Guest ipedraz Posted July 12, 2013 ID:701932 Share Posted July 12, 2013 hi i would appreciate help here. i am kind of desperate with this some time ago i detected something was wrong as my VPN connection was not working.the VPN sw checks whether an antivirus is running to grant you access to the network and it was kicking me off saying i had no antivirus running. i checked and indeed the Forefront microsoft was damaged.it showed as installed but not working. if i tried to run it it said it won't find the files to run or i did not have the authorisation (i am admin...)i also could not remove it thru the standard windoes program uninstall. i decided to give a try to antimalware and it found threads that i removed.after that i used Revo uninstall to remove forefront and install again. but after few days the same problem happened again.i noticed the $recycle.bin in the hard drive was corrupt, could not empty it even changing permissions. now i am using antimalware but still have the problem.i attach the files i see you need from other posts: thanks for any help you can give... Nacho, Madrid, Spain ddsandattach.zip Link to post Share on other sites More sharing options...
Psychotic Posted July 12, 2013 ID:701944 Share Posted July 12, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with Malwarebytes Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'. Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703386 Share Posted July 16, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703602 Share Posted July 16, 2013 Topic has been re-opened per request Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 17, 2013 ID:703879 Share Posted July 17, 2013 thankshere the log from mbar.i see it does not detect anything, but this was also the same situation i had a couple of weeks ago and then reapeared... the symthopms i see now are two:1. can't delete $recycle.bin folder . even renaming ofr in safe mode, it says the directories are not empty and i don't have access. I took ownership of everything but no way to clean the directories there. i believe they store some kind of trojan that comes back later...2. windows updates. no way to run updates even after trying to repair with the windows repair tool for Wupdate. thanks Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.orgDatabase version: v2013.07.16.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421ignaciop :: PC-MADR-1600 [administrator]16/07/2013 1:00:54 PMmbar-log-2013-07-16 (13-00-54).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 288037Time elapsed: 10 minute(s), 33 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end)ReplyReportEdit Link to post Share on other sites More sharing options...
Psychotic Posted July 17, 2013 ID:703908 Share Posted July 17, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 17, 2013 ID:703973 Share Posted July 17, 2013 hi here you have ComboFix 13-07-15.01 - ignaciop 17/07/2013 17:44:22.4.2 - x64Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2960.948 [GMT 2:00]Running from: c:\users\ignaciop\Desktop\AntiVirus\ComboFix.exeAV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\iun6002.exe..((((((((((((((((((((((((( Files Created from 2013-06-17 to 2013-07-17 )))))))))))))))))))))))))))))))..2013-07-17 15:52 . 2013-07-17 15:52 -------- dc----w- c:\users\smscli\AppData\Local\temp2013-07-17 15:52 . 2013-07-17 15:52 -------- dc----w- c:\users\Default\AppData\Local\temp2013-07-17 15:52 . 2013-07-17 15:52 -------- dc----w- c:\users\Administrator\AppData\Local\temp2013-07-17 14:00 . 2013-07-02 08:34 9460976 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85BAEF1B-58BB-4CB7-9284-10C2F672175F}\mpengine.dll2013-07-16 12:24 . 2013-07-16 12:24 -------- dc----w- c:\program files (x86)\GiPo@Utilities2013-07-16 12:24 . 2013-07-16 12:24 -------- dc----w- c:\program files (x86)\Common Files\Gibinsoft Shared2013-07-16 12:08 . 2013-07-16 12:08 -------- dc----w- c:\programdata\IObit2013-07-16 12:08 . 2013-07-16 12:08 -------- dc----w- c:\program files (x86)\IObit2013-07-16 11:16 . 2013-07-16 11:16 207968 -c--a-w- c:\windows\system32\drivers\48846066.sys2013-07-16 10:52 . 2013-07-02 08:34 9460976 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-12 12:47 . 2013-07-12 13:00 -------- dc----w- c:\program files (x86)\VS Revo Group2013-07-12 11:49 . 2013-07-12 11:49 -------- dc----w- c:\windows\ERUNT2013-07-12 11:13 . 2013-07-16 11:11 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-12 10:51 . 2013-06-17 00:10 9552976 -c----w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AAA3CC2-1106-486A-980C-4225C002B267}\mpengine.dll2013-07-12 09:46 . 2013-07-12 10:44 -------- dc----w- c:\users\ignaciop\AppData\Roaming\Anvisoft2013-07-12 09:46 . 2013-07-12 09:46 -------- dc----w- c:\programdata\Anvisoft2013-07-12 09:46 . 2013-07-12 09:46 -------- dc----w- c:\program files (x86)\Anvisoft2013-07-12 09:09 . 2013-07-12 09:09 -------- dc----w- c:\users\ignaciop\Doctor Web2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\users\ignaciop\AppData\Roaming\Malwarebytes2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\programdata\Malwarebytes2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-12 08:08 . 2013-04-04 12:50 25928 -c--a-w- c:\windows\system32\drivers\mbam.sys2013-07-11 13:08 . 2013-07-11 13:08 -------- dc----w- c:\program files (x86)\Microsoft Junk E-mail Reporting2013-07-01 08:34 . 2013-07-01 08:34 -------- dc----w- c:\program files (x86)\Products2013-07-01 08:34 . 2013-07-17 15:24 -------- dc----w- c:\programdata\Input Processor2013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\program files\iTunes2013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\program files (x86)\iTunes2013-06-28 22:10 . 2013-06-28 22:10 -------- dc----w- c:\program files\iPod2013-06-28 07:00 . 2013-06-24 10:23 972264 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-06-28 07:00 . 2013-06-28 06:59 964552 -c----w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E43A2BE-519D-4061-AC2A-972B2A5FCDA2}\gapaengine.dll2013-06-24 10:27 . 2013-06-24 10:31 -------- dc----w- c:\program files (x86)\Microsoft Security Client2013-06-21 09:13 . 2013-06-24 10:32 -------- dc----w- c:\program files\Microsoft Security Client...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-15 17:19 . 2011-09-23 18:02 78185248 -c--a-w- c:\windows\system32\MRT.exe2013-06-13 22:54 . 2013-06-13 22:47 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-13 22:53 . 2013-06-13 22:52 248320 ----a-w- c:\windows\system32\ieui.dll2013-06-13 22:53 . 2013-06-13 22:52 10926080 ----a-w- c:\windows\system32\ieframe.dll2013-06-13 22:53 . 2013-06-13 22:52 96768 ----a-w- c:\windows\system32\mshtmled.dll2013-06-13 22:53 . 2013-06-13 22:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-06-13 22:53 . 2013-06-13 22:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-06-13 22:53 . 2013-06-13 22:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2013-06-13 22:53 . 2013-06-13 22:52 237056 ----a-w- c:\windows\system32\url.dll2013-06-13 22:53 . 2013-06-13 22:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe2013-06-13 22:53 . 2013-06-13 22:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-06-13 22:53 . 2013-06-13 22:52 1392128 ----a-w- c:\windows\system32\wininet.dll2013-06-13 22:53 . 2013-06-13 22:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2013-06-13 22:53 . 2013-06-13 22:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2013-06-13 22:53 . 2013-06-13 22:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-06-13 22:53 . 2013-06-13 22:52 1346560 ----a-w- c:\windows\system32\urlmon.dll2013-06-13 22:53 . 2013-06-13 22:52 2312704 ----a-w- c:\windows\system32\jscript9.dll2013-06-13 22:53 . 2013-06-13 22:52 85504 ----a-w- c:\windows\system32\jsproxy.dll2013-06-13 22:53 . 2013-06-13 22:52 729088 ----a-w- c:\windows\system32\msfeeds.dll2013-06-13 22:53 . 2013-06-13 22:52 816640 ----a-w- c:\windows\system32\jscript.dll2013-06-13 22:53 . 2013-06-13 22:52 599040 ----a-w- c:\windows\system32\vbscript.dll2013-06-13 22:53 . 2013-06-13 22:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2013-06-13 22:53 . 2013-06-13 22:52 2147840 ----a-w- c:\windows\system32\iertutil.dll2013-06-13 22:53 . 2013-06-13 22:52 17824768 ----a-w- c:\windows\system32\mshtml.dll2013-06-13 22:48 . 2013-06-13 22:47 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-13 22:48 . 2013-06-13 22:47 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-13 22:48 . 2013-06-13 22:46 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-13 22:48 . 2013-06-13 22:46 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-06-13 22:48 . 2013-06-13 22:46 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-13 22:48 . 2013-06-13 22:46 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-13 22:48 . 2013-06-13 22:47 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-06-13 22:48 . 2013-06-13 22:47 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-13 22:48 . 2013-06-13 22:47 1192448 ----a-w- c:\windows\system32\certutil.exe2013-06-13 22:48 . 2013-06-13 22:47 52224 ----a-w- c:\windows\system32\certenc.dll2013-06-13 22:48 . 2013-06-13 22:47 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-06-13 22:48 . 2013-06-13 22:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-13 22:48 . 2013-06-13 22:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-13 22:48 . 2013-06-13 22:47 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-06-13 22:48 . 2013-06-13 22:47 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-13 22:48 . 2013-06-13 22:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-13 22:48 . 2013-06-13 22:46 1887232 ----a-w- c:\windows\system32\d3d11.dll2013-06-13 22:48 . 2013-06-13 22:46 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-12 13:49 . 2012-03-29 21:05 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-12 13:49 . 2012-03-21 17:42 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-02 00:06 . 2010-11-21 03:27 278800 -c----w- c:\windows\system32\MpSigStub.exe2013-05-01 01:59 . 2013-05-01 01:59 94208 -c--a-w- c:\windows\SysWow64\QuickTimeVR.qtx2013-05-01 01:59 . 2013-05-01 01:59 69632 -c--a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-05-30 12107944]"tsnp325"="c:\windows\tsnp325.exe" [bU]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"FixCamera"="c:\windows\FixCamera.exe" [bU]"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]"CLIVFR"="c:\program files (x86)\Dell\Latitude ON Reader\CLIVFR.exe" [2009-06-11 238888]"BIOSEvent"="c:\program files (x86)\Dell\Latitude ON Reader\BIOSEvent.exe" [2009-05-22 116008]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608]Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 1 (0x1)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]"NoAutoUpdate"= 1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R1 odijzqqq;odijzqqq;c:\windows\system32\drivers\odijzqqq.sys;c:\windows\SYSNATIVE\drivers\odijzqqq.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 gtdetectsc;GtDetectSc Service;c:\windows\SysWOW64\gtdetectsc.exe;c:\windows\SysWOW64\gtdetectsc.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys;c:\windows\SYSNATIVE\drivers\Accelern.sys [x]R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 DIGITECH;DIGITECH;c:\windows\system32\drivers\DIGITECH.sys;c:\windows\SYSNATIVE\drivers\DIGITECH.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 DPMRA;DPMRA;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe [x]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]R3 NVTLUSBModem;Novatel Wireless Inc USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdmv22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdmv22.sys [x]R3 NVTLUSBPort;Novatel Wireless Inc USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbserv22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbserv22.sys [x]R3 NVTLUSBPort2;Novatel Wireless Inc USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2v22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2v22.sys [x]R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys;c:\windows\SYSNATIVE\drivers\nwdelser.sys [x]R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys;c:\windows\SYSNATIVE\drivers\nwdelser2.sys [x]R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys;c:\windows\SYSNATIVE\DRIVERS\NWVNdis.sys [x]R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys;c:\windows\SYSNATIVE\drivers\o2sdjw7x64.sys [x]R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl.sys [x]R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl2k.sys [x]R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl.sys [x]R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl2k.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]R3 StMp3Recx64;Player Recovery Device Control Driver;c:\windows\system32\Drivers\StMp3Recx64.sys;c:\windows\SYSNATIVE\Drivers\StMp3Recx64.sys [x]R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys;c:\windows\SYSNATIVE\DRIVERS\swivspnt.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys;c:\windows\SYSNATIVE\drivers\tcm.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBZTECCID;ZTE USB Smartcard Driver;c:\windows\system32\DRIVERS\ZTEusbccid.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbccid.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R3 zte_massejct;ZTEMassEjctServ;c:\windows\system32\Drivers\zte_massejct.sys;c:\windows\SYSNATIVE\Drivers\zte_massejct.sys [x]R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext2.sys [x]R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 alssvc64;Ambient Light Sensor;c:\program files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe;c:\program files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe [x]S2 CLMonitor;CLMonitor;c:\program files (x86)\Dell\Latitude ON Reader\CLMonitorService.exe;c:\program files (x86)\Dell\Latitude ON Reader\CLMonitorService.exe [x]S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]S2 ctfprocdca;Input Processor;c:\program files (x86)\Products\Input Processor\ctfprocdca.exe;c:\program files (x86)\Products\Input Processor\ctfprocdca.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\Movistar\Escritorio Movistar\ImpWiFiSvc.exe;c:\program files (x86)\Movistar\Escritorio Movistar\ImpWiFiSvc.exe [x]S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]S3 DPMClientService;DPM Client Service;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClientService.exe;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClientService.exe [x]S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\Application Data\Input Processor\mktools.sys;c:\programdata\Application Data\Input Processor\mktools.sys [x]S3 Mbm3CBus;Dell Wireless 5540 HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys;c:\windows\SYSNATIVE\DRIVERS\snp325.sys [x]S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:49].2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 12:19].2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 12:19].2013-07-17 c:\windows\Tasks\PFE Client Health.job- c:\windows\pfeclienthealth\PFEClientHealth.vbs [2012-03-14 22:52].2013-07-17 c:\windows\Tasks\ScheduledDPMClientBackup.job- c:\windows\SYSTEM32\rundll32.exe [2009-07-13 01:14]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-23 592240]"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-14 487424]"DPMClientUI"="c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClient.exe" [2010-04-08 29576]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-28 159232]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-28 380928]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-28 358912]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-07 393216].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: adp.com\tsTrusted Zone: danahertm.comTrusted Zone: dell.comTrusted Zone: fluke.com\tcTrusted Zone: flukecorp.comTrusted Zone: flukenetworks.com\invisionTrusted Zone: gob.es\agenciatributariaTrusted Zone: gtt.es\seguroTrusted Zone: kellyservices.com\esolutionsTrusted Zone: mydanaher.comTrusted Zone: shipitsmarter.comTrusted Zone: shipitsmarter.euTrusted Zone: shipitsmarter.nlTrusted Zone: tek.comTrusted Zone: tek.com.cnTrusted Zone: tektronix.co.jpTrusted Zone: tektronix.comTrusted Zone: tektronix.com.cnTrusted Zone: tektronix.netTrusted Zone: verisign.comTrusted Zone: visualnetworks.com\vupdemo7Trusted Zone: visualnetworks.com\wwwTCP: Interfaces\{00EA68ED-17CC-41DA-A8BE-797AE31ADB4B}: NameServer = 212.166.210.80 212.73.32.67.- - - - ORPHANS REMOVED - - - -.AddRemove-{87434D51-51DB-4109-B68F-A829ECDCF380} - c:\program files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-07-17 17:59:55ComboFix-quarantined-files.txt 2013-07-17 15:59.Pre-Run: 14,259,494,912 bytes freePost-Run: 14,101,524,480 bytes free.- - End Of File - - D11096B571F9524AE239421272863087D41D8CD98F00B204E9800998ECF8427E Link to post Share on other sites More sharing options...
Psychotic Posted July 18, 2013 ID:704296 Share Posted July 18, 2013 Combofix´s Add-Remove PRograms.txtHit the Windows- and the R-key simultanously.. Copy the following command into the text field: C:\Qoobox\Add-Remove Programs.txtHit OK. A textfile will open, please post up its content. Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 18, 2013 ID:704362 Share Posted July 18, 2013 hihere it is regards, 325 USB PC CameraAccelerometerP11Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)Adobe Shockwave Player 11.5Ambient Light SensorApple Application SupportApple Software UpdateCisco AnyConnect Diagnostics and Reporting ToolCisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility ClientCisco WebEx MeetingsConfiguration Manager ClientDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell Latitude ON ReaderDell Mobile Broadband ManagerDell System DetectDell Wireless HSPA Mini-Card DriversDirectX 9 RuntimeEscritorio MovistarGiPo@FileUtilities 3.2Google EarthGoogle Update HelperGoToMeeting 5.1.0.880HUAWEI DataCard Driver 3.10.02.00IDT AudioinSSIDerInstallVC90SupportIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Rapid Storage TechnologyiPassConnectJava Auto UpdaterJava 6 Update 33Malwarebytes Anti-Malware version 1.75.0.1300MANDIANT Intelligent Response AgentMicrosoft CorporationMicrosoft Junk E-mail Reporting Add-inMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Visio Viewer 2010Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mobile PartnerMobiLink 3MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MySQL Connector/ODBC 5.1OutlookAddinSetupQuickTimeRightFax Product Suite - ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSelf Service Assistant - Data Usage MeterSkype™ 6.5SportTracks 3.1SpotifySystem Requirements Lab for IntelUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVLC media player 2.0.1WebSignerWindows Resource Kit Tools - SubInAcl.exeXvid Video Codec Link to post Share on other sites More sharing options...
Psychotic Posted July 18, 2013 ID:704369 Share Posted July 18, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.CFScript.txt Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 19, 2013 ID:704784 Share Posted July 19, 2013 hi, thankshere the result of combofix with the script. ComboFix 13-07-18.01 - ignaciop 18/07/2013 20:21:27.6.2 - x64Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2960.1569 [GMT 2:00]Running from: c:\users\ignaciop\Desktop\AntiVirus\ComboFix.exeCommand switches used :: c:\users\ignaciop\Desktop\AntiVirus\CFScript.txtAV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\program files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dllc:\program files (x86)\IObit\IObit Unlocker\update.inic:\programdata\IObit\IObit Unlocker\IObitUnlocker.inic:\programdata\IObit\IObit Unlocker\Main.inic:\programdata\ntuser.datc:\windows\system32\drivers\48846066.sys..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_AudioSrv-------\Service_odijzqqq..((((((((((((((((((((((((( Files Created from 2013-06-19 to 2013-07-19 )))))))))))))))))))))))))))))))..2013-07-18 18:27 . 2013-07-18 18:27 -------- dc----w- c:\users\smscli\AppData\Local\temp2013-07-18 18:27 . 2013-07-18 18:27 -------- dc----w- c:\users\Default\AppData\Local\temp2013-07-18 18:27 . 2013-07-18 18:27 -------- dc----w- c:\users\Administrator\AppData\Local\temp2013-07-18 15:13 . 2013-07-18 15:12 972264 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CD19C3-DB1C-4A56-9622-C10942AD8029}\gapaengine.dll2013-07-18 15:12 . 2013-07-01 23:34 9460976 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76A1AADB-43D8-4074-B203-03E381CF1646}\mpengine.dll2013-07-18 15:10 . 2013-07-18 15:10 -------- dc----w- c:\program files (x86)\Microsoft Security Client2013-07-18 15:10 . 2013-07-18 15:10 -------- dc----w- c:\program files\Microsoft Security Client2013-07-16 12:24 . 2013-07-16 12:24 -------- dc----w- c:\program files (x86)\GiPo@Utilities2013-07-16 12:24 . 2013-07-16 12:24 -------- dc----w- c:\program files (x86)\Common Files\Gibinsoft Shared2013-07-12 12:47 . 2013-07-12 13:00 -------- dc----w- c:\program files (x86)\VS Revo Group2013-07-12 11:49 . 2013-07-12 11:49 -------- dc----w- c:\windows\ERUNT2013-07-12 11:13 . 2013-07-16 11:11 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-12 10:51 . 2013-06-17 00:10 9552976 -c----w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AAA3CC2-1106-486A-980C-4225C002B267}\mpengine.dll2013-07-12 09:46 . 2013-07-12 10:44 -------- dc----w- c:\users\ignaciop\AppData\Roaming\Anvisoft2013-07-12 09:46 . 2013-07-12 09:46 -------- dc----w- c:\programdata\Anvisoft2013-07-12 09:46 . 2013-07-12 09:46 -------- dc----w- c:\program files (x86)\Anvisoft2013-07-12 09:09 . 2013-07-12 09:09 -------- dc----w- c:\users\ignaciop\Doctor Web2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\users\ignaciop\AppData\Roaming\Malwarebytes2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\programdata\Malwarebytes2013-07-12 08:08 . 2013-07-12 08:08 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-12 08:08 . 2013-04-04 12:50 25928 -c--a-w- c:\windows\system32\drivers\mbam.sys2013-07-11 13:08 . 2013-07-11 13:08 -------- dc----w- c:\program files (x86)\Microsoft Junk E-mail Reporting2013-07-01 08:34 . 2013-07-01 08:34 -------- dc----w- c:\program files (x86)\Products2013-07-01 08:34 . 2013-07-18 14:56 -------- dc----w- c:\programdata\Input Processor2013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\program files\iTunes2013-06-28 22:10 . 2013-06-28 22:12 -------- dc----w- c:\program files (x86)\iTunes2013-06-28 22:10 . 2013-06-28 22:10 -------- dc----w- c:\program files\iPod...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-15 17:19 . 2011-09-23 18:02 78185248 -c--a-w- c:\windows\system32\MRT.exe2013-06-13 22:54 . 2013-06-13 22:47 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-13 22:53 . 2013-06-13 22:52 248320 ----a-w- c:\windows\system32\ieui.dll2013-06-13 22:53 . 2013-06-13 22:52 10926080 ----a-w- c:\windows\system32\ieframe.dll2013-06-13 22:53 . 2013-06-13 22:52 96768 ----a-w- c:\windows\system32\mshtmled.dll2013-06-13 22:53 . 2013-06-13 22:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-06-13 22:53 . 2013-06-13 22:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-06-13 22:53 . 2013-06-13 22:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2013-06-13 22:53 . 2013-06-13 22:52 237056 ----a-w- c:\windows\system32\url.dll2013-06-13 22:53 . 2013-06-13 22:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe2013-06-13 22:53 . 2013-06-13 22:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-06-13 22:53 . 2013-06-13 22:52 1392128 ----a-w- c:\windows\system32\wininet.dll2013-06-13 22:53 . 2013-06-13 22:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2013-06-13 22:53 . 2013-06-13 22:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2013-06-13 22:53 . 2013-06-13 22:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-06-13 22:53 . 2013-06-13 22:52 1346560 ----a-w- c:\windows\system32\urlmon.dll2013-06-13 22:53 . 2013-06-13 22:52 2312704 ----a-w- c:\windows\system32\jscript9.dll2013-06-13 22:53 . 2013-06-13 22:52 85504 ----a-w- c:\windows\system32\jsproxy.dll2013-06-13 22:53 . 2013-06-13 22:52 729088 ----a-w- c:\windows\system32\msfeeds.dll2013-06-13 22:53 . 2013-06-13 22:52 816640 ----a-w- c:\windows\system32\jscript.dll2013-06-13 22:53 . 2013-06-13 22:52 599040 ----a-w- c:\windows\system32\vbscript.dll2013-06-13 22:53 . 2013-06-13 22:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2013-06-13 22:53 . 2013-06-13 22:52 2147840 ----a-w- c:\windows\system32\iertutil.dll2013-06-13 22:53 . 2013-06-13 22:52 17824768 ----a-w- c:\windows\system32\mshtml.dll2013-06-13 22:48 . 2013-06-13 22:47 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-13 22:48 . 2013-06-13 22:47 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-13 22:48 . 2013-06-13 22:46 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-13 22:48 . 2013-06-13 22:46 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-06-13 22:48 . 2013-06-13 22:46 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-13 22:48 . 2013-06-13 22:46 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-13 22:48 . 2013-06-13 22:47 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-06-13 22:48 . 2013-06-13 22:47 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-13 22:48 . 2013-06-13 22:47 1192448 ----a-w- c:\windows\system32\certutil.exe2013-06-13 22:48 . 2013-06-13 22:47 52224 ----a-w- c:\windows\system32\certenc.dll2013-06-13 22:48 . 2013-06-13 22:47 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-06-13 22:48 . 2013-06-13 22:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-13 22:48 . 2013-06-13 22:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-13 22:48 . 2013-06-13 22:47 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-06-13 22:48 . 2013-06-13 22:47 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-13 22:48 . 2013-06-13 22:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-13 22:48 . 2013-06-13 22:46 1887232 ----a-w- c:\windows\system32\d3d11.dll2013-06-13 22:48 . 2013-06-13 22:46 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-12 13:49 . 2012-03-29 21:05 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-12 13:49 . 2012-03-21 17:42 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-02 00:06 . 2010-11-21 03:27 278800 -c----w- c:\windows\system32\MpSigStub.exe2013-05-01 01:59 . 2013-05-01 01:59 94208 -c--a-w- c:\windows\SysWow64\QuickTimeVR.qtx2013-05-01 01:59 . 2013-05-01 01:59 69632 -c--a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-05-30 12107944]"tsnp325"="c:\windows\tsnp325.exe" [bU]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"FixCamera"="c:\windows\FixCamera.exe" [bU]"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]"CLIVFR"="c:\program files (x86)\Dell\Latitude ON Reader\CLIVFR.exe" [2009-06-11 238888]"BIOSEvent"="c:\program files (x86)\Dell\Latitude ON Reader\BIOSEvent.exe" [2009-05-22 116008]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608]Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 1 (0x1)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]"NoAutoUpdate"= 1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 gtdetectsc;GtDetectSc Service;c:\windows\SysWOW64\gtdetectsc.exe;c:\windows\SysWOW64\gtdetectsc.exe [x]R2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys;c:\windows\SYSNATIVE\drivers\Accelern.sys [x]R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 DIGITECH;DIGITECH;c:\windows\system32\drivers\DIGITECH.sys;c:\windows\SYSNATIVE\drivers\DIGITECH.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 DPMRA;DPMRA;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe [x]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]R3 NVTLUSBModem;Novatel Wireless Inc USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdmv22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdmv22.sys [x]R3 NVTLUSBPort;Novatel Wireless Inc USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbserv22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbserv22.sys [x]R3 NVTLUSBPort2;Novatel Wireless Inc USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2v22.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2v22.sys [x]R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys;c:\windows\SYSNATIVE\drivers\nwdelser.sys [x]R3 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys;c:\windows\SYSNATIVE\drivers\nwdelser2.sys [x]R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys;c:\windows\SYSNATIVE\DRIVERS\NWVNdis.sys [x]R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys;c:\windows\SYSNATIVE\drivers\o2sdjw7x64.sys [x]R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl.sys [x]R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl2k.sys [x]R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl.sys [x]R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl2k.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]R3 StMp3Recx64;Player Recovery Device Control Driver;c:\windows\system32\Drivers\StMp3Recx64.sys;c:\windows\SYSNATIVE\Drivers\StMp3Recx64.sys [x]R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys;c:\windows\SYSNATIVE\DRIVERS\swivspnt.sys [x]R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys;c:\windows\SYSNATIVE\drivers\tcm.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBZTECCID;ZTE USB Smartcard Driver;c:\windows\system32\DRIVERS\ZTEusbccid.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbccid.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R3 zte_massejct;ZTEMassEjctServ;c:\windows\system32\Drivers\zte_massejct.sys;c:\windows\SYSNATIVE\Drivers\zte_massejct.sys [x]R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext2.sys [x]R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 alssvc64;Ambient Light Sensor;c:\program files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe;c:\program files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe [x]S2 CLMonitor;CLMonitor;c:\program files (x86)\Dell\Latitude ON Reader\CLMonitorService.exe;c:\program files (x86)\Dell\Latitude ON Reader\CLMonitorService.exe [x]S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]S2 ctfprocdca;Input Processor;c:\program files (x86)\Products\Input Processor\ctfprocdca.exe;c:\program files (x86)\Products\Input Processor\ctfprocdca.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\Movistar\Escritorio Movistar\ImpWiFiSvc.exe;c:\program files (x86)\Movistar\Escritorio Movistar\ImpWiFiSvc.exe [x]S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]S3 DPMClientService;DPM Client Service;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClientService.exe;c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClientService.exe [x]S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\Application Data\Input Processor\mktools.sys;c:\programdata\Application Data\Input Processor\mktools.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 Mbm3CBus;Dell Wireless 5540 HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys;c:\windows\SYSNATIVE\DRIVERS\snp325.sys [x]S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MANDIANT_TOOLS*NewlyCreated* - MPNWMON*NewlyCreated* - NISDRV.Contents of the 'Scheduled Tasks' folder.2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:49].2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 12:19].2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 12:19].2013-07-18 c:\windows\Tasks\PFE Client Health.job- c:\windows\pfeclienthealth\PFEClientHealth.vbs [2012-03-14 22:52].2013-07-19 c:\windows\Tasks\ScheduledDPMClientBackup.job- c:\windows\SYSTEM32\rundll32.exe [2009-07-13 01:14]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-23 592240]"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-14 487424]"DPMClientUI"="c:\program files\Microsoft Data Protection Manager\DPM\bin\DPMClient.exe" [2010-04-08 29576]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-28 159232]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-28 380928]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-28 358912]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-07 393216]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: adp.com\tsTrusted Zone: danahertm.comTrusted Zone: dell.comTrusted Zone: fluke.com\tcTrusted Zone: flukecorp.comTrusted Zone: flukenetworks.com\invisionTrusted Zone: gob.es\agenciatributariaTrusted Zone: gtt.es\seguroTrusted Zone: kellyservices.com\esolutionsTrusted Zone: mydanaher.comTrusted Zone: shipitsmarter.comTrusted Zone: shipitsmarter.euTrusted Zone: shipitsmarter.nlTrusted Zone: tek.comTrusted Zone: tek.com.cnTrusted Zone: tektronix.co.jpTrusted Zone: tektronix.comTrusted Zone: tektronix.com.cnTrusted Zone: tektronix.netTrusted Zone: verisign.comTrusted Zone: visualnetworks.com\vupdemo7Trusted Zone: visualnetworks.com\wwwTCP: Interfaces\{00EA68ED-17CC-41DA-A8BE-797AE31ADB4B}: NameServer = 80.58.61.250 80.58.61.254.- - - - ORPHANS REMOVED - - - -.AddRemove-{87434D51-51DB-4109-B68F-A829ECDCF380} - c:\program files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000001.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exec:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exec:\windows\SysWOW64\CCM\CcmExec.exec:\program files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\windows\SysWOW64\CCM\SMSCliUI.exe.**************************************************************************.Completion time: 2013-07-19 10:11:51 - machine was rebootedComboFix-quarantined-files.txt 2013-07-19 08:11ComboFix2.txt 2013-07-17 15:59.Pre-Run: 14,082,650,112 bytes freePost-Run: 13,789,720,576 bytes free.- - End Of File - - 2DE37F16F9842A28FEA98A5323089815D41D8CD98F00B204E9800998ECF8427EUpload was successful Link to post Share on other sites More sharing options...
Psychotic Posted July 19, 2013 ID:704790 Share Posted July 19, 2013 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 19, 2013 ID:704801 Share Posted July 19, 2013 thanks. I am running now ESET i noticed also that after the last combofix i lost audio in the PCall devices run ok and driver installed but the audio icon in taskbar shows and dissapears on startup and then audio is not available for applications any hint on this? thanks Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 19, 2013 ID:704812 Share Posted July 19, 2013 hihere the export of ESET C:\Users\ignaciop\Desktop\AntiVirus\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantinedC:\Windows\FixCamera.exe.virus a variant of Win32/KillProc.A application cleaned by deleting - quarantined regards Link to post Share on other sites More sharing options...
Psychotic Posted July 20, 2013 ID:705162 Share Posted July 20, 2013 Combofix accidentally took out the Audio service. We´ll get this fixed.Please post up C:\qoobox\ComboFix-quarantined-files.txt Link to post Share on other sites More sharing options...
Guest ipedraz Posted July 22, 2013 ID:705777 Share Posted July 22, 2013 Hi, thanks a lot for your help till now, but following a crash on reboot and given that i saved recently my mail and important files in external disk, i decided to run a clean install of W7. again, really thankful for your help, and will need you again in the future if i step into virus trouble again.10 points for your customer service!!! regardsIgnacio Link to post Share on other sites More sharing options...
Psychotic Posted July 22, 2013 ID:705779 Share Posted July 22, 2013 You´re welcome! Link to post Share on other sites More sharing options...
LDTate Posted July 22, 2013 ID:705839 Share Posted July 22, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts