Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible ZeroAccess, elevated help suggested from am i infected section


  • This topic is locked This topic is locked
7 replies to this topic

#1 schwantizzmo

schwantizzmo

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 16 June 2014 - 04:08 PM

this was the other thread http://www.bleepingcomputer.com/forums/t/537927/windows-login-screen-flashing/

 

possible ZeroAccess rootkit, dds logs attached

 

thanks!

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 17 June 2014 - 05:04 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 17 June 2014 - 07:38 AM

Hi Marius, thanks for assisting!

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-17 07:26:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465.76GB
Running: f7wk3xjd.exe; Driver: C:\Users\TIMSCH~1.AUT\AppData\Local\Temp\pwryrfoc.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3240]                                                                                                                                                          00000000772a2e65
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3284]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3288]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3292]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3296]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3300]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3304]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3308]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3312]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3316]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3320]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3324]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3328]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3332]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3336]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3340]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3344]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3348]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3352]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3644]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3648]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3652]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3656]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3660]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3664]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3976]                                                                                                                                                          0000000008fb7806
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3984]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3988]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3992]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3996]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4000]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4008]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3400]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3636]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:3640]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4128]                                                                                                                                                          00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4164]                                                                                                                                                          0000000009791c2f
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4172]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4176]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4180]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4184]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4188]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4192]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4212]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4224]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4232]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:4240]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:7296]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:9104]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:9488]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:6964]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:10216]                                                                                                                                                         00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:8324]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:9588]                                                                                                                                                          00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3120:1644]                                                                                                                                                          00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3252]                                                                                                                                                             00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3256]                                                                                                                                                             00000000756d7587
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3568]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3596]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3600]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3604]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3608]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3612]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3616]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3620]                                                                                                                                                             00000000772a2e65
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3624]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3628]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3632]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3884]                                                                                                                                                             0000000073286a0f
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3888]                                                                                                                                                             00000000733005e5
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3892]                                                                                                                                                             00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:3008]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:1556]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:4100]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:4104]                                                                                                                                                             00000000746429e1
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:760]                                                                                                                                                              00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:1464]                                                                                                                                                             00000000772a3e85
Thread   C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [3232:9496]                                                                                                                                                             00000000772a3e85
Thread   C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE [6428:6960]                                                                                                                                                                      000007fefb522bf8
Thread   C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe [5752:4528]                                                                                                                                       000000000f230dc7
Thread   C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe [5752:352]                                                                                                                                        000000000f2e36af
Thread   C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe [5752:8876]                                                                                                                                       00000000772a2e65
---- Processes - GMER 2.1 ----

Process  C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Google\Google Talk\googletalk.exe (*** suspicious ***) @ C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Google\Google Talk\googletalk.exe [2976] (Google Talk/Google)(2007-01-01 21:22:02)  0000000000400000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [4512]                                                                                        000007fee87e0000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [4512]                                                                                       000007feec460000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [4512]                                                                                   000007fee0a30000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\MSOIDCLIL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\lync.exe [4512]                                                                                  000007fedd870000
Library  C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\Dropbox.exe [6220](2014-01-03 01:09:26)                                      00000000041a0000
Library  c:\users\timsch~1.aut\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpydaqdb.dll (*** suspicious ***) @ C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\Dropbox.exe [6220](2014-06-17 02:40:27)    00000000055d0000
Library  C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\Dropbox.exe [6220](2013-08-23 19:01:44)                                            000000005c200000
Library  C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\Dropbox.exe [6220] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)              000000005b870000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                                     000007fee87e0000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                                    000007feec460000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                                000007fee0a30000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                                  000007fedba90000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\1033\OSFINTL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                            000007fedb960000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\MSOIDCLIL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [3856]                                                                               000007fedd870000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe [5468]                                                                                      000007fee87e0000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe [5468]                                                                                 000007fee0a30000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe [5468]                                                                                     000007feec460000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [7952]                                                                                     000007fee87e0000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [7952]                                                                                  000007fedba90000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [7952]                                                                                    000007feec460000
Library  C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [7952]                                                                                000007fee0a30000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3A8BDFC3-773F-4513-AE0B-5F26E91F7509}\Connection@Name                                                                                                      Reusable ISATAP Interface {3A8BDFC3-773F-4513-AE0B-5F26E91F7509}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                                                         \Device\{F99EAD78-D7BC-4F6F-B330-E8B291EC0B65}?\Device\{FDABDF02-55A6-4BFE-A216-58F263A9843B}?\Device\{9D88070D-5331-4540-AE20-921FC09EFB6F}?\Device\{7D9AEEF6-5C82-4749-AAC2-35646F6A079B}?\Device\{7534AA1B-C04D-48C7-9937-72FEAA88FBF7}?\Device\{A9277882-F64E-438C-99CD-9B948E6421DD}?\Device\{5F481CD4-FC3C-4EDD-9DE2-B61BE6774470}?\Device\{AAB1289C-060C-4EC5-9FB5-37C9838F16C7}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                                                        "{F99EAD78-D7BC-4F6F-B330-E8B291EC0B65}"?"{FDABDF02-55A6-4BFE-A216-58F263A9843B}"?"{9D88070D-5331-4540-AE20-921FC09EFB6F}"?"{7D9AEEF6-5C82-4749-AAC2-35646F6A079B}"?"{7534AA1B-C04D-48C7-9937-72FEAA88FBF7}"?"{A9277882-F64E-438C-99CD-9B948E6421DD}"?"{5F481CD4-FC3C-4EDD-9DE2-B61BE6774470}"?"{AAB1289C-060C-4EC5-9FB5-37C9838F16C7}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                                                       \Device\TCPIP6TUNNEL_{F99EAD78-D7BC-4F6F-B330-E8B291EC0B65}?\Device\TCPIP6TUNNEL_{FDABDF02-55A6-4BFE-A216-58F263A9843B}?\Device\TCPIP6TUNNEL_{9D88070D-5331-4540-AE20-921FC09EFB6F}?\Device\TCPIP6TUNNEL_{7D9AEEF6-5C82-4749-AAC2-35646F6A079B}?\Device\TCPIP6TUNNEL_{7534AA1B-C04D-48C7-9937-72FEAA88FBF7}?\Device\TCPIP6TUNNEL_{A9277882-F64E-438C-99CD-9B948E6421DD}?\Device\TCPIP6TUNNEL_{5F481CD4-FC3C-4EDD-9DE2-B61BE6774470}?\Device\TCPIP6TUNNEL_{AAB1289C-060C-4EC5-9FB5-37C9838F16C7}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3A8BDFC3-773F-4513-AE0B-5F26E91F7509}@InterfaceName                                                                                                                           Reusable ISATAP Interface {3A8BDFC3-773F-4513-AE0B-5F26E91F7509}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3A8BDFC3-773F-4513-AE0B-5F26E91F7509}@ReusableType                                                                                                                            1
Reg      HKLM\SYSTEM\RN6\v2.0                                                                                                                                                                                                                             
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xC0 0x9F 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xC0 0x9F 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xB2 0x78 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xC0 0x9F 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xEA 0x14 0xE1 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xEA 0x14 0xE1 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\tÀ                                                                                                                                                                                                                0xF7 0x20 0x89 0x56 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xEA 0x14 0xE1 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xEA 0x14 0xE1 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xC0 0x9F 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xCE 0xC6 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xC0 0x9F 0xE0 0xB6 ...
Reg      HKLM\SYSTEM\RN6\v2.0\                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\RN6\v2.0\@þÿ\0\0ÿÿ\20À                                                                                                                                                                                                               0xDC 0xED 0xE0 0xB6 ...

---- EOF - GMER 2.1 ----
 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 17 June 2014 - 09:24 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 17 June 2014 - 10:29 AM

My domain privileges won't allow me to shut Forefront off can i run combofix in safe mode and/or is it safe to run while Forefront is running?



#6 schwantizzmo

schwantizzmo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 17 June 2014 - 09:12 PM

disregard my previous post, i ran it w/ Forefront still active...

 

ComboFix 14-06-16.01 - TimSchwantes 06/17/2014  20:28:20.5.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8182.2729 [GMT -5:00]
Running from: c:\users\timschwantes.AUTOLOGICCO\Desktop\ComboFix.exe
Command switches used :: /killall
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-18 to 2014-06-18  )))))))))))))))))))))))))))))))
.
.
2014-06-18 01:45 . 2014-06-18 01:45    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-18 01:45 . 2014-06-18 01:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-18 01:45 . 2014-06-18 01:45    --------    d-----w-    c:\users\timschwantes\AppData\Local\temp
2014-06-18 01:45 . 2014-06-18 01:45    --------    d-----w-    c:\users\Bob\AppData\Local\temp
2014-06-17 18:50 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642A3E02-077F-457C-B168-CC0BCB57B812}\mpengine.dll
2014-06-16 20:38 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 22:45 . 2014-05-03 01:32    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4C1CCCD-80A6-49F8-A620-CCEEAE570AC0}\gapaengine.dll
2014-06-13 08:17 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-13 08:17 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-13 08:16 . 2014-04-05 02:47    288192    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-13 08:16 . 2014-04-05 02:47    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-06-13 08:16 . 2014-03-26 14:44    2002432    ----a-w-    c:\windows\system32\msxml6.dll
2014-06-13 08:16 . 2014-03-26 14:44    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-06-13 08:16 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2014-06-13 08:16 . 2014-03-26 14:41    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-06-13 08:16 . 2014-03-26 14:27    1389056    ----a-w-    c:\windows\SysWow64\msxml6.dll
2014-06-13 08:16 . 2014-03-26 14:27    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-06-13 08:16 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2014-06-13 08:16 . 2014-03-26 14:25    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-06-13 08:15 . 2014-05-08 09:32    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-13 08:15 . 2014-05-08 09:32    3178496    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-06-13 08:11 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-13 08:11 . 2014-06-08 09:08    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-09 13:08 . 2014-06-13 12:07    848080    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-09 13:02 . 2014-06-14 05:00    --------    d-----w-    c:\program files\Microsoft Office 15
2014-06-04 02:36 . 2014-06-04 12:57    --------    d-----w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Local\Adobe
2014-06-03 20:54 . 2014-06-03 20:54    --------    d-----w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\ScreenRecorder
2014-06-03 20:51 . 2014-06-03 20:51    --------    d-----w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\VideoCapture
2014-06-03 20:49 . 2014-06-03 20:49    --------    d-----w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\VideoEditor
2014-05-29 12:02 . 2014-05-29 12:02    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-05-22 22:03 . 2014-05-22 22:01    7486    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\DADSupport.bat
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 17:01 . 2014-04-04 13:27    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-16 17:00 . 2014-04-04 13:26    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-13 08:19 . 2011-04-08 16:07    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-06-13 08:10 . 2012-08-24 14:11    2549760    ----a-w-    c:\windows\SysWow64\propshts.dll
2014-06-13 08:09 . 2012-08-24 14:11    4341760    ----a-w-    c:\windows\SysWow64\gppref.dll
2014-06-13 08:09 . 2012-08-24 14:10    3789312    ----a-w-    c:\windows\system32\propshts.dll
2014-06-13 08:09 . 2012-08-24 14:10    4887552    ----a-w-    c:\windows\system32\gppref.dll
2014-06-04 02:32 . 2012-09-18 03:26    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-04 02:32 . 2012-09-18 03:26    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 12:12 . 2014-05-15 12:12    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-05-15 12:11 . 2014-05-15 12:11    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-05-15 12:11 . 2014-05-15 12:11    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-05-15 12:11 . 2014-05-15 12:11    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-05-15 12:11 . 2014-05-15 12:11    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-05-15 12:11 . 2014-05-15 12:11    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-05-15 12:11 . 2014-05-15 12:11    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-05-15 12:11 . 2014-05-15 12:11    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-05-15 12:11 . 2014-05-15 12:11    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-05-15 12:11 . 2014-05-15 12:11    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-05-15 12:11 . 2014-05-15 12:11    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-05-15 12:11 . 2014-05-15 12:11    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-05-15 12:11 . 2014-05-15 12:11    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-05-15 12:11 . 2014-05-15 12:11    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-05-15 12:11 . 2014-05-15 12:11    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-05-15 12:11 . 2014-05-15 12:11    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-05-15 12:11 . 2014-05-15 12:11    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-05-15 12:11 . 2014-05-15 12:11    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-05-15 12:11 . 2014-05-15 12:11    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-05-15 12:11 . 2014-05-15 12:11    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-05-15 12:11 . 2014-05-15 12:11    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-05-15 12:11 . 2014-05-15 12:11    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-05-15 12:11 . 2014-05-15 12:11    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-05-15 12:11 . 2014-05-15 12:11    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-05-15 12:11 . 2014-05-15 12:11    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-05-15 12:11 . 2014-05-15 12:11    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-05-15 12:11 . 2014-05-15 12:11    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-05-15 12:11 . 2014-05-15 12:11    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-05-15 12:11 . 2014-05-15 12:11    413696    ----a-w-    c:\windows\system32\html.iec
2014-05-15 12:11 . 2014-05-15 12:11    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-05-15 12:11 . 2014-05-15 12:11    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-05-15 12:11 . 2014-05-15 12:11    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-05-15 12:11 . 2014-05-15 12:11    235520    ----a-w-    c:\windows\system32\url.dll
2014-05-15 12:11 . 2014-05-15 12:11    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-05-15 12:11 . 2014-05-15 12:11    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-05-15 12:11 . 2014-05-15 12:11    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-05-15 12:11 . 2014-05-15 12:11    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-05-15 12:11 . 2014-05-15 12:11    147968    ----a-w-    c:\windows\system32\occache.dll
2014-05-15 12:11 . 2014-05-15 12:11    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-05-15 12:11 . 2014-05-15 12:11    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-05-15 12:11 . 2014-05-15 12:11    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-05-15 12:11 . 2014-05-15 12:11    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-05-15 12:11 . 2014-05-15 12:11    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-05-15 12:11 . 2014-05-15 12:11    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-05-15 01:31 . 2011-05-13 16:19    3642784    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-05-12 12:26 . 2014-04-04 13:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-12 12:25 . 2014-04-04 13:26    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-03 01:32 . 2012-12-02 16:30    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-02 02:37 . 2009-07-14 00:00    116736    ----a-w-    c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-04-15 01:13 . 2014-04-23 15:01    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-15 01:20    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-15 01:20    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-15 01:20    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 01:20    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 01:20    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 01:20    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 01:20    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 01:20    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 01:20    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-03-25 02:43 . 2014-05-15 01:25    14175744    ----a-w-    c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-13 12:09    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-13 12:09    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-13 12:09    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 911040]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-10 6564120]
"Dashlane"="c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dashlane\Dashlane.exe" [2014-05-27 219832]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Spotify Web Helper"="c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-12 1171000]
"Lync"="c:\program files\Microsoft Office 15\root\office15\lync.exe" [2014-06-13 22598304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"lxdqmon.exe"="c:\program files (x86) (x86)\Lexmark Z2400 Series\lxdqmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files (x86) (x86)\Lexmark Z2400 Series\ezprint.exe" [2010-02-04 107176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-14 2904984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-6-9 222896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys;c:\windows\SYSNATIVE\Drivers\SWIPsec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 honeywell_cdc;honeywell_cdc;c:\windows\system32\DRIVERS\honeywell_cdc_21617.sys;c:\windows\SYSNATIVE\DRIVERS\honeywell_cdc_21617.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA64.sys;c:\windows\SYSNATIVE\Drivers\L6TPortA64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MONEYPENNY;Service for M-Audio Fast Track C400;c:\windows\system32\DRIVERS\MAudioFastTrackC400.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackC400.sys [x]
R3 MONEYPENNYDFU;Service for M-Audio Fast Track C400 DFU;c:\windows\system32\DRIVERS\MAudioFastTrackC400_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackC400_DFU.sys [x]
R3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Pg4uUSB;BK PRECISION driver;c:\windows\system32\DRIVERS\pg4uusb.sys;c:\windows\SYSNATIVE\DRIVERS\pg4uusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PORTMON;PORTMON;c:\source(vss)\PortMon\PORTMSYS.SYS;c:\source(vss)\PortMon\PORTMSYS.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
R3 silabenm;OTC Ready Scan Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;OTC Ready Scan Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
R4 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe;c:\program files (x86)\Fitbit\fitbit.exe [x]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdfltn.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 DVMIO;DVMIO;d:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys;d:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 hhdserhelp;HHD Software Serial Monitoring Helper Driver;c:\windows\system32\drivers\hhdserhelp.sys;c:\windows\SYSNATIVE\drivers\hhdserhelp.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intelliservice;Intelliservice;c:\program files (x86)\Melloware\Intelliremote\Intelliservice.exe;c:\program files (x86)\Melloware\Intelliremote\Intelliservice.exe [x]
S2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe;c:\windows\SYSNATIVE\lxdqcoms.exe [x]
S2 MsDtsServer;SQL Server Integration Services;c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe;c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 pardrv;pardrv; [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 hhdserial64;HHD Software Serial Monitoring Filter Driver;c:\windows\system32\DRIVERS\hhdserial64.sys;c:\windows\SYSNATIVE\DRIVERS\hhdserial64.sys [x]
S3 honeywell_enum;honeywell_enum;c:\windows\system32\DRIVERS\honeywell_enum_21617.sys;c:\windows\SYSNATIVE\DRIVERS\honeywell_enum_21617.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LexPrintListener    REG_MULTI_SZ       LexPrintListener
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-18 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1900610753-886232402-1764533468-1141.job
- c:\users\timschwantes.AUTOLOGICCO\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-11 16:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-13 12:09    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-13 12:09    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-13 12:09    2335960    ----a-w-    c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:17    138608    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
@="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
[HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
2011-08-18 08:45    292144    ----a-w-    c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
@="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
[HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
2011-08-18 08:45    292144    ----a-w-    c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
@="{FF529703-3398-4c98-B88D-13F784CB10A2}"
[HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
2011-08-18 08:45    292144    ----a-w-    c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
@="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
[HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
2011-08-18 08:45    292144    ----a-w-    c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
@="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
[HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
2011-08-18 08:45    292144    ----a-w-    c:\program files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:17    138608    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://applustechcom.sharepoint.com/sites/TechServ/Lists/Technical%20Services%20Calendar/calendar.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: line6.net
Trusted Zone: sharepoint.com\applustechcom
Trusted Zone: sharepoint.com\applustechcom-admin
Trusted Zone: sharepoint.com\applustechcom-my
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://172.21.20.94/activex/AMC.cab
FF - ProfilePath - c:\users\timschwantes.AUTOLOGICCO\AppData\Roaming\Mozilla\Firefox\Profiles\c2195yrr.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.lordofultima.com/home|http://www.organicprairie.com/product/organic_bone-in_skin-on_turkey_breast/organic_turkey|http://prod.lordofultima.com/en/wiki/view/bossraids|http://www.elementool.com/index.html|https://na15.salesforce.com/00Q?fcf=00Bi0000004MV80|http://www.bestbuy.com/site/searchpage.jsp?_dyncharset=ISO-8859-1&_dynSessConf=9046392271175303869&id=pcat17071&type=page&st=wii+u&sc=Global&cp=1&nrp=15&sp=&qp=&list=n&iht=y&fs=saas&usc=All+Categories&keys=keys&ks=960&saas=saas|http://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Daps&field-keywords=monster+hunter+wii+u&rh=i%3Aaps%2Ck%3Amonster+hunter+wii+u|https://www.google.com/search?q=wifi+regulator&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#q=wifi+pressure+regulator&rls=org.mozilla:en-US%3Aofficial|https://support.mozilla.org/en-US/kb/warning-unresponsive-script|http://www.tripadvisor.com/Hotel_Review-g32655-d82150-Reviews-Courtyard_Los_Angeles_Sherman_Oaks-Los_Angeles_California.html|http://us-dc1-edit.store.yahoo.com/RT/MGR.yhst-135852447451334/8635cc05e474/ClfEUAAF|http://batchgeo.com/map/e641b07a71bcc066571f69ced40f12f7|http://kotaku.com/the-wii-u-bundles-of-black-friday-1473267440
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-06-17  20:59:31 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-18 01:59
ComboFix2.txt  2014-05-14 12:35
ComboFix3.txt  2013-09-25 15:25
ComboFix4.txt  2012-08-18 03:47
.
Pre-Run: 177,202,757,632 bytes free
Post-Run: 178,959,761,408 bytes free
.
- - End Of File - - FF7ECDA4386867C450252108A553CB38
 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 18 June 2014 - 03:57 AM

As this is an enterprise machine, we aren´t allowed to provide further assistance. This issue should be fixed by your company´s IT department.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 03 July 2014 - 04:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users