Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Forefront Endpoint Protection started detecting Trojan:JS/Seedabutor.C


  • This topic is locked This topic is locked
25 replies to this topic

#1 ynotmat

ynotmat

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 24 July 2013 - 01:51 AM

Hi,

 

This infection has been detected by my antivirus. Please help in removal.

 

This post is a follow up from the following post; http://www.bleepingcomputer.com/forums/t/498333/pumhijackhomepagecontrol-detected-by-malware-bytes-antimalware/?view=getnewpost

 

Regards,

Ynotmat

 



BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 July 2013 - 01:56 AM

Hi ynotmat

Welcome back :wink:

FRST.jpgFRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 24 July 2013 - 04:11 AM

Hi Robybel,

 

Here is the Log.

 

==================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by SYSTEM on 24-07-2013 11:28:31
Running from F:\
Windows 7 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [375808 2011-02-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-02-11] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] - C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [3121440 2013-05-14] (Connectify)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [5236512 2013-05-14] (Connectify)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [642664 2013-05-07] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [ToolboxFX] - "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] - "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12107432 2013-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation)
HKU\mathewt1\...\Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\mathewt1\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [944520 2011-02-11] (Microsoft Corporation)
HKU\mathewt1\...\Run: [005A4CA47FF622BB748CFF6D59FD53638461CEA4._service_run] - "C:\Users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [846288 2013-07-12] (Google Inc.)
HKU\mathewt1\...\Run: [GoogleChromeAutoLaunch_A88CF196930C464BA422087DBFD40196] - "C:\Users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-12] (Google Inc.)
HKU\mathewt1\...\Run: [Google Update] - "C:\Users\mathewt1\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-22] (Google Inc.)
HKU\mathewt1\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKU\mathewt1\...\Run: [ChromeFrameHelper] - "C:\Users\mathewt1\AppData\Local\Google\Chrome\Application\28.0.1500.72\chrome_frame_helper.exe" --startup [82896 2013-07-12] (Google Inc.)
Startup: C:\Users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2011-02-11] (Andrea Electronics Corporation)
S2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [156672 2013-05-14] (Connectify)
S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2010-01-15] (IBM Corporation)
S2 dsiasrv; C:\Program Files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149400 2011-11-02] (Dell Inc.)
S2 HBG_DDNA; C:\Windows\HBGDDNA\ddna.exe [2400256 2013-04-04] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2011-02-11] (IDT, Inc.)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-03-25] (Connectify)
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [96296 2011-02-11] (Ericsson AB)
S3 d557bus; C:\Windows\system32\drivers\d557bus.sys [328704 2011-02-11] (MCCI Corporation)
S3 d557mgmt; C:\Windows\system32\drivers\d557mgmt.sys [376320 2011-02-11] (MCCI Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2011-02-11] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2011-02-11] (Ericsson AB)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [378952 2011-02-11] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [416328 2011-02-11] (MCCI Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [8832 2011-02-11] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2011-02-11] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [127104 2011-02-11] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [121600 2011-02-11] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2010-12-03] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2010-12-03] (SUNIX Co., Ltd.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-24 11:28 - 2013-07-24 11:28 - 00000000 ____D C:\FRST
2013-07-21 21:42 - 2013-07-21 21:44 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2013-07-20 23:50 - 2013-07-24 00:04 - 00000280 _____ C:\Windows\setupact.log
2013-07-20 23:50 - 2013-07-20 23:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-17 05:15 - 2013-07-17 05:35 - 00000000 ____D C:\Users\mathewt1\Desktop\desire BU
2013-07-17 04:19 - 2013-07-17 06:19 - 00000000 ____D C:\Users\mathewt1\Desktop\MArk WDI SQP
2013-07-15 23:42 - 2013-07-10 05:53 - 02250906 _____ C:\Users\mathewt1\Desktop\Service Quality Plan (Imperial Horn River).xlsm
2013-07-15 06:40 - 2013-07-15 06:41 - 00000000 ____D C:\Users\mathewt1\Downloads\Monthly report template
2013-07-15 05:13 - 2013-07-15 05:18 - 00010466 _____ C:\Users\mathewt1\Documents\Iraq Document register.xlsx
2013-07-15 03:25 - 2013-07-15 03:25 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-15 03:25 - 2013-07-15 03:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-15 00:36 - 2013-07-14 23:48 - 00054272 _____ C:\Users\mathewt1\Desktop\SLING REGISTER (TRS00100).xls
2013-07-15 00:36 - 2013-07-14 22:26 - 00131584 _____ C:\Users\mathewt1\Desktop\MPI Register (TRS00099).xls
2013-07-15 00:36 - 2013-07-14 22:21 - 00129536 _____ C:\Users\mathewt1\Desktop\Lifting Register (TRS00101).xls
2013-07-15 00:22 - 2013-07-14 23:50 - 00282112 _____ C:\Users\mathewt1\Desktop\TRS Service Quality Plan (Erbil-Iraq)- (July).xls
2013-07-13 23:17 - 2013-07-24 00:04 - 00000000 ____D C:\Windows\HBGDDNA
2013-07-11 04:11 - 2013-07-24 00:08 - 00000000 ___SD C:\Users\mathewt1\Google Drive
2013-07-11 02:53 - 2013-07-11 02:53 - 00000000 ____D C:\Program Files\WOT
2013-07-11 02:53 - 2013-07-11 02:53 - 00000000 ____D C:\Program Files (x86)\WOT
2013-07-10 21:19 - 2013-07-10 21:19 - 00062976 _____ C:\Users\mathewt1\Desktop\Copy of DS-1 4th Edition Order Form (sponsor) - fillable form.xls
2013-07-10 08:57 - 2013-07-10 08:57 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\Mozilla
2013-07-09 22:37 - 2013-07-09 22:37 - 00000060 _____ C:\Users\mathewt1\Desktop\address.txt
2013-07-07 07:39 - 2013-07-07 07:39 - 00485256 _____ C:\Windows\Minidump\070713-21933-01.dmp
2013-07-07 07:39 - 2013-07-07 07:39 - 00000000 ____D C:\Windows\Minidump
2013-07-07 02:43 - 2013-07-07 02:43 - 01913828 _____ C:\Users\mathewt1\Desktop\GL-WFT-OEPS-L2-06.08_Service_Quality_Plan_Template.xlsm
2013-07-04 02:43 - 2013-07-04 02:43 - 00837591 ____N C:\Users\mathewt1\Desktop\ACAD-Weatherford.dwg
2013-07-03 11:17 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-07-03 11:17 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-07-03 11:16 - 2013-02-14 22:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-03 11:16 - 2013-02-14 22:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-03 11:16 - 2013-02-14 22:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-03 11:16 - 2013-02-14 20:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-03 11:16 - 2013-02-14 20:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-03 11:16 - 2013-02-14 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-03 11:15 - 2013-07-03 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 11:15 - 2013-03-18 21:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-07-03 11:15 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-07-03 11:14 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-03 11:14 - 2013-01-23 22:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-07-03 11:13 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-07-03 11:13 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-07-03 11:13 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-07-03 11:13 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-07-03 11:13 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-07-03 11:13 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-03 11:13 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-03 11:13 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-03 11:11 - 2013-04-09 19:30 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-03 11:11 - 2013-03-18 22:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-03 11:11 - 2013-03-18 21:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-07-03 11:11 - 2013-03-18 21:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-03 11:11 - 2013-03-18 20:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-03 11:10 - 2013-03-18 21:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-03 11:10 - 2013-03-18 19:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-07-03 11:09 - 2013-07-03 11:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 11:09 - 2013-07-03 11:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 11:08 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-07-03 11:08 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-07-03 11:08 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-07-03 10:25 - 2013-07-03 10:25 - 00000000 ____D C:\Users\mathewt1\Desktop\PS3
2013-07-02 12:57 - 2013-07-02 12:57 - 00000000 _____ C:\Windows\invcol.tmp
2013-06-30 07:42 - 2013-06-30 08:11 - 00000000 ____D C:\Users\mathewt1\Desktop\HOUSE 282
2013-06-27 06:06 - 2013-06-27 06:10 - 00000000 ____D C:\Users\mathewt1\Desktop\Office ergonomics
2013-06-26 21:46 - 2013-06-28 13:51 - 00000064 _____ C:\patternhits.xml
2013-06-26 21:46 - 2013-06-28 13:51 - 00000064 _____ C:\KeysAndPasswordFragments.xml
2013-06-26 21:46 - 2013-06-28 13:51 - 00000064 _____ C:\DocumentFragments.xml
2013-06-26 21:46 - 2013-06-28 13:51 - 00000064 _____ C:\BrowserFragments.xml
2013-06-26 21:46 - 2013-06-28 13:51 - 00000012 _____ C:\bhist.bhf
2013-06-26 09:05 - 2013-06-26 09:05 - 00004764 _____ C:\Windows\SysWOW64\CcmFramework.ini
2013-06-26 09:05 - 2013-06-26 09:05 - 00000621 _____ C:\Windows\SysWOW64\CcmFramework.h
2013-06-26 09:05 - 2013-06-26 09:05 - 00000000 ____D C:\Windows\ms
2013-06-26 09:05 - 2009-09-18 01:00 - 00930160 _____ (Microsoft Corporation) C:\Windows\System32\ccmcore.dll
2013-06-26 09:05 - 2009-09-18 01:00 - 00026464 _____ (Microsoft Corporation) C:\Windows\System32\xprslib.dll
2013-06-26 08:44 - 2013-06-26 08:44 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-26 08:14 - 2013-06-26 08:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-246QJ4J-Microsoft-Windows-7-Enterprise-(64-bit).dat
2013-06-26 08:12 - 2013-06-26 08:12 - 00000000 ____D C:\RegBackup
2013-06-26 07:09 - 2013-06-26 08:45 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-26 07:07 - 2013-06-26 07:07 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-06-24 21:06 - 2013-06-24 21:05 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-24 11:28 - 2013-07-24 11:28 - 00000000 ____D C:\FRST
2013-07-24 00:24 - 2013-05-06 05:25 - 00000000 ____D C:\Users\mathewt1\AppData\Local\Passport
2013-07-24 00:24 - 2012-07-22 09:40 - 01229021 _____ C:\Windows\WindowsUpdate.log
2013-07-24 00:24 - 2012-07-22 02:44 - 00000000 ____D C:\Users\mathewt1\Documents\Outlook Files
2013-07-24 00:23 - 2012-07-22 02:34 - 00000000 ____D C:\users\mathewt1
2013-07-24 00:15 - 2011-07-24 13:08 - 00041036 __RSH C:\ProgramData\ntuser.pol
2013-07-24 00:11 - 2012-07-26 04:20 - 00000000 ____D C:\Users\mathewt1\AppData\Local\208A26F4-F166-4C3A-8A42-FED40B663005.aplzod
2013-07-24 00:10 - 2012-08-13 23:43 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\Dropbox
2013-07-24 00:10 - 2012-07-22 02:36 - 00000000 ____D C:\Users\mathewt1\Tracing
2013-07-24 00:10 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-24 00:09 - 2012-08-13 23:45 - 00000000 ___RD C:\Users\mathewt1\Dropbox
2013-07-24 00:09 - 2009-07-13 20:45 - 00015152 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 00:09 - 2009-07-13 20:45 - 00015152 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 00:08 - 2013-07-11 04:11 - 00000000 ___SD C:\Users\mathewt1\Google Drive
2013-07-24 00:07 - 2013-06-06 21:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 00:07 - 2012-07-22 01:46 - 00000463 _____ C:\Windows\SMSCFG.ini
2013-07-24 00:04 - 2013-07-20 23:50 - 00000280 _____ C:\Windows\setupact.log
2013-07-24 00:04 - 2013-07-13 23:17 - 00000000 ____D C:\Windows\HBGDDNA
2013-07-24 00:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 23:51 - 2012-07-22 08:02 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580UA.job
2013-07-23 23:44 - 2012-07-22 05:12 - 00000000 ____D C:\2. Reference
2013-07-23 23:43 - 2012-09-01 10:45 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\Free Download Manager
2013-07-23 23:42 - 2011-12-20 12:50 - 00762306 _____ C:\Windows\System32\perfh00C.dat
2013-07-23 23:42 - 2011-12-20 12:50 - 00159520 _____ C:\Windows\System32\perfc00C.dat
2013-07-23 23:42 - 2011-09-15 12:09 - 00740966 _____ C:\Windows\System32\perfh019.dat
2013-07-23 23:42 - 2011-09-15 12:09 - 00160680 _____ C:\Windows\System32\perfc019.dat
2013-07-23 23:42 - 2011-08-16 12:32 - 00745646 _____ C:\Windows\System32\prfh0816.dat
2013-07-23 23:42 - 2011-08-16 12:32 - 00162736 _____ C:\Windows\System32\prfc0816.dat
2013-07-23 23:42 - 2011-08-16 12:25 - 00713860 _____ C:\Windows\System32\perfh007.dat
2013-07-23 23:42 - 2011-08-16 12:25 - 00158940 _____ C:\Windows\System32\perfc007.dat
2013-07-23 23:42 - 2011-08-12 06:37 - 00730464 _____ C:\Windows\System32\prfh0416.dat
2013-07-23 23:42 - 2011-08-12 06:37 - 00157472 _____ C:\Windows\System32\prfc0416.dat
2013-07-23 23:42 - 2011-08-12 06:29 - 00762110 _____ C:\Windows\System32\perfh00A.dat
2013-07-23 23:42 - 2011-08-12 06:29 - 00168364 _____ C:\Windows\System32\perfc00A.dat
2013-07-23 23:42 - 2009-07-13 21:13 - 06096716 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-23 23:02 - 2013-06-06 21:47 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 21:51 - 2012-07-26 22:18 - 00000000 ___SD C:\Users\mathewt1\SharePoint Sites
2013-07-23 21:35 - 2012-07-22 08:02 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580Core.job
2013-07-21 21:45 - 2013-06-03 22:33 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-21 21:44 - 2013-07-21 21:42 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2013-07-21 21:42 - 2013-03-31 22:52 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\Canon
2013-07-21 21:00 - 2012-07-22 02:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2013-07-21 01:08 - 2013-04-07 08:38 - 00000000 ____D C:\Users\mathewt1\Desktop\TBDELETED
2013-07-20 23:50 - 2013-07-20 23:50 - 00000000 _____ C:\Windows\setuperr.log
2013-07-17 07:37 - 2012-07-24 07:07 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\vlc
2013-07-17 06:19 - 2013-07-17 04:19 - 00000000 ____D C:\Users\mathewt1\Desktop\MArk WDI SQP
2013-07-17 05:35 - 2013-07-17 05:15 - 00000000 ____D C:\Users\mathewt1\Desktop\desire BU
2013-07-15 06:41 - 2013-07-15 06:40 - 00000000 ____D C:\Users\mathewt1\Downloads\Monthly report template
2013-07-15 05:18 - 2013-07-15 05:13 - 00010466 _____ C:\Users\mathewt1\Documents\Iraq Document register.xlsx
2013-07-15 03:25 - 2013-07-15 03:25 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-15 03:25 - 2013-07-15 03:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 23:50 - 2013-07-15 00:22 - 00282112 _____ C:\Users\mathewt1\Desktop\TRS Service Quality Plan (Erbil-Iraq)- (July).xls
2013-07-14 23:48 - 2013-07-15 00:36 - 00054272 _____ C:\Users\mathewt1\Desktop\SLING REGISTER (TRS00100).xls
2013-07-14 22:26 - 2013-07-15 00:36 - 00131584 _____ C:\Users\mathewt1\Desktop\MPI Register (TRS00099).xls
2013-07-14 22:21 - 2013-07-15 00:36 - 00129536 _____ C:\Users\mathewt1\Desktop\Lifting Register (TRS00101).xls
2013-07-13 23:15 - 2011-07-28 12:18 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-13 23:12 - 2011-07-27 11:13 - 00214420 _____ C:\Windows\PFRO.log
2013-07-12 06:46 - 2012-07-22 08:02 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580UA
2013-07-12 06:46 - 2012-07-22 08:02 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580Core
2013-07-11 14:57 - 2013-06-06 21:47 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-11 14:57 - 2013-06-06 21:47 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 04:37 - 2013-06-10 20:54 - 00000000 ____D C:\Users\mathewt1\AppData\Local\Microsoft Games
2013-07-11 02:56 - 2012-07-22 02:36 - 00000000 ____D C:\Users\mathewt1\AppData\Local\Adobe
2013-07-11 02:53 - 2013-07-11 02:53 - 00000000 ____D C:\Program Files\WOT
2013-07-11 02:53 - 2013-07-11 02:53 - 00000000 ____D C:\Program Files (x86)\WOT
2013-07-11 00:39 - 2011-07-28 12:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-11 00:19 - 2013-01-20 21:27 - 00000511 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-07-11 00:13 - 2013-06-22 13:54 - 00000000 ____D C:\Windows\erdnt
2013-07-10 21:19 - 2013-07-10 21:19 - 00062976 _____ C:\Users\mathewt1\Desktop\Copy of DS-1 4th Edition Order Form (sponsor) - fillable form.xls
2013-07-10 08:57 - 2013-07-10 08:57 - 00000000 ____D C:\Users\mathewt1\AppData\Roaming\Mozilla
2013-07-10 05:53 - 2013-07-15 23:42 - 02250906 _____ C:\Users\mathewt1\Desktop\Service Quality Plan (Imperial Horn River).xlsm
2013-07-09 22:37 - 2013-07-09 22:37 - 00000060 _____ C:\Users\mathewt1\Desktop\address.txt
2013-07-07 22:18 - 2012-07-22 07:26 - 00000000 ____D C:\Users\mathewt1\AppData\Local\Apps\2.0
2013-07-07 07:39 - 2013-07-07 07:39 - 00485256 _____ C:\Windows\Minidump\070713-21933-01.dmp
2013-07-07 07:39 - 2013-07-07 07:39 - 00000000 ____D C:\Windows\Minidump
2013-07-07 02:43 - 2013-07-07 02:43 - 01913828 _____ C:\Users\mathewt1\Desktop\GL-WFT-OEPS-L2-06.08_Service_Quality_Plan_Template.xlsm
2013-07-04 08:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 02:43 - 2013-07-04 02:43 - 00837591 ____N C:\Users\mathewt1\Desktop\ACAD-Weatherford.dwg
2013-07-03 20:51 - 2012-07-22 02:36 - 00000000 ___RD C:\Users\mathewt1\Virtual Machines
2013-07-03 11:37 - 2009-07-13 20:45 - 00470688 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-03 11:16 - 2011-07-28 12:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-03 11:15 - 2013-07-03 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 11:15 - 2013-05-06 02:22 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-07-03 11:09 - 2013-07-03 11:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 11:09 - 2013-07-03 11:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 10:25 - 2013-07-03 10:25 - 00000000 ____D C:\Users\mathewt1\Desktop\PS3
2013-07-02 14:15 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-07-02 13:08 - 2013-06-21 11:58 - 00000000 ____D C:\JRT
2013-07-02 12:57 - 2013-07-02 12:57 - 00000000 _____ C:\Windows\invcol.tmp
2013-07-01 21:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-01 21:04 - 2012-07-22 02:36 - 00127328 _____ C:\Users\mathewt1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 21:01 - 2012-07-28 06:56 - 00004728 _____ C:\ProgramData\hpzinstall.log
2013-07-01 20:59 - 2012-07-28 06:56 - 00000000 ____D C:\ProgramData\HP
2013-07-01 20:57 - 2013-04-08 05:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-01 06:02 - 2012-10-14 21:40 - 00000000 ____D C:\Users\mathewt1\Desktop\Shortcuts
2013-06-30 08:11 - 2013-06-30 07:42 - 00000000 ____D C:\Users\mathewt1\Desktop\HOUSE 282
2013-06-30 07:55 - 2013-05-02 06:24 - 00000000 ____D C:\Users\mathewt1\AppData\Local\CutePDF Writer
2013-06-28 14:50 - 2013-06-09 22:29 - 1898053794 _____ C:\pagetables.xml
2013-06-28 13:51 - 2013-06-26 21:46 - 00000064 _____ C:\patternhits.xml
2013-06-28 13:51 - 2013-06-26 21:46 - 00000064 _____ C:\KeysAndPasswordFragments.xml
2013-06-28 13:51 - 2013-06-26 21:46 - 00000064 _____ C:\DocumentFragments.xml
2013-06-28 13:51 - 2013-06-26 21:46 - 00000064 _____ C:\BrowserFragments.xml
2013-06-28 13:51 - 2013-06-26 21:46 - 00000012 _____ C:\bhist.bhf
2013-06-27 06:10 - 2013-06-27 06:06 - 00000000 ____D C:\Users\mathewt1\Desktop\Office ergonomics
2013-06-26 20:58 - 2013-04-18 22:24 - 00001729 _____ C:\Windows\MSIEJUGD.mif
2013-06-26 09:05 - 2013-06-26 09:05 - 00004764 _____ C:\Windows\SysWOW64\CcmFramework.ini
2013-06-26 09:05 - 2013-06-26 09:05 - 00000621 _____ C:\Windows\SysWOW64\CcmFramework.h
2013-06-26 09:05 - 2013-06-26 09:05 - 00000000 ____D C:\Windows\ms
2013-06-26 09:05 - 2012-07-22 01:46 - 00000000 ____D C:\Windows\SysWOW64\CCM
2013-06-26 09:05 - 2011-07-29 08:08 - 06151686 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-26 08:45 - 2013-06-26 07:09 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-26 08:44 - 2013-06-26 08:44 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-06-26 08:41 - 2013-05-13 00:12 - 00000855 _____ C:\Windows\System32\Drivers\etc\hosts.bak
2013-06-26 08:14 - 2013-06-26 08:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-246QJ4J-Microsoft-Windows-7-Enterprise-(64-bit).dat
2013-06-26 08:12 - 2013-06-26 08:12 - 00000000 ____D C:\RegBackup
2013-06-26 07:07 - 2013-06-26 07:07 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-06-26 06:49 - 2013-05-13 00:12 - 00000098 _____ C:\Windows\System32\Drivers\etc\hosts_bak_680
2013-06-26 05:02 - 2011-07-24 13:07 - 00001096 _____ C:\Windows\System32\config\netlogon.ftl
2013-06-26 00:30 - 2013-02-21 07:55 - 00000000 ___RD C:\Users\mathewt1\Desktop\QE folder by Sr. 21FEB2013
2013-06-26 00:22 - 2012-07-22 05:10 - 00000000 ____D C:\1. Work
2013-06-26 00:10 - 2013-06-10 02:23 - 00000000 ____D C:\Users\mathewt1\Desktop\Data book
2013-06-26 00:09 - 2013-03-31 02:01 - 00000000 ____D C:\Users\mathewt1\Desktop\contract
2013-06-25 23:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 04:50 - 2013-06-15 23:09 - 00039097 _____ C:\Users\mathewt1\Desktop\HESS GA to GDC-SC-001.xlsx
2013-06-25 00:55 - 2013-02-23 04:14 - 00000000 ____D C:\ProgramData\DatacardService
2013-06-24 22:54 - 2010-02-04 22:04 - 00055296 _____ C:\Users\mathewt1\Documents\Expense sheet.xls
2013-06-24 21:05 - 2013-06-24 21:06 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-24 21:05 - 2013-06-24 21:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-24 21:05 - 2012-08-05 06:29 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-24 21:05 - 2011-07-28 12:20 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-24 21:05 - 2011-07-28 12:20 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-24 03:30 - 2012-07-18 12:14 - 00000000 ____D C:\Outlook BU
2013-06-24 00:45 - 2013-06-12 05:53 - 00054666 _____ C:\Windows\IE10_main.log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-21 00:15:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 4047.9 MB
Available physical RAM: 3376.29 MB
Total Pagefile: 4046.05 MB
Available Pagefile: 3370.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:148.75 GB) (Free:30.91 GB) NTFS (Disk=0 Partition=2)
Drive f: () (Removable) (Total:29.82 GB) (Free:4.03 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserve) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1F9C5F2B)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2013-07-16 08:00
 
==================== End Of Log ============================

 

 

Regards,

Ynotmat



#4 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 24 July 2013 - 11:35 AM

Hi ynotmat :)

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
LastRegBack: 2013-07-16 08:00
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#5 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 25 July 2013 - 01:00 AM

Hi Robybel,

 

Here is the Fixlog.

 

 

==============================================================================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2013
Ran by SYSTEM at 2013-07-25 08:17:42 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====

 

 

Regards,

ynotmat



#6 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 25 July 2013 - 08:41 AM

HI Robybel,

 

 

for your information, everytime i open IE now i get the old redirect back and MS forefront detects Trojan:JS/Seedabutor.C but this happens only on my company web sites... other websites load as usual.

 

regards,

ynotmat



#7 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 July 2013 - 03:08 PM

Hi ynotmat ;)

Ok let me see :wink:

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

On your next reply please post :
  • Combofix log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#8 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 28 July 2013 - 04:06 AM

Hi Robybel,

 

here is the Combofix log

===============================================

 

ComboFix 13-07-27.01 - mathewt1 28/07/2013  11:13:45.6.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.4048.1987 [GMT 3:00]
Running from: c:\users\mathewt1\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_ctypes.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_elementtree.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_hashlib.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_multiprocessing.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_socket.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\_ssl.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\pyexpat.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\pysqlite2._sqlite.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\python27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\pythoncom27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\PyWinTypes27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\select.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\unicodedata.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32api.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32com.shell.shell.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32crypt.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32event.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32file.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32inet.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32pdh.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32process.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32profile.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32security.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\win32ts.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\windows._cacheinvalidation.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._controls_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._core_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._gdi_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._html2.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._misc_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._windows_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wx._wizard.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxbase294u_net_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxbase294u_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxmsw294u_adv_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxmsw294u_core_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxmsw294u_html_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI47642\wxmsw294u_webview_vc90.dll
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 08:26 . 2013-07-28 08:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-28 08:26 . 2013-07-28 08:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-28 08:26 . 2013-07-28 08:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-28 08:26 . 2013-07-28 08:26 -------- d-----w- c:\users\Administrator.246QJ4J\AppData\Local\temp
2013-07-28 04:51 . 2013-07-01 22:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E50D70AB-A812-48E9-A25B-13F711C82D98}\mpengine.dll
2013-07-24 19:28 . 2013-07-24 19:28 -------- d-----w- C:\FRST
2013-07-22 05:42 . 2013-07-22 05:44 -------- d--h--w- c:\programdata\CanonIJMIG
2013-07-15 11:25 . 2013-07-15 11:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 11:25 . 2013-07-15 11:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 07:17 . 2013-07-24 08:04 -------- d-----w- c:\windows\HBGDDNA
2013-07-11 12:11 . 2013-07-25 08:38 -------- d-s---w- c:\users\mathewt1\Google Drive
2013-07-11 10:53 . 2013-07-11 10:53 -------- d-----w- c:\program files\WOT
2013-07-11 10:53 . 2013-07-11 10:53 -------- d-----w- c:\program files (x86)\WOT
2013-07-03 19:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-07-03 19:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-07-03 19:16 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-03 19:16 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-07-03 19:16 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-07-03 19:16 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-07-03 19:16 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-07-03 19:16 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-07-03 19:15 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-03 19:15 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-03 19:14 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-07-03 19:14 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-07-03 19:13 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-07-03 19:13 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-03 19:13 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-03 19:13 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-03 19:13 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-07-03 19:13 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-07-03 19:11 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-03 19:11 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-07-03 19:11 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-03 19:11 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-07-03 19:11 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-03 19:10 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-03 19:10 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-03 19:09 . 2013-07-03 19:09 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-03 19:09 . 2013-07-03 19:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-03 19:08 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-03 19:08 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-03 19:08 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-02 20:57 . 2013-07-02 20:57 0 ----a-w- c:\windows\invcol.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 22:34 . 2011-08-08 16:28 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-26 16:45 . 2013-06-26 15:09 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-06-25 05:05 . 2013-06-25 05:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 05:05 . 2012-08-05 14:29 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 05:05 . 2011-07-28 20:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 14:06 . 2013-06-12 14:06 9728 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 9728 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 4096 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 4096 ----a-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3584 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3584 ----a-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 2560 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 2560 ----a-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 10752 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 10752 ----a-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-12 14:06 . 2013-06-12 14:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-12 14:06 . 2013-06-12 14:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-12 14:06 . 2013-06-12 14:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-12 14:06 . 2013-06-12 14:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-12 14:06 . 2013-06-12 14:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-12 14:06 . 2013-06-12 14:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-12 14:06 . 2013-06-12 14:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-12 14:06 . 2013-06-12 14:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-12 14:06 . 2013-06-12 14:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-12 14:06 . 2013-06-12 14:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-12 14:06 . 2013-06-12 14:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-12 14:06 . 2013-06-12 14:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 14:06 . 2013-06-12 14:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-06-12 14:06 . 2013-06-12 14:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-12 14:06 . 2013-06-12 14:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-12 14:06 . 2013-06-12 14:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-12 14:06 . 2013-06-12 14:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-12 14:06 . 2013-06-12 14:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-12 14:06 . 2013-06-12 14:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-12 14:06 . 2013-06-12 14:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-12 14:06 . 2013-06-12 14:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-12 14:06 . 2013-06-12 14:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-12 14:06 . 2013-06-12 14:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-12 14:06 . 2013-06-12 14:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-12 14:06 . 2013-06-12 14:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-12 14:06 . 2013-06-12 14:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-12 14:06 . 2013-06-12 14:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 14:06 . 2013-06-12 14:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-12 14:06 . 2013-06-12 14:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-12 14:06 . 2013-06-12 14:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-12 14:06 . 2013-06-12 14:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 14:06 . 2013-06-12 14:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-12 14:06 . 2013-06-12 14:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 14:06 . 2013-06-12 14:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-03 15:16 . 2011-07-24 21:57 75898224 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2011-07-24 21:13 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office14\GROOVEMN.EXE" [2011-02-11 944520]
"005A4CA47FF622BB748CFF6D59FD53638461CEA4._service_run"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"GoogleChromeAutoLaunch_A88CF196930C464BA422087DBFD40196"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"ChromeFrameHelper"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\28.0.1500.72\chrome_frame_helper.exe" [2013-07-12 82896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mathewt1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2012-9-20 30785672]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2012-10-12 2050224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SnagIt 8.lnk - c:\program files (x86)\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=HBGaryInstallScript.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dsiasrv;DSM CM Inventory Agent;c:\program files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe;c:\program files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [x]
R2 HBG_DDNA;HBGary ActiveDefense Agent;c:\windows\HBGDDNA\ddna.exe;c:\windows\HBGDDNA\ddna.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
R3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);c:\windows\system32\drivers\d557bus.sys;c:\windows\SYSNATIVE\drivers\d557bus.sys [x]
R3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);c:\windows\system32\drivers\d557mgmt.sys;c:\windows\SYSNATIVE\drivers\d557mgmt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys;c:\windows\SYSNATIVE\drivers\hppdfaxio.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl2k.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
R3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\drivers\snxppamd.sys;c:\windows\SYSNATIVE\drivers\snxppamd.sys [x]
R3 SNXPSAMD;SUNIX Serial Port Driver;c:\windows\system32\drivers\snxpsamd.sys;c:\windows\SYSNATIVE\drivers\snxpsamd.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 05:47]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 05:47]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580Core.job
- c:\users\mathewt1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 16:02]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580UA.job
- c:\users\mathewt1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 16:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-11 375808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-11 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-05-14 3121440]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-05-14 5236512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.136.3.30 192.168.100.79 93.91.200.200
TCP: Interfaces\{8538B979-D47D-4411-9C61-D82B5CF267CC}: NameServer = 192.168.212.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{DFE19F23-4372-39FE-7787-5398FCAB3637} - c:\progra~3\INSTAL~1\{D46E3~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€J*ÑøÕL*-éP?ä/§e]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€J*ÑøÕL*-éP?ä/§e\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ib]
"0"=hex:4a,3a,5c,48,44,5c,54,68,65,20,44,61,72,6a,65,65,6c,69,6e,67,20,4c,69,
   6d,69,74,65,64,5c,74,39,5c,53,42,5c,6e,6b,73,5c,32,30,30,39,5f,31,32,5f,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€J*ÑøÕL*-éP?ä/§e]
"0"=hex:45,3a,5c,56,69,64,65,6f,73,5c,46,75,6e,20,63,6c,69,70,73,5c,48,75,6d,
   6f,75,72,5c,43,6c,69,70,73,5c,50,6f,6c,69,63,65,5f,44,65,70,74,5f,56,6f,69,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\CCM\CcmExec.exe
c:\program files (x86)\Connectify\ConnectifyNetServices.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\CCM\SMSCliUI.exe
.
**************************************************************************
.
Completion time: 2013-07-28  11:36:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-28 08:36
.
Pre-Run: 43,126,415,360 bytes free
Post-Run: 42,530,865,152 bytes free
.
- - End Of File - - 0C881465635435E1872EA6D8A35DF722
D41D8CD98F00B204E9800998ECF8427E
 
====================================================================
 
I can see in the log that there is an infection. i think combofix could not repair this.
 
regards,
Ynotmat :-)


#9 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 28 July 2013 - 03:06 PM

Hi ynotmat :)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    ntfs.sys 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#10 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 29 July 2013 - 03:30 AM

Hi Robybel,
 
Here is the SystemLook log
===================================================
 
SystemLook 30.07.11 by jpshortstuff
Log created at 11:22 on 29/07/2013 by mathewt1
 (Limited User)
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "ntfs.sys"
C:\Windows\erdnt\cache64\ntfs.sys --a---- 1656680 bytes [22:37 22/06/2013] [14:45 12/04/2013] B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys --a---- 1659776 bytes [08:04 27/07/2011] [13:33 20/11/2010] 05D78AA5CB5F3F5C31160BDB955D0B7C
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys --a---- 1659776 bytes [08:02 26/07/2011] [06:41 11/03/2011] A2F74975097F52A00745F9637451FDD8
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys --a---- 1659760 bytes [13:04 21/11/2012] [18:19 31/08/2012] E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys --a---- 1656680 bytes [19:14 03/07/2013] [14:45 12/04/2013] B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys --a---- 1659776 bytes [08:02 26/07/2011] [06:19 11/03/2011] 87B104128D4D3BA3C13098BAEBF38082
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys --a---- 1687408 bytes [13:04 21/11/2012] [17:57 31/08/2012] B2746D84DDF68D09B41B72DF745CCBA6
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys --a---- 1686888 bytes [19:14 03/07/2013] [14:16 12/04/2013] A6AE4551BF8EED09FA3B6FCDF472F3E1
 
-= EOF =-

==================================================

 

What Next? :-)

 

 

Regards,

Ynotmat



#11 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 29 July 2013 - 03:11 PM

Hi ynotmat

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys | c:\windows\SysWow64\drivers\ntfs.sys 

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post a new combofix log

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#12 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 30 July 2013 - 06:16 AM

Hi Robybel,

 

Combofix log follows..

 

=================================================

ComboFix 13-07-30.02 - mathewt1 30/07/2013  13:39:06.8.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.4048.2143 [GMT 3:00]
Running from: c:\users\mathewt1\Desktop\ComboFix.exe
Command switches used :: c:\users\mathewt1\Desktop\CFScript.txt
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_ctypes.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_elementtree.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_hashlib.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_multiprocessing.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_socket.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\_ssl.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\pyexpat.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\pysqlite2._sqlite.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\python27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\pythoncom27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\PyWinTypes27.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\select.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\unicodedata.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32api.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32com.shell.shell.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32crypt.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32event.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32file.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32inet.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32pdh.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32process.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32profile.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32security.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\win32ts.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\windows._cacheinvalidation.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._controls_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._core_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._gdi_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._html2.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._misc_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._windows_.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wx._wizard.pyd
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxbase294u_net_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxbase294u_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxmsw294u_adv_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxmsw294u_core_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxmsw294u_html_vc90.dll
c:\users\mathewt1\AppData\Local\Temp\_MEI46042\wxmsw294u_webview_vc90.dll
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys --> c:\windows\SysWow64\drivers\ntfs.sys
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-30  )))))))))))))))))))))))))))))))
.
.
2013-07-30 10:49 . 2013-07-30 10:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-30 10:49 . 2013-07-30 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-30 10:49 . 2013-07-30 10:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-30 10:49 . 2013-07-30 10:49 -------- d-----w- c:\users\Administrator.246QJ4J\AppData\Local\temp
2013-07-30 07:54 . 2013-04-12 14:16 1686888 ----a-w- c:\windows\SysWow64\drivers\ntfs.sys
2013-07-29 10:52 . 2013-07-01 22:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C010718-FD20-49A8-95EE-EFE420A05D7D}\mpengine.dll
2013-07-24 19:28 . 2013-07-24 19:28 -------- d-----w- C:\FRST
2013-07-22 05:42 . 2013-07-22 05:44 -------- d--h--w- c:\programdata\CanonIJMIG
2013-07-15 11:25 . 2013-07-15 11:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 11:25 . 2013-07-15 11:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 07:17 . 2013-07-24 08:04 -------- d-----w- c:\windows\HBGDDNA
2013-07-11 12:11 . 2013-07-29 07:57 -------- d-s---w- c:\users\mathewt1\Google Drive
2013-07-11 10:53 . 2013-07-11 10:53 -------- d-----w- c:\program files\WOT
2013-07-11 10:53 . 2013-07-11 10:53 -------- d-----w- c:\program files (x86)\WOT
2013-07-03 19:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-07-03 19:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-07-03 19:16 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-07-03 19:16 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-07-03 19:16 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-07-03 19:16 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-07-03 19:16 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-07-03 19:16 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-07-03 19:15 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-03 19:15 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-03 19:14 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-07-03 19:14 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-07-03 19:13 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-07-03 19:13 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-03 19:13 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-03 19:13 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-03 19:13 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-07-03 19:13 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-07-03 19:11 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-03 19:11 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-07-03 19:11 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-03 19:11 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-07-03 19:11 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-07-03 19:10 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-07-03 19:10 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-07-03 19:09 . 2013-07-03 19:09 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-03 19:09 . 2013-07-03 19:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-03 19:08 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-03 19:08 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-03 19:08 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-02 20:57 . 2013-07-02 20:57 0 ----a-w- c:\windows\invcol.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 22:34 . 2011-08-08 16:28 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-26 16:45 . 2013-06-26 15:09 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-06-25 05:05 . 2013-06-25 05:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 05:05 . 2012-08-05 14:29 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 05:05 . 2011-07-28 20:20 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 14:06 . 2013-06-12 14:06 9728 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 9728 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 5632 ----a-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 4096 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 4096 ----a-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3584 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3584 ----a-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 3072 ----a-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 2560 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 2560 ----a-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 10752 ----a-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 10752 ----a-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-12 14:06 . 2013-06-12 14:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-12 14:06 . 2013-06-12 14:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-12 14:06 . 2013-06-12 14:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-12 14:06 . 2013-06-12 14:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-12 14:06 . 2013-06-12 14:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-12 14:06 . 2013-06-12 14:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-12 14:06 . 2013-06-12 14:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-12 14:06 . 2013-06-12 14:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-12 14:06 . 2013-06-12 14:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-12 14:06 . 2013-06-12 14:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-12 14:06 . 2013-06-12 14:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-12 14:06 . 2013-06-12 14:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-12 14:06 . 2013-06-12 14:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 14:06 . 2013-06-12 14:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-06-12 14:06 . 2013-06-12 14:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-12 14:06 . 2013-06-12 14:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-12 14:06 . 2013-06-12 14:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-12 14:06 . 2013-06-12 14:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-12 14:06 . 2013-06-12 14:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-12 14:06 . 2013-06-12 14:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-12 14:06 . 2013-06-12 14:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-12 14:06 . 2013-06-12 14:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-12 14:06 . 2013-06-12 14:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-12 14:06 . 2013-06-12 14:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-12 14:06 . 2013-06-12 14:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-12 14:06 . 2013-06-12 14:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-12 14:06 . 2013-06-12 14:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-12 14:06 . 2013-06-12 14:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 14:06 . 2013-06-12 14:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-12 14:06 . 2013-06-12 14:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-12 14:06 . 2013-06-12 14:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-12 14:06 . 2013-06-12 14:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 14:06 . 2013-06-12 14:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-12 14:06 . 2013-06-12 14:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 14:06 . 2013-06-12 14:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-03 15:16 . 2011-07-24 21:57 75898224 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2011-07-24 21:13 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office14\GROOVEMN.EXE" [2011-02-11 944520]
"005A4CA47FF622BB748CFF6D59FD53638461CEA4._service_run"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"GoogleChromeAutoLaunch_A88CF196930C464BA422087DBFD40196"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"ChromeFrameHelper"="c:\users\mathewt1\AppData\Local\Google\Chrome\Application\28.0.1500.72\chrome_frame_helper.exe" [2013-07-12 82896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\mathewt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\mathewt1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2012-9-20 30785672]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2012-10-12 2050224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SnagIt 8.lnk - c:\program files (x86)\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dsiasrv;DSM CM Inventory Agent;c:\program files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe;c:\program files (x86)\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
R3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);c:\windows\system32\drivers\d557bus.sys;c:\windows\SYSNATIVE\drivers\d557bus.sys [x]
R3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);c:\windows\system32\drivers\d557mgmt.sys;c:\windows\SYSNATIVE\drivers\d557mgmt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys;c:\windows\SYSNATIVE\drivers\hppdfaxio.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterdl.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl.sys [x]
R3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\drivers\qcfilterdl2k.sys;c:\windows\SYSNATIVE\drivers\qcfilterdl2k.sys [x]
R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserdl.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl.sys [x]
R3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\drivers\qcusbserdl2k.sys;c:\windows\SYSNATIVE\drivers\qcusbserdl2k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys;c:\windows\SYSNATIVE\drivers\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
R3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\drivers\snxppamd.sys;c:\windows\SYSNATIVE\drivers\snxppamd.sys [x]
R3 SNXPSAMD;SUNIX Serial Port Driver;c:\windows\system32\drivers\snxpsamd.sys;c:\windows\SYSNATIVE\drivers\snxpsamd.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 HBG_DDNA;HBGary ActiveDefense Agent;c:\windows\HBGDDNA\ddna.exe;c:\windows\HBGDDNA\ddna.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 05:47]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 05:47]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580Core.job
- c:\users\mathewt1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 16:02]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213323324-3724858365-2759078338-2174580UA.job
- c:\users\mathewt1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 16:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\mathewt1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 20:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-02-11 375808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-11 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-05-14 3121440]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-05-14 5236512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.136.3.30 192.168.100.79 93.91.200.200
TCP: Interfaces\{8538B979-D47D-4411-9C61-D82B5CF267CC}: NameServer = 192.168.212.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{DFE19F23-4372-39FE-7787-5398FCAB3637} - c:\progra~3\INSTAL~1\{D46E3~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ib\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€J*ÑøÕL*-éP?ä/§e]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€J*ÑøÕL*-éP?ä/§e\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*ib]
"0"=hex:4a,3a,5c,48,44,5c,54,68,65,20,44,61,72,6a,65,65,6c,69,6e,67,20,4c,69,
   6d,69,74,65,64,5c,74,39,5c,53,42,5c,6e,6b,73,5c,32,30,30,39,5f,31,32,5f,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1213323324-3724858365-2759078338-2174580\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**€J*ÑøÕL*-éP?ä/§e]
"0"=hex:45,3a,5c,56,69,64,65,6f,73,5c,46,75,6e,20,63,6c,69,70,73,5c,48,75,6d,
   6f,75,72,5c,43,6c,69,70,73,5c,50,6f,6c,69,63,65,5f,44,65,70,74,5f,56,6f,69,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\CCM\CcmExec.exe
c:\program files (x86)\Connectify\ConnectifyNetServices.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\CCM\SMSCliUI.exe
.
**************************************************************************
.
Completion time: 2013-07-30  14:00:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-30 11:00
ComboFix2.txt  2013-07-28 08:36
.
Pre-Run: 41,270,648,832 bytes free
Post-Run: 41,208,393,728 bytes free
.
- - End Of File - - F5D123CF5B57360ED1B4A0A3020C61B4
D41D8CD98F00B204E9800998ECF8427E
 

==============================================================

 

Thanks & Regards,

Ynotmat



#13 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 30 July 2013 - 02:48 PM

Hi ynotmat :)

Good job

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
NextPlease download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=============================== Next =======================================



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    Please let me know how your machine is running and if there are any outstanding issues


    On your next reply please post :
  • MBAM log
  • Eset report

  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#14 ynotmat

ynotmat
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 02 August 2013 - 01:25 AM

Hi Robybel,

 

Sorry for the delay.. Work!!!

 

Done all the steps above. but a log for Eset Online scanner was not genereated.

 

here is the MBAM Log;

===========================================================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.31.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
mathewt1 :: 246QJ4J [administrator]
 
31/07/2013 08:11:44
mbam-log-2013-07-31 (08-11-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261201
Time elapsed: 7 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

=====================================================

 

the detection still persists though. :-(

 

 

regards,

ynotmat.



#15 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 04 August 2013 - 01:35 AM

Hi ynotmat

Ok Try the follow


AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • AdwCleaner[S1].txt
  • JRT.txt
  • All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users