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-06-05 07:07 . 2013-06-05 07:07 235008 ----a-w- c:\windows\system32\url.dll 2013-06-05 07:07 . 2013-06-05 07:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-06-05 07:07 . 2013-06-05 07:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-05 07:07 . 2013-06-05 07:07 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-05 07:07 . 2013-06-05 07:07 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-06-05 07:07 . 2013-06-05 07:07 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-06-05 07:07 . 2013-06-05 07:07 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-06-05 07:07 . 2013-06-05 07:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-05 07:07 . 2013-06-05 07:07 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-06-05 07:07 . 2013-06-05 07:07 144896 ----a-w- c:\windows\system32\wextract.exe 2013-06-05 07:07 . 2013-06-05 07:07 102912 ----a-w- c:\windows\system32\inseng.dll 2013-06-05 07:07 . 2013-06-05 07:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-05 07:07 . 2013-06-05 07:07 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-06-05 07:07 . 2013-06-05 07:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-06-05 07:07 . 2013-06-05 07:07 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-05 07:07 . 2013-06-05 07:07 149504 ----a-w- c:\windows\system32\occache.dll 2013-06-05 07:07 . 2013-06-05 07:07 13824 ----a-w- c:\windows\system32\mshta.exe 2013-06-05 07:07 . 2013-06-05 07:07 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-06-05 07:07 . 2013-06-05 07:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-06-05 07:07 . 2013-06-05 07:07 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-06-05 03:34 . 2013-07-10 09:01 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 08:58 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 08:58 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1705296] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-03-14 2215768] "Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112] "Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-3-14 5961048] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-3-14 1178984] WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2012-8-10 118784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x] S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x] S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 01:32 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 22:17] . 2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35] . 2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-09 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-09 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-09 417304] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: ct.gov Trusted Zone: ct.gov\drsbustax Trusted Zone: ct.gov\www TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 FF - ProfilePath - c:\users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Completion time: 2013-08-31 20:56:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-01 00:56 . Pre-Run: 238,134,898,688 bytes free Post-Run: 238,714,884,096 bytes free . - - End Of File - - 51F7715ABBC91C1A4B74E2AB83D505A9