Jump to content

vfrvulcan

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by vfrvulcan

  1. Same issue here. Build 18323 Web protection off Exploit on Malware off Ransomware off V3.6.1.2711 Component 1.0.508 Update 1.0.8976 Proc mon file here: https://we.tl/t-RsOoHFxW3I Hope this helps towards a resolution
  2. As per other posts, MBAM is broken in/by Insider Build 14942. Disabling MBAM from running at startup & disabling rootkit detection allows the build update to be installed but obviously there is no protection. However, any attempt to start MBAM results in the BSOD. Website and rootkit protection are disabled as is start with windows but when I attempt to start MBAM from the icon/menu it results in the same MWAC.SYS BSOD.
  3. H Gringo, Startup entries for the first two removed, the last three are wanted. ESET found two threats, Toolbar.Ask.B/D, neither of which are installed as I meticulously make sure Java never gets to install it, or anything else for that matter! ESET Log below Thanks Aaron C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B applicationC:\Users\Aaron\Downloads\cpu-z_1.64-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.D application
  4. Hi Gringo, Thanks for sticking with it, still not seen an errant attempt since last week. Java 7 Update 45 removed Java FX2.1.1 removed Java 7 Update 45 Installed CCleaner already installed, updated and cleaned MBAM already up to date - scan completed with no detections HijackThis installed and scan run As mentioned above, no further errant attempts seen so far, machine running normally. Logs below. Best regards Aaron MBAM Log: 2013/10/24 16:59:32 +0100 LIGHTNING Aaron MESSAGE Starting database refresh2013/10/24 16:59:32 +0100 LIGHTNING Aaron MESSAGE Stopping IP protection2013/10/24 16:59:32 +0100 LIGHTNING Aaron MESSAGE IP Protection stopped successfully2013/10/24 16:59:35 +0100 LIGHTNING Aaron MESSAGE Database refreshed successfully2013/10/24 16:59:35 +0100 LIGHTNING Aaron MESSAGE Starting IP protection2013/10/24 16:59:39 +0100 LIGHTNING Aaron MESSAGE IP Protection started successfully2013/10/24 17:36:56 +0100 LIGHTNING Aaron MESSAGE Executing scheduled update: Daily2013/10/24 17:37:03 +0100 LIGHTNING Aaron MESSAGE Scheduled update executed successfully: database updated from version v2013.10.24.05 to version v2013.10.24.062013/10/24 17:37:03 +0100 LIGHTNING Aaron MESSAGE Starting database refresh2013/10/24 17:37:04 +0100 LIGHTNING Aaron MESSAGE Stopping IP protection2013/10/24 17:37:04 +0100 LIGHTNING Aaron MESSAGE IP Protection stopped successfully2013/10/24 17:37:07 +0100 LIGHTNING Aaron MESSAGE Database refreshed successfully2013/10/24 17:37:07 +0100 LIGHTNING Aaron MESSAGE Starting IP protection2013/10/24 17:37:12 +0100 LIGHTNING Aaron MESSAGE IP Protection started successfully Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:32:12, on 24/10/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16514)Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\BatteryMon\BatteryMon.exeC:\Program Files (x86)\BatteryMon\BatteryMon.exeC:\Program Files (x86)\MagicDisc\MagicDisc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [batteryMon] C:\Program Files (x86)\BatteryMon\BatteryMon.exeO4 - HKCU\..\Run: [GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178] "C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-windowO4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files (x86)\DigiGuide TV Guide\Client.exeO4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exeO4 - Global Startup: ARGUS TV Notifier.lnk = C:\Program Files (x86)\ARGUS TV\Notifier\ArgusTV.UI.Notifier.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spilling.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spilling.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spilling.localO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeO23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exeO23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Synergy - Unknown owner - C:\Program Files\Synergy\synergyd.exeO23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 8862 bytes
  5. Hi Gringo, Not trying to get to any site all, was just random blocks by MBAM, showing the process being either chrome or svchost. Not seen any attempts to get to that IP since the cleanup so I'm assuming it is either now clean or an MBAM update marked that site as OK like the issue with Steam a few days ago. I guess it's probably safe to mark this as closed now. Many thanks for your help, Aaron
  6. Hi Gringo, Two logs attached, during the first run I stupidly accepted the update to Combofix which may have prevented the script from running so did it again. No difference noted so far, no further attempt to reach the blocked IP but machine hasn't been on for long. Lookup for that IP is img.skyactivate.com - not familiar with it myself. Regards Aaron ComboFix 13-10-19.02 - Aaron 19/10/2013 17:54:35.2.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3062.1630 [GMT 1:00]Running from: c:\users\Aaron\Desktop\ComboFix.exeCommand switches used :: c:\users\Aaron\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-09-19 to 2013-10-19 )))))))))))))))))))))))))))))))..2013-10-19 17:01 . 2013-10-19 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-18 20:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D58D2EB8-B2AE-48EF-AC4E-208421B9587A}\mpengine.dll2013-10-18 10:13 . 2013-10-18 10:13 -------- d-----w- c:\windows\ERUNT2013-10-18 10:06 . 2013-10-18 10:08 -------- d-----w- C:\AdwCleaner2013-10-17 18:18 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-15 00:09 . 2013-10-15 00:09 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll2013-10-15 00:09 . 2013-10-15 00:09 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2013-10-15 00:09 . 2013-10-15 00:09 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe2013-10-15 00:09 . 2013-10-15 00:09 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-10-15 00:09 . 2013-10-15 00:09 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe2013-10-10 23:07 . 2013-10-18 03:12 -------- d-----w- c:\program files\Apoint2K2013-10-10 22:59 . 2013-10-10 22:59 -------- d-----w- c:\program files\Synaptics2013-10-10 22:40 . 2013-10-18 03:12 -------- d-----w- C:\DRIVERS2013-10-10 22:32 . 2013-10-18 03:12 -------- d-----w- c:\program files (x86)\HP2013-10-10 21:54 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-10-10 21:52 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-10-10 21:52 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-10-10 21:52 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-10-10 21:52 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-10-10 21:52 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-10-10 21:52 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-10-10 21:52 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-10-10 21:52 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 18:32 . 2013-06-12 19:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 18:32 . 2013-06-12 19:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-26 00:46 . 2012-08-04 22:22 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-08 11:24 . 2013-09-08 11:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 11:24 . 2012-08-05 22:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-08 11:24 . 2012-08-05 22:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-09-07 10:35 . 2013-09-07 10:36 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70201B46-5F8B-43E0-939D-CA50FF71F630}\gapaengine.dll2013-08-29 01:48 . 2013-10-10 21:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-22 17:19 . 2012-10-11 17:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-07-25 09:25 . 2013-08-13 21:42 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-13 21:42 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BatteryMon"="c:\program files (x86)\BatteryMon\BatteryMon.exe" [2012-06-15 1344960]"GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178"="c:\users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys [x]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe;c:\program files\Synergy\synergyd.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 18:32].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2353138542-2237130678-4057455615-1142Core1ce0ca73495b72b.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000Core.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000UA.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-30 1794344]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 241664].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.254.2TCP: Interfaces\{71152D85-98B4-4DDD-9734-F6D8D3461AAF}: NameServer = 192.168.254.1FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\rh0sjulz.default\..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-19 18:10:08ComboFix-quarantined-files.txt 2013-10-19 17:10ComboFix2.txt 2013-10-18 17:58.Pre-Run: 37,160,030,208 bytes freePost-Run: 36,838,809,600 bytes free.- - End Of File - - 46A8F2BDDA0CDB817CB17E11EE3F05C5A36C5E4F47E84449FF07ED3517B43A31 ComboFix 13-10-19.02 - Aaron 19/10/2013 19:56:15.3.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3062.1603 [GMT 1:00]Running from: c:\users\Aaron\Desktop\ComboFix.exeCommand switches used :: c:\users\Aaron\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-09-19 to 2013-10-19 )))))))))))))))))))))))))))))))..2013-10-19 19:02 . 2013-10-19 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-18 20:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D58D2EB8-B2AE-48EF-AC4E-208421B9587A}\mpengine.dll2013-10-18 10:13 . 2013-10-18 10:13 -------- d-----w- c:\windows\ERUNT2013-10-18 10:06 . 2013-10-18 10:08 -------- d-----w- C:\AdwCleaner2013-10-17 18:18 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-15 00:09 . 2013-10-15 00:09 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll2013-10-15 00:09 . 2013-10-15 00:09 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2013-10-15 00:09 . 2013-10-15 00:09 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe2013-10-15 00:09 . 2013-10-15 00:09 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-10-15 00:09 . 2013-10-15 00:09 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe2013-10-10 23:07 . 2013-10-18 03:12 -------- d-----w- c:\program files\Apoint2K2013-10-10 22:59 . 2013-10-10 22:59 -------- d-----w- c:\program files\Synaptics2013-10-10 22:40 . 2013-10-18 03:12 -------- d-----w- C:\DRIVERS2013-10-10 22:32 . 2013-10-18 03:12 -------- d-----w- c:\program files (x86)\HP2013-10-10 21:54 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-10-10 21:52 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-10-10 21:52 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-10-10 21:52 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-10-10 21:52 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-10-10 21:52 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-10-10 21:52 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-10-10 21:52 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-10-10 21:52 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 18:32 . 2013-06-12 19:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 18:32 . 2013-06-12 19:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-26 00:46 . 2012-08-04 22:22 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-08 11:24 . 2013-09-08 11:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 11:24 . 2012-08-05 22:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-08 11:24 . 2012-08-05 22:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-09-07 10:35 . 2013-09-07 10:36 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70201B46-5F8B-43E0-939D-CA50FF71F630}\gapaengine.dll2013-08-29 01:48 . 2013-10-10 21:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-22 17:19 . 2012-10-11 17:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-07-25 09:25 . 2013-08-13 21:42 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-13 21:42 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BatteryMon"="c:\program files (x86)\BatteryMon\BatteryMon.exe" [2012-06-15 1344960]"GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178"="c:\users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys [x]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe;c:\program files\Synergy\synergyd.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 18:32].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2353138542-2237130678-4057455615-1142Core1ce0ca73495b72b.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000Core.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000UA.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-30 1794344]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 241664].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.254.2TCP: Interfaces\{71152D85-98B4-4DDD-9734-F6D8D3461AAF}: NameServer = 192.168.254.1FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\rh0sjulz.default\..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-19 20:11:44ComboFix-quarantined-files.txt 2013-10-19 19:11ComboFix2.txt 2013-10-18 17:58.Pre-Run: 36,898,304,000 bytes freePost-Run: 36,838,957,056 bytes free.- - End Of File - - 694AE4A12FE874491453DFE75EBAE77FA36C5E4F47E84449FF07ED3517B43A31
  7. Here you go Gringo, Combofix log below. Regards Aaron ComboFix 13-10-16.02 - Aaron 18/10/2013 18:40:59.1.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3062.1339 [GMT 1:00]Running from: c:\users\Aaron\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-09-18 to 2013-10-18 )))))))))))))))))))))))))))))))..2013-10-18 17:47 . 2013-10-18 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-18 10:22 . 2013-10-18 10:22 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CC5313A-A55D-45D4-B9BE-D44937F5B7B8}\offreg.dll2013-10-18 10:22 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CC5313A-A55D-45D4-B9BE-D44937F5B7B8}\mpengine.dll2013-10-18 10:13 . 2013-10-18 10:13 -------- d-----w- c:\windows\ERUNT2013-10-18 10:06 . 2013-10-18 10:08 -------- d-----w- C:\AdwCleaner2013-10-17 18:18 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-15 00:09 . 2013-10-15 00:09 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll2013-10-15 00:09 . 2013-10-15 00:09 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2013-10-15 00:09 . 2013-10-15 00:09 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe2013-10-15 00:09 . 2013-10-15 00:09 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-10-15 00:09 . 2013-10-15 00:09 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe2013-10-10 23:07 . 2013-10-18 03:12 -------- d-----w- c:\program files\Apoint2K2013-10-10 22:59 . 2013-10-10 22:59 -------- d-----w- c:\program files\Synaptics2013-10-10 22:40 . 2013-10-18 03:12 -------- d-----w- C:\DRIVERS2013-10-10 22:32 . 2013-10-18 03:12 -------- d-----w- c:\program files (x86)\HP2013-10-10 21:54 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-10-10 21:52 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-10-10 21:52 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-10-10 21:52 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-10-10 21:52 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-10-10 21:52 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-10-10 21:52 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-10-10 21:52 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-10-10 21:52 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 18:32 . 2013-06-12 19:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 18:32 . 2013-06-12 19:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-26 00:46 . 2012-08-04 22:22 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-08 11:24 . 2013-09-08 11:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 11:24 . 2012-08-05 22:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-08 11:24 . 2012-08-05 22:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-09-07 10:35 . 2013-09-07 10:36 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70201B46-5F8B-43E0-939D-CA50FF71F630}\gapaengine.dll2013-08-29 01:48 . 2013-10-10 21:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-22 17:19 . 2012-10-11 17:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-07-25 09:25 . 2013-08-13 21:42 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-25 08:57 . 2013-08-13 21:42 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BatteryMon"="c:\program files (x86)\BatteryMon\BatteryMon.exe" [2012-06-15 1344960]"GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178"="c:\users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk - c:\program files (x86)\DigiGuide TV Guide\Client.exe [2013-6-24 180224]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-7 576000].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ARGUS TV Notifier.lnk - c:\program files (x86)\ARGUS TV\Notifier\ArgusTV.UI.Notifier.exe [2013-4-28 124928].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys;c:\users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys [x]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe;c:\program files\Synergy\synergyd.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 18:32].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 11:39].2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2353138542-2237130678-4057455615-1142Core1ce0ca73495b72b.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000Core.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52].2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2356061607-2759803147-2363496409-1000UA.job- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-04 22:52]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-09-25 16:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-30 1794344]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 241664].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.254.2TCP: Interfaces\{71152D85-98B4-4DDD-9734-F6D8D3461AAF}: NameServer = 192.168.254.1FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\rh0sjulz.default\.- - - - ORPHANS REMOVED - - - -.AddRemove-3748422817.go.sky.com - c:\program files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-18 18:58:37ComboFix-quarantined-files.txt 2013-10-18 17:58.Pre-Run: 34,342,473,728 bytes freePost-Run: 34,346,893,312 bytes free.- - End Of File - - 6140BAB34A98CD4865B528CC24EF89FBA36C5E4F47E84449FF07ED3517B43A31
  8. Ignore that Gringo, it's decided to fire itself into life! Very long pause between the original window and the autoscan window appearing, making it look like the program had finished or failed. Perhaps a warning that there may be a few minutes delay between running the program and having it's window disappear and the autoscan window opening? Regards Aaron
  9. Hi Gringo, Combofix runs, extracts and goes though a progress bar, writing to C:\32788R22FWJFW which shows as a computer icon instead of a folder in Explorer, flashes up a couple of progress bars which disappear too quickly to read, continues the progress bar at the top of the original window, goes beep and closes. No log from Combofix :-( No further attempt to contact the blocked IP address since running the other bits this morning. Regards Aaron
  10. Hi Gringo, Thanks for taking the time to help me on this. Logs below. Machine is still running normally - these attempts at getting to 195.59.55.138 are random and occasional, sometimes a couple of attempts per day, other times maybe nothing for a few days. Sometimes it is svchost.exe, sometimes chrome.exe. It would be nice if MBAM held the notice-bubble until clicked and acknowledged as it can go unnoticed if you're not in front of the machine when the attempt is made. It was only by spotting the bubble once that I looked back in the logs and saw that this had been happening for a couple of weeks. May need to wait a day or three to see if this has cleared it. Thanks Aaron # AdwCleaner v3.008 - Report created 18/10/2013 at 11:08:38# Updated 17/10/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Aaron - LIGHTNING# Running from : C:\Users\Aaron\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\Users\Aaron\AppData\Roaming\pdfforge ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\Software\PIP ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16514 -\\ Mozilla Firefox v21.0 (en-GB) [ File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\rh0sjulz.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1735 octets] - [18/10/2013 11:06:37]AdwCleaner[s0].txt - [1639 octets] - [18/10/2013 11:08:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1699 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Windows 7 Ultimate x64Ran by Aaron on 18/10/2013 at 11:13:22.37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 18/10/2013 at 11:19:07.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Hi Guys, Running MBAM Pro here and getting IP Blocked 195.59.55.138 popping up - svchost.exe and chrome.exe Scans show nothing, MSE shows clean as well. DDS.txt and Attach.txt below Hopefully you Guys can help, or allay my fears! MTIA Aaron .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 04/08/2012 00:59:16System Uptime: 17/10/2013 19:18:04 (1 hours ago).Motherboard: Hewlett-Packard | | 30D9Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | CPU | 2394/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 32.863 GiB free.D: is CDROM ()E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP172: 08/10/2013 20:18:21 - Windows UpdateRP173: 10/10/2013 22:55:08 - Windows UpdateRP174: 14/10/2013 18:09:01 - Windows UpdateRP175: 17/10/2013 18:18:42 - Windows UpdateRP176: 17/10/2013 19:02:19 - Restore OperationRP177: 17/10/2013 19:29:21 - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 PluginARGUS TV 2.1BatteryMon V2.1CarbonCCleanerConexant HD AudioCore Temp 1.0 RC5CPUID CPU-Z 1.64.0Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDigiGuide TV GuideGoogle ChromeGoogle DriveGoogle Update HelperGPU Temp version 1.0HDAUDIO Soft Data Fax Modem with SmartCPHP Battery CheckHP Product DetectionHP Quick Launch ButtonsHP USB Disk Storage Format ToolinSSIDerIntel® Graphics Media Accelerator DriverIPTInstallerJava 7 Update 25Java Auto UpdaterJavaFX 2.1.1LAV Filters 0.54.0Logitech Harmony Remote SoftwareLogitech Harmony Remote Software 7Magic ISO Maker v5.5 (build 0281)MagicDisc 2.7.106Malwarebytes Anti-Malware version 1.75.0.1300MediaPortalMediaPortal TV Server / ClientMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Expression Web 4Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 21.0 (x86 en-GB)Mozilla Maintenance ServicePDF ArchitectPDFCreatorQLBCASLRemote Control USB DriverRuntime 8.0 LibrariesSanDisk SSD Toolkit 1.0.0.1Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 64-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2794707) 64-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSky Go DesktopSynaptics Pointing Device DriverSyncToy 2.1 (x64)SynergyTeamViewer 8Touch Pad DriverTreeSize Free V2.7Universal Adb DriverUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 64-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2589298) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 64-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 64-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit EditionUpdate for Microsoft Word 2010 (KB2827323) 64-Bit EditionVCDS-Lite 1.2VLC media player 2.0.6Windows Small Business Server 2008 ClientAgentWindows Small Business Server 2008 Desktop Links GadgetWindows Small Business Server 2008 WMI ProviderWinRAR 4.20 (64-bit)XBMC.==== Event Viewer Messages From Past Week ========.17/10/2013 19:18:14, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain mydomain due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.17/10/2013 19:18:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000006b (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101713-9547-01.17/10/2013 19:18:13, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.017/10/2013 19:18:08, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.17/10/2013 19:18:08, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.17/10/2013 18:04:27, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\mydomain.local\SysVol\mydomain.local\Policies\{F06B4CF7-85D7-4A7B-BD24-45601A9C61D6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.15/10/2013 01:26:41, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.10/10/2013 23:06:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1828.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10/10/2013 23:06:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1828.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10/10/2013 23:06:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1828.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10/10/2013 19:49:02, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.25.2Run by Aaron at 20:27:01 on 2013-10-17Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3062.1450 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\PDF Architect\HelperService.exeC:\Program Files (x86)\PDF Architect\ConversionService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Synergy\synergyd.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Windows\system32\svchost.exe -k bthaudiosvcc:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files (x86)\BatteryMon\BatteryMon.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\BatteryMon\BatteryMon.exeC:\Program Files (x86)\ARGUS TV\Notifier\ArgusTV.UI.Notifier.exeC:\Program Files (x86)\MagicDisc\MagicDisc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Synergy\synergy.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Synergy\synergyc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dlluRun: [batteryMon] C:\Program Files (x86)\BatteryMon\BatteryMon.exeuRun: [GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178] "C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-windowmRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGIGU~1.LNK - C:\Program Files (x86)\DigiGuide TV Guide\Client.exeStartupFolder: C:\Users\Aaron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ARGUST~1.LNK - C:\Program Files (x86)\ARGUS TV\Notifier\ArgusTV.UI.Notifier.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: RunStartupScriptSync = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.254.2TCP: Interfaces\{05CECAF7-A92D-423F-B030-8E42955674E9} : DHCPNameServer = 192.168.254.2TCP: Interfaces\{05CECAF7-A92D-423F-B030-8E42955674E9}\24565627 : DHCPNameServer = 192.168.254.2TCP: Interfaces\{05CECAF7-A92D-423F-B030-8E42955674E9}\2456C6B696E6534376 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{05CECAF7-A92D-423F-B030-8E42955674E9}\3496465627F5537484A7 : DHCPNameServer = 192.168.254.2TCP: Interfaces\{05CECAF7-A92D-423F-B030-8E42955674E9}\4586560234C6F65746 : DHCPNameServer = 192.168.10.4TCP: Interfaces\{71152D85-98B4-4DDD-9734-F6D8D3461AAF} : NameServer = 192.168.254.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exex64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\rh0sjulz.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-14 27136]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-21 227896]R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-23 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-23 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]R2 Synergy;Synergy;C:\Program Files\Synergy\synergyd.exe [2012-7-30 422472]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-25 5087584]R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2012-8-4 227896]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-23 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-7-22 60416]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-1-10 33736]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-15 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-15 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-4 1255736]S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Aaron\Downloads\RealTemp_340\WinRing0x64.sys [2013-5-10 14544].=============== Created Last 30 ================.2013-10-17 18:29:48 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{791BFA1D-4DA4-4863-B3E6-8856630BFCBE}\mpengine.dll2013-10-17 18:18:13 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-15 00:09:29 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll2013-10-15 00:09:29 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2013-10-15 00:09:17 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe2013-10-15 00:09:17 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-10-15 00:09:17 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe2013-10-10 23:07:24 -------- d-----w- C:\Program Files\Apoint2K2013-10-10 22:59:36 -------- d-----w- C:\Program Files\Synaptics2013-10-10 22:40:55 -------- d-----w- C:\DRIVERS2013-10-10 22:32:05 -------- d-----w- C:\Program Files (x86)\HP2013-10-10 21:54:52 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-10-10 21:52:49 461312 ----a-w- C:\Windows\System32\scavengeui.dll2013-10-10 21:52:48 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-10-10 21:52:48 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-10-10 21:52:48 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-10-10 21:52:48 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-10-10 21:52:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-10-10 21:52:47 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-10-10 21:52:47 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys.==================== Find3M ====================.2013-10-09 18:32:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 18:32:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-08 11:24:29 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 11:24:27 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-09-08 11:24:27 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll.============= FINISH: 20:27:15.57 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.