Jump to content

Help removing Trojan.Agent svchost.exe


Recommended Posts

Hello sincitymx and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Do not attach your log files.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Once again: Do not attach your log file, post it directly in your comment.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 13-06-18.02 - PGN 06/18/2013   9:07:07.5.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16307.13474 [GMT -7:00]

Running from: C:\Users\PGN\Desktop\ComboFix.exe

Command switches used :: C:\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

 

(((((((((((((((((((((((((   Files Created from 2013-05-18 to 2013-06-18  )))))))))))))))))))))))))))))))

 

 

2013-06-18 16:09:09 . 2013-06-18 16:09:09 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-06-12 10:01:30 . 2013-05-17 01:25:26 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2013-06-12 09:14:31 . 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-06-11 13:56:08 . 2013-06-11 13:56:08 -------- d-----w- C:\Windows\ERUNT

2013-06-11 13:56:06 . 2013-06-11 13:56:06 -------- d-----w- C:\JRT

2013-06-10 18:54:15 . 2013-06-10 18:54:19 -------- d-----w- C:\Users\PGN\IGC

2013-06-10 17:53:13 . 2013-06-10 17:53:13 208216 ----a-w- C:\Windows\system32\drivers\20230112.sys

2013-06-10 15:25:05 . 2013-06-10 15:25:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-10 15:25:05 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys

2013-06-10 14:55:48 . 2010-11-20 12:09:36 2048 ----a-w- C:\Windows\system32\drivers\en-US\vpcusb.sys.mui

2013-06-10 14:01:54 . 2013-06-10 14:02:00 -------- d-----w- C:\Program Files\Windows XP Mode

2013-06-08 00:22:59 . 2013-06-08 00:22:59 -------- d-----w- C:\Users\PGN\AppData\Roaming\Malwarebytes

2013-06-08 00:02:50 . 2013-06-08 00:02:50 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-07 23:46:55 . 2013-06-07 23:56:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-07 13:29:26 . 2013-06-07 13:29:26 -------- d-----w- C:\Program Files (x86)\Avolve Software

2013-06-06 19:49:05 . 2012-04-02 06:41:00 8032256 ----a-w- C:\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe

2013-06-05 20:55:51 . 2013-06-05 20:55:51 -------- d-----w- C:\Program Files\MOSCHIP

2013-06-05 15:33:48 . 2013-06-05 16:42:01 -------- d-----w- C:\Users\PGN\AppData\Roaming\iPumper

2013-06-05 14:43:59 . 2013-06-10 16:10:22 -------- d-----w- C:\Users\PGN\AppData\Local\ElevatedDiagnostics

2013-06-05 13:59:53 . 2013-06-18 14:30:04 -------- d-----r- C:\Users\PGN\Virtual Machines

2013-06-05 13:51:06 . 2010-11-20 13:34:04 194944 ----a-w- C:\Windows\system32\drivers\vpchbus.sys

2013-06-05 13:51:06 . 2010-11-20 13:27:28 15872 ----a-w- C:\Windows\system32\vpchbuspipe.dll

2013-06-05 13:51:06 . 2010-11-20 11:35:34 95232 ----a-w- C:\Windows\system32\drivers\vpcusb.sys

2013-06-05 13:25:59 . 2013-06-05 13:25:59 -------- d-----w- C:\Program Files\Microsoft Games

2013-05-22 19:11:45 . 2013-05-22 19:11:46 -------- d-----w- C:\Program Files (x86)\Aide PDF to DXF Converter

2013-05-21 04:00:18 . 2013-05-21 04:00:18 5079256 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe

2013-05-21 04:00:18 . 2013-05-21 04:00:18 4843712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll

2013-05-21 04:00:18 . 2013-05-21 04:00:18 25367232 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL

2013-05-21 03:34:04 . 2013-05-21 03:34:04 6795992 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe

2013-05-21 03:34:04 . 2013-05-21 03:34:04 6572736 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll

2013-05-21 03:33:36 . 2013-05-21 03:33:36 35345600 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL

.

 

 

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2013-06-12 10:01:45 . 2013-04-23 13:14:08 75825640 ----a-w- C:\Windows\system32\MRT.exe

2013-05-14 13:10:49 . 2011-03-29 01:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 16:07:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe

2013-04-24 16:05:58 . 2013-04-26 16:06:00 269824 ----a-w- C:\Windows\SysWow64\igfxupdate.exe

2013-04-24 16:05:58 . 2013-04-24 16:05:58 410112 ----a-w- C:\Windows\system32\taskhost.rs

2013-04-24 16:05:58 . 2013-04-24 16:05:58 269824 ----a-w- C:\Windows\system32\SearchEngine.rs

2013-04-24 13:16:14 . 2013-04-24 13:16:14 226304 ----a-w- C:\Windows\system32\elshyph.dll

2013-04-24 13:16:14 . 2013-04-24 13:16:14 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-04-24 13:16:14 . 2013-04-24 13:16:14 158720 ----a-w- C:\Windows\SysWow64\msls31.dll

2013-04-24 13:16:14 . 2013-04-24 13:16:14 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2013-04-24 13:16:13 . 2013-04-24 13:16:13 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx

2013-04-24 13:16:13 . 2013-04-24 13:16:13 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-24 13:16:13 . 2013-04-24 13:16:13 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2013-04-24 13:16:13 . 2013-04-24 13:16:13 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll

2013-04-24 13:16:13 . 2013-04-24 13:16:13 361984 ----a-w- C:\Windows\SysWow64\html.iec

2013-04-24 13:16:13 . 2013-04-24 13:16:13 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 138752 ----a-w- C:\Windows\SysWow64\wextract.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 12800 ----a-w- C:\Windows\SysWow64\mshta.exe

2013-04-24 13:16:13 . 2013-04-24 13:16:13 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2013-04-24 13:16:13 . 2013-04-24 13:16:12 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-24 13:16:12 . 2013-04-24 13:16:12 97280 ----a-w- C:\Windows\system32\mshtmled.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 81408 ----a-w- C:\Windows\system32\icardie.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 77312 ----a-w- C:\Windows\system32\tdc.ocx

2013-04-24 13:16:12 . 2013-04-24 13:16:12 762368 ----a-w- C:\Windows\system32\ieapfltr.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 62976 ----a-w- C:\Windows\system32\pngfilt.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 599552 ----a-w- C:\Windows\system32\vbscript.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 51200 ----a-w- C:\Windows\system32\imgutil.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 48640 ----a-w- C:\Windows\system32\mshtmler.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 452096 ----a-w- C:\Windows\system32\dxtmsft.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 441856 ----a-w- C:\Windows\system32\html.iec

2013-04-24 13:16:12 . 2013-04-24 13:16:12 281600 ----a-w- C:\Windows\system32\dxtrans.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 27648 ----a-w- C:\Windows\system32\licmgr10.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 270848 ----a-w- C:\Windows\system32\iedkcs32.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 247296 ----a-w- C:\Windows\system32\webcheck.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 235008 ----a-w- C:\Windows\system32\url.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 216064 ----a-w- C:\Windows\system32\msls31.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 197120 ----a-w- C:\Windows\system32\msrating.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 173568 ----a-w- C:\Windows\system32\ieUnatt.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 167424 ----a-w- C:\Windows\system32\iexpress.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl

2013-04-24 13:16:12 . 2013-04-24 13:16:12 149504 ----a-w- C:\Windows\system32\occache.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 144896 ----a-w- C:\Windows\system32\wextract.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat

2013-04-24 13:16:12 . 2013-04-24 13:16:12 13824 ----a-w- C:\Windows\system32\mshta.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 136192 ----a-w- C:\Windows\system32\iepeers.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll

2013-04-24 13:16:12 . 2013-04-24 13:16:12 12800 ----a-w- C:\Windows\system32\msfeedssync.exe

2013-04-24 13:16:12 . 2013-04-24 13:16:12 102912 ----a-w- C:\Windows\system32\inseng.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 522752 ----a-w- C:\Windows\system32\XpsGdiConverter.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 465920 ----a-w- C:\Windows\system32\WMPhoto.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 4096 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3928064 ----a-w- C:\Windows\system32\d2d1.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 363008 ----a-w- C:\Windows\system32\dxgi.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3584 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 2776576 ----a-w- C:\Windows\system32\msmpeg2vdec.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 2560 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 1682432 ----a-w- C:\Windows\system32\XpsPrint.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 1175552 ----a-w- C:\Windows\system32\FntCache.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-24 13:14:02 . 2013-04-24 13:14:02 10752 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 648192 ----a-w- C:\Windows\system32\d3d10level9.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 333312 ----a-w- C:\Windows\system32\d3d10_1core.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 296960 ----a-w- C:\Windows\system32\d3d10core.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 245248 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 221184 ----a-w- C:\Windows\system32\UIAnimation.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-04-24 13:14:01 . 2013-04-24 13:14:01 194560 ----a-w- C:\Windows\system32\d3d10_1.dll

 

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 04:00:18 1725128 ----a-w- C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 22:13:50 1216416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 03:04:54 284440]

"IMSS"="C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 04:38:36 133400]

"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 17:40:44 291608]

"Power Manager Startup Utility"="C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe" [2012-02-22 08:19:18 23352]

"Fastboot"="C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 06:29:21 1091376]

"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 12:59:15 155488]

"Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 00:24:30 4351712]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 22:13:40 36760]

 

C:\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

xf-autocad-kg_x32.exe [2012-4-1 8032256]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys;C:\Windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]

S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

S2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 LBAEvent;Lenovo LBA Event Service;C:\Program Files\Lenovo\LBAI\LBAEvent.exe;C:\Program Files\Lenovo\LBAI\LBAEvent.exe [x]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [x]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE;C:\Windows\SysWOW64\NLSSRV32.EXE [x]

S2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [x]

S2 Sentinel64;Sentinel64;C:\Windows\System32\Drivers\Sentinel64.sys;C:\Windows\SYSNATIVE\Drivers\Sentinel64.sys [x]

S2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]

S2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]

S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys;C:\Windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 LBAI;Lenovo application interface driver;C:\Windows\system32\Drivers\LBAI.sys;C:\Windows\SYSNATIVE\Drivers\LBAI.sys [x]

S3 StnPport;PCIe to Multi Mode Parallel Port;C:\Windows\system32\DRIVERS\StnPport.sys;C:\Windows\SYSNATIVE\DRIVERS\StnPport.sys [x]

S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys;C:\Windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]

 

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - 19019699

*NewlyCreated* - 24317562

*Deregistered* - 19019699

*Deregistered* - 24317562

*Deregistered* - NisDrv

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-06 01:56:10 1165776 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

 

Contents of the 'Scheduled Tasks' folder

 

2013-06-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54:13 . 2013-04-11 02:54:11]

 

2013-06-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54:13 . 2013-04-11 02:54:11]

 

 

--------- X64 Entries -----------

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 03:55:00 2328776 ----a-w- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 02:14:25 12343400]

"LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-05-24 21:54:14 289648]

"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 06:01:28 415680]

 

------- Supplementary Scan -------

 

uLocal Page = C:\Windows\system32\blank.htm


mLocal Page = C:\Windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 208.13.143.36 65.41.120.51

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL


 

- - - - ORPHANS REMOVED - - - -

 

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Link to post
Share on other sites

ComboFix 13-06-18.02 - PGN 06/18/2013   9:24.6.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16307.13198 [GMT -7:00]

Running from: c:\users\PGN\Desktop\ComboFix.exe

Command switches used :: c:\users\PGN\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-05-18 to 2013-06-18  )))))))))))))))))))))))))))))))

.

.

2013-06-18 16:26 . 2013-06-18 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-12 10:01 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2013-06-12 09:14 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-11 13:56 . 2013-06-11 13:56 -------- d-----w- c:\windows\ERUNT

2013-06-11 13:56 . 2013-06-11 13:56 -------- d-----w- C:\JRT

2013-06-10 18:54 . 2013-06-10 18:54 -------- d-----w- c:\users\PGN\IGC

2013-06-10 17:53 . 2013-06-10 17:53 208216 ----a-w- c:\windows\system32\drivers\20230112.sys

2013-06-10 15:25 . 2013-06-10 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-10 15:25 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-10 14:55 . 2010-11-20 12:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui

2013-06-10 14:01 . 2013-06-10 14:02 -------- d-----w- c:\program files\Windows XP Mode

2013-06-08 00:22 . 2013-06-08 00:22 -------- d-----w- c:\users\PGN\AppData\Roaming\Malwarebytes

2013-06-08 00:02 . 2013-06-08 00:02 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-07 23:46 . 2013-06-07 23:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-07 13:29 . 2013-06-07 13:29 -------- d-----w- c:\program files (x86)\Avolve Software

2013-06-05 20:55 . 2013-06-05 20:55 -------- d-----w- c:\program files\MOSCHIP

2013-06-05 15:33 . 2013-06-05 16:42 -------- d-----w- c:\users\PGN\AppData\Roaming\iPumper

2013-06-05 14:43 . 2013-06-10 16:10 -------- d-----w- c:\users\PGN\AppData\Local\ElevatedDiagnostics

2013-06-05 13:59 . 2013-06-18 14:30 -------- d-----r- c:\users\PGN\Virtual Machines

2013-06-05 13:51 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys

2013-06-05 13:51 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll

2013-06-05 13:51 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys

2013-06-05 13:25 . 2013-06-05 13:25 -------- d-----w- c:\program files\Microsoft Games

2013-05-22 19:11 . 2013-05-22 19:11 -------- d-----w- c:\program files (x86)\Aide PDF to DXF Converter

2013-05-21 04:00 . 2013-05-21 04:00 5079256 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe

2013-05-21 04:00 . 2013-05-21 04:00 4843712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll

2013-05-21 04:00 . 2013-05-21 04:00 25367232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL

2013-05-21 03:34 . 2013-05-21 03:34 6795992 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe

2013-05-21 03:34 . 2013-05-21 03:34 6572736 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll

2013-05-21 03:33 . 2013-05-21 03:33 35345600 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 10:01 . 2013-04-23 13:14 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 13:10 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 16:07 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-24 16:05 . 2013-04-26 16:06 269824 ----a-w- c:\windows\SysWow64\igfxupdate.exe

2013-04-24 16:05 . 2013-04-24 16:05 410112 ----a-w- c:\windows\system32\taskhost.rs

2013-04-24 16:05 . 2013-04-24 16:05 269824 ----a-w- c:\windows\system32\SearchEngine.rs

2013-04-24 13:16 . 2013-04-24 13:16 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-24 13:16 . 2013-04-24 13:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-24 13:16 . 2013-04-24 13:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-24 13:16 . 2013-04-24 13:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-24 13:16 . 2013-04-24 13:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-24 13:16 . 2013-04-24 13:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-24 13:16 . 2013-04-24 13:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-24 13:16 . 2013-04-24 13:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-24 13:16 . 2013-04-24 13:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-24 13:16 . 2013-04-24 13:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-24 13:16 . 2013-04-24 13:16 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-24 13:16 . 2013-04-24 13:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-24 13:16 . 2013-04-24 13:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-24 13:16 . 2013-04-24 13:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-24 13:16 . 2013-04-24 13:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-24 13:16 . 2013-04-24 13:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-24 13:16 . 2013-04-24 13:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-24 13:16 . 2013-04-24 13:16 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-24 13:16 . 2013-04-24 13:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-24 13:16 . 2013-04-24 13:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-24 13:16 . 2013-04-24 13:16 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-24 13:16 . 2013-04-24 13:16 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-24 13:16 . 2013-04-24 13:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-24 13:16 . 2013-04-24 13:16 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-24 13:16 . 2013-04-24 13:16 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-24 13:16 . 2013-04-24 13:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-24 13:16 . 2013-04-24 13:16 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-24 13:16 . 2013-04-24 13:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-24 13:16 . 2013-04-24 13:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-24 13:16 . 2013-04-24 13:16 441856 ----a-w- c:\windows\system32\html.iec

2013-04-24 13:16 . 2013-04-24 13:16 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-24 13:16 . 2013-04-24 13:16 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-24 13:16 . 2013-04-24 13:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-24 13:16 . 2013-04-24 13:16 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-24 13:16 . 2013-04-24 13:16 235008 ----a-w- c:\windows\system32\url.dll

2013-04-24 13:16 . 2013-04-24 13:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-24 13:16 . 2013-04-24 13:16 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-24 13:16 . 2013-04-24 13:16 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-24 13:16 . 2013-04-24 13:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-24 13:16 . 2013-04-24 13:16 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-24 13:16 . 2013-04-24 13:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-24 13:16 . 2013-04-24 13:16 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-24 13:16 . 2013-04-24 13:16 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-24 13:16 . 2013-04-24 13:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-24 13:16 . 2013-04-24 13:16 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-24 13:16 . 2013-04-24 13:16 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-24 13:16 . 2013-04-24 13:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-24 13:16 . 2013-04-24 13:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-24 13:16 . 2013-04-24 13:16 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-24 13:14 . 2013-04-24 13:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-04-24 13:14 . 2013-04-24 13:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-04-24 13:14 . 2013-04-24 13:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-04-24 13:14 . 2013-04-24 13:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-04-24 13:14 . 2013-04-24 13:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-04-24 13:14 . 2013-04-24 13:14 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-04-24 13:14 . 2013-04-24 13:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-04-24 13:14 . 2013-04-24 13:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-04-24 13:14 . 2013-04-24 13:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-04-24 13:14 . 2013-04-24 13:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-04-24 13:14 . 2013-04-24 13:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-04-24 13:14 . 2013-04-24 13:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-04-24 13:14 . 2013-04-24 13:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-04-24 13:14 . 2013-04-24 13:14 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-04-24 13:14 . 2013-04-24 13:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-04-24 13:14 . 2013-04-24 13:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-04-24 13:14 . 2013-04-24 13:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-24 13:14 . 2013-04-24 13:14 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-04-24 13:14 . 2013-04-24 13:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-04-24 13:14 . 2013-04-24 13:14 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-04-24 13:14 . 2013-04-24 13:14 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-04-24 13:14 . 2013-04-24 13:14 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-04-24 13:14 . 2013-04-24 13:14 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-04-24 13:14 . 2013-04-24 13:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-04-24 13:14 . 2013-04-24 13:14 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-04-24 13:14 . 2013-04-24 13:14 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-04-24 13:14 . 2013-04-24 13:14 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-04-24 13:14 . 2013-04-24 13:14 194560 ----a-w- c:\windows\system32\d3d10_1.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 04:00 1725128 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]

"Power Manager Startup Utility"="c:\program files (x86)\Lenovo\PowerMgr\DPMHost.exe" [2012-02-22 23352]

"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]

"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 LBAEvent;Lenovo LBA Event Service;c:\program files\Lenovo\LBAI\LBAEvent.exe;c:\program files\Lenovo\LBAI\LBAEvent.exe [x]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE;c:\program files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [x]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]

S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]

S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 LBAI;Lenovo application interface driver;c:\windows\system32\Drivers\LBAI.sys;c:\windows\SYSNATIVE\Drivers\LBAI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 StnPport;PCIe to Multi Mode Parallel Port;c:\windows\system32\DRIVERS\StnPport.sys;c:\windows\SYSNATIVE\DRIVERS\StnPport.sys [x]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 19019699

*NewlyCreated* - 24317562

*Deregistered* - 19019699

*Deregistered* - 24317562

*Deregistered* - NisDrv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-06 01:56 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54]

.

2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-11 02:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-05-21 03:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-11 12343400]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-05-24 289648]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 208.13.143.36 65.41.120.51

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL


.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Fastboot]

"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Fastboot]

"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-18  09:27:16

ComboFix-quarantined-files.txt  2013-06-18 16:27

ComboFix2.txt  2013-06-18 15:49

ComboFix3.txt  2013-06-11 14:20

ComboFix4.txt  2013-06-11 14:04

ComboFix5.txt  2013-06-18 16:06

.

Pre-Run: 867,914,506,240 bytes free

Post-Run: 867,608,342,528 bytes free

.

- - End Of File - - C88248299C9799CC88A840E18B07E8B2

D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Windows\SysWOW64\igfxupdate.exe Win32/BitCoinMiner.O application

C:\Qoobox\Quarantine\C\Users\PGN\AppData\Roaming\xf-autocad-kg_x32.exe.vir a variant of MSIL/Injector.ABU trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\PGN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xf-autocad-kg_x32.exe.vir a variant of MSIL/Injector.ABU trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\SysWOW64\update\igfxupdate.exe.vir Win32/BitCoinMiner.N application cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\07.06.2013_17.01.42\susp0001\svc0000\tsk0000.dta Win64/CoinMiner.B trojan cleaned by deleting - quarantined

C:\Windows\System32\igfxupdate.exe Win32/BitCoinMiner.O application cleaned by deleting - quarantined

Q:\PAYTON\Backup Set 2013-04-24 121439\Backup Files 2013-04-24 121439\Backup files 1.zip multiple threats deleted - quarantined

 

 

thanks

Link to post
Share on other sites

Do not forget the following:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Next, uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.