ComboFix 13-08-13.02 - matthew204 14/08/2013 0:13.3.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.6036.4505 [GMT 2:00] Running from: c:\users\matthew204\Downloads\Download\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . . ((((((((((((((((((((((((( Files Created from 2013-07-13 to 2013-08-13 ))))))))))))))))))))))))))))))) . . 2013-08-13 22:19 . 2013-08-13 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-13 21:44 . 2013-08-13 21:50 -------- d-----w- c:\windows\system32\catroot2 2013-08-12 15:21 . 2013-08-12 15:21 -------- d-----w- c:\users\matthew204\AppData\Roaming\ParetoLogic 2013-08-12 15:21 . 2013-08-12 15:21 -------- d-----w- c:\users\matthew204\AppData\Roaming\DriverCure 2013-08-12 15:21 . 2013-08-12 16:03 -------- d-----w- c:\programdata\ParetoLogic 2013-08-11 18:07 . 2013-08-11 18:07 -------- d-----w- c:\users\matthew204\AppData\Local\Avg2013 2013-08-11 16:38 . 2013-08-11 16:38 -------- d-----w- c:\users\matthew204\AppData\Roaming\AVG 2013-08-11 16:37 . 2013-08-11 16:38 -------- d-----w- c:\programdata\AVG 2013-08-11 16:36 . 2013-08-11 16:36 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-08-11 15:06 . 2013-08-11 15:06 -------- d-----w- c:\users\matthew204\AppData\Roaming\TuneUp Software 2013-08-11 15:03 . 2013-08-11 15:03 -------- d--h--w- c:\programdata\Common Files 2013-08-11 15:03 . 2013-08-11 18:07 -------- d-----w- c:\programdata\MFAData 2013-08-11 15:03 . 2013-08-11 15:03 -------- d-----w- c:\users\matthew204\AppData\Local\MFAData 2013-08-11 10:35 . 2013-08-11 10:35 -------- d-----w- C:\TDSSKiller_Quarantine 2013-08-11 10:15 . 2013-08-11 10:15 -------- d-----w- c:\windows\ERUNT 2013-08-10 22:57 . 2013-08-10 22:57 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-08-10 21:50 . 2013-08-12 20:58 -------- d-----w- c:\users\matthew204\AppData\Local\CrashDumps 2013-08-10 20:41 . 2013-08-11 09:04 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-08-10 20:41 . 2013-08-10 20:41 -------- d-----w- c:\program files\Symantec 2013-08-10 20:41 . 2013-08-10 20:41 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-08-10 20:40 . 2013-08-11 10:37 -------- d-----w- c:\windows\system32\drivers\NISx64 2013-08-10 20:40 . 2013-08-10 20:40 -------- d-----w- c:\program files (x86)\Norton Internet Security 2013-08-10 20:39 . 2013-08-10 20:39 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-08-10 18:28 . 2013-08-10 18:28 -------- d-----w- c:\programdata\CDB 2013-08-10 17:21 . 2013-08-11 18:10 -------- d-----w- c:\program files (x86)\Bit Coin Miner Removal Tool 2013-08-10 17:21 . 2012-12-10 09:04 81920 ----a-w- c:\windows\eSellerateControl350.dll 2013-08-10 17:21 . 2012-12-10 09:04 356352 ----a-w- c:\windows\eSellerateEngine.dll 2013-08-10 17:21 . 2009-07-23 16:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll 2013-08-10 17:21 . 2009-07-23 16:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll 2013-08-10 16:18 . 2013-08-12 21:00 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-08-10 16:08 . 2013-08-10 16:08 -------- d-----w- C:\RegBackup 2013-08-09 22:01 . 2013-08-12 21:04 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-08-09 21:51 . 2013-08-09 21:51 -------- d-----w- c:\program files\CCleaner 2013-08-09 20:43 . 2013-08-09 20:43 -------- d-----w- c:\program files (x86)\Tweaking.com 2013-08-09 19:27 . 2013-08-09 19:27 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin 2013-08-09 16:34 . 2013-08-09 16:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-08-09 16:24 . 2013-08-09 16:24 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-08-09 16:24 . 2013-08-09 16:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-09 14:34 . 2013-08-09 14:38 -------- d-----w- c:\users\Guest 2013-08-09 13:55 . 2013-08-12 17:49 -------- d-----w- c:\users\matthew204\AppData\Roaming\Skype 2013-08-09 13:55 . 2013-08-09 13:55 -------- d-----r- c:\program files (x86)\Skype 2013-08-09 13:55 . 2013-08-09 13:55 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-08-09 13:55 . 2013-08-09 13:55 -------- d-----w- c:\programdata\Skype 2013-08-09 13:26 . 2013-08-09 13:26 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-08-08 10:18 . 2013-08-08 10:18 -------- d-----w- c:\program files\Bitdefender 2013-08-08 09:16 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-08 09:15 . 2013-08-09 14:23 -------- d-----w- c:\program files\AVAST Software 2013-08-08 09:12 . 2013-08-10 20:51 -------- d-----w- c:\programdata\AVAST Software 2013-08-06 16:35 . 2013-08-06 16:35 -------- d-----w- c:\users\matthew204\AppData\Local\SkypeWebPlugin 2013-07-16 20:45 . 2013-06-01 09:25 67584 ----a-w- c:\windows\SysWow64\samlib.dll 2013-07-16 20:45 . 2013-06-01 09:22 190976 ----a-w- c:\windows\system32\vdsutil.dll 2013-07-16 20:45 . 2013-06-01 03:08 37632 ------w- c:\windows\system32\drivers\BthAvrcpTg.sys 2013-07-16 20:45 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-07-15 16:25 . 2013-07-15 16:27 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-09 16:24 . 2013-01-13 11:59 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-09 16:24 . 2013-01-13 11:59 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-23 22:57 . 2012-12-28 10:11 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-11 23:43 . 2013-07-10 21:27 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-10 21:27 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:26 . 2013-07-10 21:27 51712 ------w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-10 21:27 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-10 21:27 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-10 21:27 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-10 21:27 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-10 21:27 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-10 21:27 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-10 21:27 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 23:25 . 2013-07-10 21:27 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-04 15:26 . 2013-06-04 15:27 598780 ----a-w- c:\windows\system32\igvpkrng700.bin 2013-06-04 15:26 . 2013-06-04 15:27 276288 ------w- c:\windows\SysWow64\IntelCpHeciSvc.exe 2013-06-04 15:26 . 2013-06-04 15:27 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll 2013-06-04 15:26 . 2013-06-04 15:27 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll 2013-06-04 15:26 . 2013-06-04 15:27 116224 ----a-w- c:\windows\system32\igfxCoIn_v2857.dll 2013-06-04 15:26 . 2013-06-04 15:27 509248 ----a-w- c:\windows\system32\igfxsrvc.exe 2013-06-04 15:26 . 2013-06-04 15:27 439296 ----a-w- c:\windows\system32\igfxrrus.lrc 2013-06-04 15:26 . 2013-06-04 15:27 439296 ----a-w- c:\windows\system32\igfxrrom.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrsky.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrptg.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437760 ----a-w- c:\windows\system32\igfxrsve.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437760 ----a-w- c:\windows\system32\igfxrslv.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437760 ----a-w- c:\windows\system32\igfxrptb.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437248 ----a-w- c:\windows\system32\igfxrtha.lrc 2013-06-04 15:26 . 2013-06-04 15:27 410624 ------w- c:\windows\system32\igfxTMM.dll 2013-06-04 15:26 . 2013-06-04 15:27 170304 ------w- c:\windows\system32\igfxtray.exe 2013-06-04 15:26 . 2012-08-08 05:18 63488 ------w- c:\windows\system32\igfxsrvc.dll 2013-06-04 15:26 . 2013-06-04 15:27 9007616 ------w- c:\windows\system32\igfxress.dll 2013-06-04 15:26 . 2013-06-04 15:27 440320 ----a-w- c:\windows\system32\igfxrell.lrc 2013-06-04 15:26 . 2013-06-04 15:27 439808 ----a-w- c:\windows\system32\igfxrfra.lrc 2013-06-04 15:26 . 2013-06-04 15:27 439808 ----a-w- c:\windows\system32\igfxresn.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrplk.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrnld.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrita.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438272 ----a-w- c:\windows\system32\igfxrhun.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438272 ----a-w- c:\windows\system32\igfxrfin.lrc 2013-06-04 15:26 . 2013-06-04 15:27 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437760 ----a-w- c:\windows\system32\igfxrnor.lrc 2013-06-04 15:26 . 2013-06-04 15:27 437248 ----a-w- c:\windows\system32\igfxrdan.lrc 2013-06-04 15:26 . 2013-06-04 15:27 435712 ----a-w- c:\windows\system32\igfxrheb.lrc 2013-06-04 15:26 . 2013-06-04 15:27 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc 2013-06-04 15:26 . 2013-06-04 15:27 431104 ----a-w- c:\windows\system32\igfxrkor.lrc 2013-06-04 15:26 . 2013-06-04 15:27 286208 ------w- c:\windows\system32\igfxrenu.lrc 2013-06-04 15:26 . 2013-06-04 15:27 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2013-06-04 15:26 . 2013-06-04 15:27 441856 ------w- c:\windows\system32\igfxdev.dll 2013-06-04 15:26 . 2013-06-04 15:27 441152 ------w- c:\windows\system32\igfxpers.exe 2013-06-04 15:26 . 2013-06-04 15:27 435712 ----a-w- c:\windows\system32\igfxrara.lrc 2013-06-04 15:26 . 2013-06-04 15:27 429056 ----a-w- c:\windows\system32\igfxrcht.lrc 2013-06-04 15:26 . 2013-06-04 15:27 428544 ----a-w- c:\windows\system32\igfxrchs.lrc 2013-06-04 15:26 . 2013-06-04 15:27 386048 ------w- c:\windows\system32\igfxpph.dll 2013-06-04 15:26 . 2013-06-04 15:27 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2013-06-04 15:26 . 2013-06-04 15:27 28672 ----a-w- c:\windows\system32\igfxexps.dll 2013-06-04 15:26 . 2013-06-04 15:27 251712 ----a-w- c:\windows\system32\igfxext.exe 2013-06-04 15:26 . 2013-06-04 15:27 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2013-06-04 15:26 . 2013-06-04 15:27 142336 ------w- c:\windows\system32\igfxdo.dll 2013-06-04 15:26 . 2013-06-04 15:27 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2013-06-04 15:26 . 2012-08-08 05:17 12604928 ----a-w- c:\windows\system32\igdumd64.dll 2013-06-04 15:26 . 2013-06-04 15:27 11040256 ------w- c:\windows\SysWow64\igdumd32.dll 2013-06-04 15:26 . 2013-06-04 15:27 5338848 ------w- c:\windows\system32\drivers\igdkmd64.sys 2013-06-04 15:26 . 2013-06-04 15:27 27664896 ----a-w- c:\windows\system32\igdrcl64.dll 2013-06-04 15:26 . 2013-06-04 15:27 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll 2013-06-04 15:26 . 2013-06-04 15:27 27435520 ----a-w- c:\windows\system32\igdfcl64.dll 2013-06-04 15:26 . 2013-06-04 15:27 21816320 ----a-w- c:\windows\SysWow64\igdfcl32.dll 2013-06-04 15:26 . 2013-06-04 15:27 80384 ----a-w- c:\windows\system32\igdde64.dll 2013-06-04 15:26 . 2013-06-04 15:27 64512 ----a-w- c:\windows\SysWow64\igdde32.dll 2013-06-04 15:26 . 2013-06-04 15:27 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin 2013-06-04 15:26 . 2013-06-04 15:27 3582976 ----a-w- c:\windows\system32\igdbcl64.dll 2013-06-04 15:26 . 2013-06-04 15:27 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll 2013-06-04 15:26 . 2013-06-04 15:27 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2013-06-04 15:26 . 2013-06-04 15:27 8577536 ----a-w- c:\windows\SysWow64\ig7icd32.dll 2013-06-04 15:26 . 2013-06-04 15:27 398656 ------w- c:\windows\system32\hkcmd.exe 2013-06-04 15:26 . 2013-06-04 15:27 11593728 ----a-w- c:\windows\system32\ig7icd64.dll 2013-06-04 15:26 . 2013-06-04 15:27 5902656 ----a-w- c:\windows\system32\GfxUI.exe 2013-06-04 15:26 . 2012-08-08 05:17 110592 ------w- c:\windows\system32\hccutils.dll 2013-06-04 15:26 . 2012-07-25 20:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll 2013-06-04 15:26 . 2013-06-04 15:27 173568 ----a-w- c:\windows\system32\gfxSrvc.dll 2013-06-04 15:26 . 2013-06-04 15:27 184640 ----a-w- c:\windows\system32\difx64.exe 2013-06-04 14:35 . 2013-06-04 14:35 650808 ------w- c:\windows\system32\drivers\iaStorA.sys 2013-06-04 14:32 . 2013-06-04 14:34 6085632 ----a-w- c:\windows\system32\stlang64.dll 2013-06-04 14:32 . 2013-06-04 14:34 1664000 ----a-w- c:\windows\sttray64.exe 2013-06-04 14:32 . 2013-06-04 14:33 542208 ------w- c:\windows\system32\drivers\stwrt64.sys 2013-06-04 14:32 . 2013-06-04 14:33 499200 ------w- c:\windows\system32\stcplx64.dll 2013-06-04 14:32 . 2013-06-04 14:33 671744 ------w- c:\windows\system32\stapi64.dll 2013-06-04 14:32 . 2013-06-04 14:33 255488 ----a-w- c:\windows\system32\st646425.dll 2013-06-04 14:32 . 2013-06-04 14:33 2188800 ------w- c:\windows\system32\stapo64.dll 2013-06-04 14:32 . 2013-06-04 14:34 426328 ------w- c:\windows\system32\EED64A.dll 2013-06-04 14:32 . 2013-06-04 14:34 3308376 ------w- c:\windows\system32\EEP64A.dll 2013-06-04 14:32 . 2013-06-04 14:34 1821184 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-06-04 14:32 . 2013-06-04 14:34 136024 ------w- c:\windows\system32\EEL64A.dll 2013-06-04 14:32 . 2013-06-04 14:34 118104 ------w- c:\windows\system32\EEA64A.dll 2013-06-01 09:25 . 2013-07-10 21:28 496640 ----a-w- c:\windows\SysWow64\qedit.dll 2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512] "Spotify Web Helper"="c:\users\matthew204\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-30 1199576] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752] "Spotify"="c:\users\matthew204\AppData\Roaming\Spotify\Spotify.exe" [2012-12-30 7880664] "Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-11-22 4760400] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-01-27 492096] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\users\matthew204\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\matthew204\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . 2;2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys [x] R2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x] R3 esihdrv;esihdrv;c:\users\MATTHE~1\AppData\Local\Temp\esihdrv.sys;c:\users\MATTHE~1\AppData\Local\Temp\esihdrv.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130810.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130810.001\IDSvia64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x] S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] apphost REG_MULTI_SZ apphostsvc iissvcs REG_MULTI_SZ w3svc was hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-30 19:34 1173456 ------w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 10:49] . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 10:49] . 2013-07-21 c:\windows\Tasks\HPCeeScheduleFormatthew204.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\matthew204\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-04 1664000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-04 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-04 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-04 441152] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run- - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe c:\users\matthew204\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-08-14 00:26:55 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-13 22:26 ComboFix2.txt 2013-08-13 22:03 ComboFix3.txt 2013-08-10 20:01 . Pre-Run: 739,280,322,560 bytes free Post-Run: 739,179,401,216 bytes free . - - End Of File - - E141E82BFCA66857B925C48C8325BD61 D41D8CD98F00B204E9800998ECF8427E