I have no idea how it happened but lately every time I click the mouse, the first thing that comes up is some scam video about some software that can make me a million dollars in one month. It does not matter what program I click on, Outlook, some saved document, an icon on the desktop, whatever. These videos just pop up from nowhere and it sometimes would take several tries to get to where I want to go.
My pop-up blocker is on so I don't what else to do and would appreciate your help, please.

I downloaded DDS but unable to save it on my desktop. I am getting the following message:

"DDS not meant to run in compatibility Mode. Program will now exit."

I turned off firewall but that did not help.

I have done this exercise before on my old computer (Windows XP) before and had no problems. This is a new hard drive with Windows 8 and it is taking some time to get used to.

Is there any way around this? I am told DDS is not supported on Windows 8.

Thanks

dorcas22

out of nowhere this appears. happened a no. of times. I can;t properly run .exe files.T

Hello:
Please help me if you can..........
Something disabled Windows Defender and is letting very large bogus files onto my computer so I installed the latest free version of Avast. I am using win 8.1 in a Lenovo computer. I just discovered that some mystery files are being inserted into my computer by the dozens and these mystery files are extremely large so the hard drive was almost filled up!
Here is what I found by using an app called WinDirStat:
the mystery files look like this: 12754694899610736661_2853498758043839360_4480_4480 ~ 960 MB
and this: ver1
they are sent to this location in my computer: C:\$Recycle.Bin\S-1-5-21-2712117882-3860235528-2112810399-1002

When I open the mystery file with FIREFOX, it looks like this:
file:///C:/recyclebin/12754694899610736661_2853498758043835520_3840_3840
which is an application/octet-stream (960 MB) from C:\recyclebin

Note: file opens in Firefox but there is no information in the page and, after selecting Ctl - U, there is NO code at all!

These files are still coming into my computer after installing Avast so PLEASE help me if you can. I can catch these files with the help of WinDirStat but want to stop them altogether. I believe a virus has invaded my PC and had hoped that Avast would catch and kill it but not so far!
Thanks,
jim

My laptop has been taken over by a virus/trojan/malware. I visited a site that I thought would download a program to update my android version on my smart phone. I thought I removed the file but my wife went online to a site to order some products and answered a survey she thought the site was conducting. It was not. I now have programs installed including Optimizer Pro v3.2, 3D Bubble Sound, Crossbrowse, GamesDesktop. I tried uninstalling unsuccessfully, went into safemode and attempted to find all the files downloaded that day and delete them. That was a mistake. I have run the SPTD program and the dds. Here are the results of the dds:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801
Run by Steve at 15:30:37 on 2015-05-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.644 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Steve\AppData\Roaming\0F46E5CF-1432050311-E111-9065-DC0EA1F74031\nse7855.tmp
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\FlashBeat\FlashBeat.exe
C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-6.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Users\Steve\AppData\Roaming\0F46E5CF-1432153016-E111-9065-DC0EA1F74031\jnsvD0B8.tmp
C:\Users\Steve\AppData\Local\0F46E5CF-1432138831-E111-9065-DC0EA1F74031\cnswA9CC.tmp
C:\Users\Steve\AppData\Roaming\0F46E5CF-1432050311-E111-9065-DC0EA1F74031\hnsk96BB.tmp
C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Optimizer Pro 3.92\OptProSmartScan.exe
C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.exe
C:\Program Files (x86)\Optimizer Pro 3.92\OptProReminder.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\svchost.exe -k ORBTR
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\FlashBeat\FlashBeat.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Steve\AppData\Roaming\0F46E5CF-1432050311-E111-9065-DC0EA1F74031\jnsp79E6.tmp
C:\Program Files (x86)\Coupoon\UpdateCheck.exe
C:\Users\Steve\AppData\Local\0F46E5CF-1432138849-E111-9065-DC0EA1F74031\snswE5D0.tmp
C:\ProgramData\tuQOQplJ\aXXPBKHeXXG.exe
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\WebBar\2.0.5574.22315\wb.exe
C:\Users\Steve\AppData\Local\Temp\isdk86ATFa7p\ISightHost.exe
C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Steve\AppData\Local\gmsd_us_592\upgmsd_us_592.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\BubbleSound\3D BubbleSound.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Coupoon\UpdateCheck.exe
C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
C:\Users\Steve\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Steve\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\Public\Documents\windows.exe
C:\ProgramData\DesktopSearch\DesktopSearch.exe
C:\Users\Steve\AppData\Local\0F46E5CF-1432138831-E111-9065-DC0EA1F74031\ansrA826.exe
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\LockKey\LockKey.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Users\Steve\AppData\Local\SmartWeb\SmartWebHelper.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Imgtask.exe
C:\Users\Steve\AppData\Local\SmartWeb\SmartWebApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Steve\AppData\Local\Temp\nsl97CE.tmp
C:\Program Files (x86)\gmsd_us_592\gmsd_us_592.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Users\Public\DOCUME~1\windows.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Users\Steve\AppData\Local\Temp\nss16EF.tmp
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\ProgramData\Uenoiageirh\1.0.1.0\jroknaur.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\Uenoiageirh\1.0.1.0\jroknaur.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\System32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-10.exe
C:\Program Files (x86)\Coupoon\UpdateCheck.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M8D677D7F-0F1E-4582-BA3A-B2E17958F415&SearchSource=55&CUI=&UM=8&UP=SP672F9005-8D2A-486C-956B-4B2A10C086BC&D=052015&SSPV=
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: MasterCook Bar: {C92041C1-6D22-4069-BA0E-66246AA752B0} -
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe"
uRun: [Amazon Cloud Player] "C:\Users\Steve\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [Google Update] "C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SansaDispatch] C:\Users\Steve\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Application] C:\Users\Public\Documents\windows.exe
uRun: [Hawker] C:\Program Files (x86)\Hawker\VersionControl.exe
uRun: [PCPrivacyDock] "C:\Program Files (x86)\PC Privacy Dock\PCPrivacyDock.exe" /minimized
uRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.92\OptProLauncher.exe
uRun: [GoogleChromeAutoLaunch_2F8DF7AC038289A0FA4543C428E17AA7] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
uRun: [DesktopSearch] C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [ImgTask] C:\Windows\Imgtask.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ospd_us_1071] <no file>
mRunOnce: [upgmsd_us_592.exe] C:\Users\Steve\AppData\Local\gmsd_us_592\upgmsd_us_592.exe -runonce
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CROSSB~1.LNK - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SmartWeb.lnk - C:\Users\Steve\AppData\Local\SmartWeb\SmartWebHelper.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Steve\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: MasterCook: Select Image - C:\Users\Steve\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0}
TCP: NameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{49C7584E-790B-441B-A822-1BB1770659C6} : DHCPNameServer = 172.27.35.1
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0} : DHCPNameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0}\1425259435D264231313 : DHCPNameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0}\348627F6D6563616374773437333 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0}\3736F6275626F6162746 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0}\84F4D454D244533423 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{971A657D-3718-4386-B7E0-FC63B0F831F0}\C45736B6973456461627 : DHCPNameServer = 64.233.217.2 64.233.217.3 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll C:\ProgramData\FlashBeat\FlashBeat32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\embjxs80.default\
FF - prefs.js: browser.search.selectedEngine - Trovi
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M8D677D7F-0F1E-4582-BA3A-B2E17958F415&SearchSource=55&CUI=&UM=8&UP=SP672F9005-8D2A-486C-956B-4B2A10C086BC&D=052015&SSPV=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Steve\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
.
.
.
.
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2015-05-22 18:59:11 -------- d-----w- C:\ProgramData\Uenoiageirh
2015-05-20 20:43:38 -------- d-----w- C:\Users\Steve\AppData\Local\WebBar
2015-05-20 20:43:02 -------- d-----w- C:\Program Files\BubbleSound
2015-05-20 20:42:59 -------- d-----w- C:\ProgramData\tuQOQplJ
2015-05-20 20:42:49 -------- d-----w- C:\ProgramData\DesktopSearch
2015-05-20 20:42:45 -------- d-----w- C:\ProgramData\InstallSightSDK
2015-05-20 20:42:40 -------- d-----w- C:\Program Files\WebBar
2015-05-20 20:33:11 -------- d-----w- C:\Users\Steve\AppData\Local\gmsd_us_592
2015-05-20 20:33:11 -------- d-----w- C:\Program Files (x86)\gmsd_us_592
2015-05-20 20:31:37 -------- d-----w- C:\Program Files (x86)\bb11f101-c797-45eb-a909-19cc926b3749
2015-05-20 20:31:18 -------- d-----w- C:\Users\Steve\AppData\Local\globalUpdate
2015-05-20 20:31:18 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-05-20 20:31:03 -------- d-----w- C:\Program Files (x86)\CinemaPlus-3.2cV20.05
2015-05-20 20:30:37 -------- d-----w- C:\Users\Steve\AppData\Local\Crossbrowse
2015-05-20 20:30:03 -------- d-----w- C:\Program Files (x86)\Crossbrowse
2015-05-20 20:30:01 -------- d-----w- C:\Program Files (x86)\Coupoon
2015-05-20 20:21:47 -------- d-----w- C:\Users\Steve\AppData\Roaming\Optimizer Pro
2015-05-20 20:20:49 -------- d-----w- C:\Users\Steve\AppData\Local\0F46E5CF-1432138849-E111-9065-DC0EA1F74031
2015-05-20 20:20:31 -------- d-----w- C:\Users\Steve\AppData\Local\0F46E5CF-1432138831-E111-9065-DC0EA1F74031
2015-05-20 20:18:14 -------- d-----w- C:\Users\Steve\AppData\Local\0F46E5CF-1432138694-E111-9065-DC0EA1F74031
2015-05-20 20:16:56 -------- d-----w- C:\Users\Steve\AppData\Roaming\Eppink
2015-05-20 20:16:56 -------- d-----w- C:\Users\Steve\AppData\Roaming\0F46E5CF-1432153016-E111-9065-DC0EA1F74031
2015-05-20 20:16:08 -------- d-----w- C:\Program Files (x86)\Infonaut_1.10.0.14
2015-05-20 20:16:04 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 3.92
2015-05-20 20:15:42 -------- d-----w- C:\Program Files (x86)\predm
2015-05-20 18:34:31 -------- d-----w- C:\Users\Steve\AppData\Local\avabvbxvh
2015-05-20 18:34:18 -------- d-----w- C:\Users\Steve\AppData\Local\SearchProtect
2015-05-20 18:34:15 -------- d-----w- C:\Program Files (x86)\SearchProtect
2015-05-20 18:34:15 -------- d-----w- C:\Program Files (x86)\ORBTR
2015-05-20 18:33:45 -------- d-----w- C:\Users\Steve\AppData\Local\SmartWeb
2015-05-20 18:32:44 -------- d-----w- C:\ProgramData\4bf6f2c49d004f2aba9c312f14be371c
2015-05-20 18:32:43 -------- d-----w- C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-20 18:32:42 -------- d-----w- C:\ProgramData\FlashBeat
2015-05-20 12:33:06 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10485071-8181-491B-A160-25D8AB0182EB}\offreg.892.dll
2015-05-20 12:28:03 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10485071-8181-491B-A160-25D8AB0182EB}\mpengine.dll
2015-05-19 21:03:25 -------- d-----w- C:\ProgramData\5bbda6cc00007ad8
2015-05-19 16:43:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\0F46E5CF-1432053786-E111-9065-DC0EA1F74031
2015-05-19 16:40:55 -------- d-----w- C:\ProgramData\{ec5c2cf3-9e5a-d974-ec5c-c2cf39e5b3ce}
2015-05-19 15:56:40 -------- d-----w- C:\ProgramData\lomlpfccfcfcaiijdbgkpnmcgnjblmln
2015-05-19 15:55:25 -------- d-----w- C:\ProgramData\PastaLeadsAgent
2015-05-19 15:55:03 -------- d-----w- C:\Program Files\Common Files\PastaLeads
2015-05-19 15:54:45 48776 ----a-w- C:\Windows\System32\drivers\{8560d1c7-38e6-4170-bb12-fa9b26d9a20a}Gw64.sys
2015-05-19 15:47:57 -------- d-----w- C:\Program Files\Coupoon
2015-05-19 15:47:38 -------- d-----w- C:\ProgramData\abc
2015-05-19 15:46:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\0F46E5CF-1432050390-E111-9065-DC0EA1F74031
2015-05-19 15:45:11 -------- d-----w- C:\Users\Steve\AppData\Roaming\0F46E5CF-1432050311-E111-9065-DC0EA1F74031
2015-05-19 15:42:13 -------- d-----w- C:\ProgramData\10616819731799978296
2015-05-19 15:41:44 -------- d-----w- C:\ProgramData\enfblhegihiljmkhokfjlagbpeidgban
2015-05-19 00:48:39 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-16 23:22:34 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC7497D6-2D25-4622-A683-2E3AB224779E}\gapaengine.dll
2015-05-14 14:47:39 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 14:47:39 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:17:10 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-13 12:17:10 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-13 12:17:10 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-13 12:17:10 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-13 12:15:59 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-05-13 12:14:59 938496 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-04-30 14:12:56 -------- d-----w- C:\Users\Steve\AppData\Local\Apps
2015-04-23 18:13:04 -------- d-----w- C:\Users\Steve\AppData\Local\Plex Media Server
2015-04-23 18:10:34 -------- d-----w- C:\Program Files (x86)\Plex
2015-04-23 18:10:10 -------- d-----w- C:\ProgramData\Package Cache
.
==================== Find3M ====================
.
2015-05-13 13:03:48 263952 ----a-w- C:\Windows\apppatch\AppPatch64\VCLdr64.dll
2015-05-13 13:03:48 223504 ----a-w- C:\Windows\apppatch\nbin\VC32Loader.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 14:05:14 1579520 ----a-w- C:\Users\Steve\AppData\Roaming\nRkQ8UNb33HxuvD1DgPJx87.exe
2015-04-20 14:05:14 1579520 ----a-w- C:\Users\Steve\AppData\Roaming\J6Wlqn9ihspk.exe
2015-04-20 14:05:14 1579520 ----a-w- C:\Users\Steve\AppData\Roaming\DrbKIP6kuAPd5La.exe
2015-04-20 14:05:14 1246720 ----a-w- C:\Users\Steve\AppData\Roaming\XzKyStnyGh5tV39R.exe
2015-04-20 14:05:14 1246720 ----a-w- C:\Users\Steve\AppData\Roaming\jR0cjxFWA5jQOFJkL.exe
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-15 04:16:36 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 04:16:36 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-10 19:56:56 58224 ----a-w- C:\Windows\System32\drivers\innfd_1_10_0_14.sys
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-04-02 22:22:32 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
.
============= FINISH: 15:59:50.54 ===============
I ran Microsoft security essentials immediately after it happened and it isolated two trojans:
Trojandownloader:Win32/Rottentu.A (twice)
Trojan:Win32/gheugent.A/plock
Restarting the laptop I get a small window that says"landed fsdfggsdgf.com
When trying to use my browser it has a loaded site on it. :trovi.com/?gd=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M8D677DF-0F1E-4582-BA3A- Internet Explorer(Not Responding)

Attached Files

attach.txt (9.4 KB)

My friend has a problem with her laptop. Recently she had a problem with not being able to click links. This was the first sign she noticed something was wrong. Earlier today she got a BSOD: Error 333 pop up malware. She mistakenly followed the instructions, but quickly realized her fault and stopped whatever process was running. Since then she's been getting strange pop-ups, specifically on the steam browser. I've been trying to help her fix it, but don't want her to run anything that will potentially harm her computer anymore.

I told her to run a DDS, but it gave a compatibility error. This is her FRST log and addition log.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Paige (administrator) on PAIGE on 22-05-2015 18:23:07
Running from C:\Users\Paige\Downloads
Loaded Profiles: Paige (Available Profiles: Paige)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\SCP DS3\bin\ScpService.exe
() C:\Program Files\Echo360\Personal Capture\echo_uploader_ntservice.exe
() C:\Program Files\Echo360\Personal Capture\echo_uploader.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [769496 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-22] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\...\Run: [OneDrive] => C:\Users\Paige\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\...\Run: [GoogleChromeAutoLaunch_37EE47EB89BE3486179AEC93FDB07283] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\Software\Microsoft\Internet Explorer\Main,Start Page = msn
HKU\S-1-5-21-4164279202-2745503252-1457267982-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
SearchScopes: HKLM -> {1E48B06E-BFD9-43F1-9170-6D0B8282A199} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {1E48B06E-BFD9-43F1-9170-6D0B8282A199} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4164279202-2745503252-1457267982-1001 -> {1E48B06E-BFD9-43F1-9170-6D0B8282A199} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4164279202-2745503252-1457267982-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-22] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-22] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Users\Paige\AppData\Roaming\Mozilla\Firefox\Profiles\mvqkn673.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-4164279202-2745503252-1457267982-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paige\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-22]

Chrome:
=======
CHR Profile: C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BeFunky Photo Editor) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-05-22]
CHR Extension: (YouTube) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-22]
CHR Extension: (Ebates Cash Back Button) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-05-22]
CHR Extension: (Pandora) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-05-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-05-22]
CHR Extension: (Autocomplete on) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhbgagnmhdafendedikgjimegoipbnk [2015-05-22]
CHR Extension: (AdBlock) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-22]
CHR Extension: (Bookmark Manager) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Imgurian Tweaks) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljlokiakakknbbkpcoaceibkjmffnkp [2015-05-22]
CHR Extension: (GroupMe Notifications) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlmejlghbfnmdogojohgfnhdldnjhah [2015-05-22]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-22]
CHR Extension: (Hangouts) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-05-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Facebook Messenger) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-05-22]
CHR Extension: (Deadpool) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihiehkcaajaipjpoeeolnnacomapnng [2015-04-11]
CHR Extension: (Hangouts) - C:\Users\Paige\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-22] (Avast Software s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files (x86)\SCP DS3\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) []
R2 EchoSystemEchoUploader; C:\Program Files\Echo360\Personal Capture\echo_uploader_ntservice.exe [97792 2014-09-12] () []
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-23] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-22] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-22] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-22] ()
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 18:23 - 2015-05-22 18:24 - 00021907 _____ () C:\Users\Paige\Downloads\FRST.txt
2015-05-22 18:22 - 2015-05-22 18:23 - 00000000 ____D () C:\FRST
2015-05-22 18:21 - 2015-05-22 18:21 - 02108416 _____ (Farbar) C:\Users\Paige\Downloads\FRST64.exe
2015-05-22 18:18 - 2015-05-22 18:18 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\AVAST Software
2015-05-22 18:17 - 2015-05-22 18:17 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-22 18:17 - 2015-05-22 18:17 - 00001938 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-22 18:17 - 2015-05-22 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-22 18:16 - 2015-05-22 18:17 - 00356272 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-05-22 18:16 - 2015-05-22 18:16 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-22 18:16 - 2015-05-22 18:16 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-22 18:16 - 2015-05-22 18:16 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-22 18:16 - 2015-05-22 18:16 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-22 18:14 - 2015-05-22 18:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-22 18:14 - 2015-05-22 18:14 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-22 18:13 - 2015-05-22 18:13 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Paige\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-22 18:13 - 2015-05-22 18:13 - 00688992 _____ (Swearware) C:\Users\Paige\Downloads\dds.scr
2015-05-22 17:34 - 2015-05-22 17:34 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-05-22 17:31 - 2015-05-22 17:31 - 00009124 _____ () C:\WINDOWS\system32\.crusader
2015-05-22 17:20 - 2015-05-22 17:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-22 17:19 - 2015-05-22 18:00 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4164279202-2745503252-1457267982-1001
2015-05-22 17:19 - 2015-05-22 17:20 - 11024496 _____ (SurfRight B.V.) C:\Users\Paige\Downloads\HitmanPro_x64.exe
2015-05-22 17:16 - 2015-05-22 17:16 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-PAIGE-Windows-8.1-(64-bit).dat
2015-05-22 17:16 - 2015-05-22 17:16 - 00000000 ____D () C:\RegBackup
2015-05-22 17:15 - 2015-05-22 17:15 - 02720009 _____ (Thisisu) C:\Users\Paige\Downloads\JRT.exe
2015-05-21 21:30 - 2015-05-21 21:30 - 00000000 ____D () C:\Program Files (x86)\SCP DS3
2015-05-21 21:29 - 2013-05-19 03:02 - 00039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2015-05-21 21:29 - 2013-01-07 10:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-05-21 19:22 - 2015-05-21 19:22 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\MotioninJoy
2015-05-21 19:22 - 2015-05-21 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-05-21 19:22 - 2015-05-21 19:22 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-05-21 19:22 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll
2015-05-21 00:45 - 2015-05-21 00:45 - 00000000 ____D () C:\Users\Paige\Documents\CAPCOM
2015-05-21 00:43 - 2015-05-21 00:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\xlive
2015-05-21 00:43 - 2015-05-21 00:43 - 00000000 ____D () C:\Users\Paige\Documents\Games for Windows - LIVE Demos
2015-05-21 00:43 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-05-21 00:43 - 2015-05-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-05-20 10:26 - 2015-05-20 10:26 - 00000221 _____ () C:\Users\Paige\Desktop\Resident Evil 5 Biohazard 5.url
2015-05-15 21:09 - 2015-05-15 21:09 - 00002726 _____ () C:\Users\Paige\Desktop\Hangouts.lnk
2015-05-14 16:43 - 2015-05-14 16:43 - 00000222 _____ () C:\Users\Paige\Desktop\Remember Me.url
2015-04-24 22:54 - 2015-04-24 22:54 - 00000000 ____D () C:\Users\Paige\AppData\Local\Macromedia
2015-04-24 22:53 - 2015-04-24 22:53 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-24 22:52 - 2015-05-22 18:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-24 22:52 - 2015-04-24 22:52 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-24 16:23 - 2015-04-24 16:23 - 00000000 ____D () C:\ProgramData\Google
2015-04-24 15:53 - 2015-04-24 15:54 - 08180736 _____ () C:\Users\Paige\Downloads\chromeremotedesktophost (1).msi
2015-04-23 15:16 - 2015-04-23 15:16 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-23 15:15 - 2015-04-25 22:19 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\Origin
2015-04-23 15:15 - 2015-04-23 15:16 - 00000000 ____D () C:\Users\Paige\AppData\Local\Origin
2015-04-23 15:13 - 2015-05-22 16:34 - 00000000 ____D () C:\ProgramData\Origin
2015-04-23 15:13 - 2015-04-23 15:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-23 15:13 - 2015-04-23 15:13 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-04-23 15:13 - 2015-04-23 15:13 - 00000000 ____D () C:\ProgramData\Electronic Arts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 18:19 - 2015-04-21 22:46 - 01064495 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 18:14 - 2014-09-26 12:23 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 18:08 - 2015-02-18 10:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-22 18:08 - 2015-01-11 02:46 - 00004960 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PAIGE-Paige Paige
2015-05-22 18:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-22 17:57 - 2014-10-06 03:20 - 00000000 ___DO () C:\Users\Paige\OneDrive
2015-05-22 17:57 - 2014-09-26 12:23 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 17:55 - 2014-10-10 17:32 - 00000000 ____D () C:\Users\Paige
2015-05-22 17:54 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-22 17:32 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 17:12 - 2015-01-27 14:56 - 00000000 ____D () C:\AdwCleaner
2015-05-22 17:09 - 2014-10-10 17:57 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4164279202-2745503252-1457267982-1001
2015-05-22 16:15 - 2014-09-26 21:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 03:11 - 2015-03-23 14:30 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\TS3Client
2015-05-21 21:18 - 2014-09-26 12:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-21 21:15 - 2014-10-05 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-21 18:59 - 2014-09-26 12:19 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA6BCA6B-2A11-44D5-8A4E-E0563B61EBF9}
2015-05-21 00:38 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-20 20:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-20 19:32 - 2014-09-26 12:24 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 18:50 - 2015-04-09 23:00 - 00000000 ____D () C:\Users\Paige\Documents\my games
2015-05-20 11:26 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 14:15 - 2014-09-26 12:16 - 00000000 ____D () C:\Users\Paige\AppData\Local\Packages
2015-05-19 14:09 - 2014-09-26 12:23 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 14:09 - 2014-09-26 12:23 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 22:43 - 2015-04-05 18:07 - 00000000 ____D () C:\Program Files (x86)\Toontown Rewritten
2015-05-12 20:13 - 2015-02-24 17:41 - 00063679 _____ () C:\WINDOWS\system32\lvcoinst.log
2015-05-11 19:44 - 2014-09-24 03:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-07 00:37 - 2015-03-27 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-01 01:36 - 2013-09-07 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-05-01 01:36 - 2013-09-07 05:16 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-05-01 01:36 - 2013-06-01 14:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-01 01:32 - 2015-01-14 14:12 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-01 01:31 - 2015-01-14 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-01 01:29 - 2014-12-16 19:12 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\WildTangent
2015-05-01 01:29 - 2013-06-01 14:40 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-01 01:29 - 2013-06-01 14:40 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-04-29 23:59 - 2014-10-30 12:08 - 00000000 ____D () C:\Users\Paige\Documents\Other
2015-04-26 02:10 - 2015-02-13 14:48 - 00000000 ____D () C:\Users\Paige\Documents\Badging
2015-04-25 13:28 - 2015-04-16 12:59 - 00000000 ____D () C:\Users\Paige\AppData\Roaming\Add-in Express
2015-04-24 22:53 - 2014-12-31 11:44 - 00000000 ____D () C:\Users\Paige\AppData\Local\Adobe
2015-04-24 16:42 - 2015-04-09 12:47 - 00000000 ____D () C:\Users\Paige\Documents\Work
2015-04-23 20:26 - 2015-01-20 19:41 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-23 14:07 - 2015-03-21 16:24 - 00000391 _____ () C:\Users\Paige\Desktop\Remember.txt

==================== Files in the root of some directories =======

2014-10-05 22:05 - 2015-01-23 00:53 - 0000600 _____ () C:\Users\Paige\AppData\Local\PUTTY.RND
2015-03-30 23:02 - 2015-03-30 23:02 - 0007602 _____ () C:\Users\Paige\AppData\Local\Resmon.ResmonCfg
2015-03-16 15:23 - 2015-03-16 15:23 - 0000000 _____ () C:\Users\Paige\AppData\Local\{7C130877-6E20-4AFA-9355-BCA949B6F5EE}

Some files in TEMP:
====================
C:\Users\Paige\AppData\Local\Temp\Quarantine.exe
C:\Users\Paige\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-20 10:43

==================== End of log ============================

Attached Files

addition.txt (40.6 KB)

Something wrong with my pc. Please help

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Soumil at 18:37:22 on 2015-05-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7326.5188 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Soumil\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
E:\GAMES\NewSteam\Steam.exe
E:\GAMES\NewSteam\bin\steamwebhelper.exe
E:\GAMES\NewSteam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [razer update] C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Users\Soumil\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe" /MINIMIZED
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [razer update] C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
uExplorerRun: [Policies] C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
mExplorerRun: [Policies] C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{64A135FF-0E37-44A5-A8AB-DBD986C47312} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {28D584AW-734E-HHK3-0R13-1531XHN7XQP5} - C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-4-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-12-11 20464]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-24 1148744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-12-7 180648]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-12-11 296432]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 IntelHaxm;Intel HAXM Service;C:\Windows\System32\drivers\IntelHaxm.sys [2015-1-23 84992]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2014-10-15 22744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-12-11 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-24 1706312]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-24 21833544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-3-18 410768]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-12-11 450520]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-12-11 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-12-11 791024]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-24 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-24 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-12-11 906968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\System32\drivers\hidusbf.sys [2015-2-1 7808]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-2-8 20992]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-8 59392]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-7-22 89232]
.
=============== Created Last 30 ================
.
2015-05-23 12:50:51 -------- d-----w- C:\AdwCleaner
2015-05-19 19:05:58 -------- d-----w- C:\Program Files (x86)\GUM262C.tmp
2015-05-19 19:05:58 -------- d-----w- C:\Program Files (x86)\GCR25CE.tmp
2015-05-17 15:38:36 -------- d-----w- C:\Users\Soumil\AppData\Local\Adobe
2015-05-15 13:11:11 -------- d-----w- C:\Users\Soumil\AppData\Local\Apple
2015-05-15 13:11:07 -------- d-----w- C:\Program Files\Bonjour
2015-05-15 13:11:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-05-15 10:02:23 -------- d-----w- C:\Program Files\Rockstar Games
2015-05-15 09:17:36 -------- d-----w- C:\PhotoshopPortable
2015-05-12 10:17:56 -------- d-----w- C:\Program Files (x86)\KGB Archiver
2015-05-10 10:22:42 -------- d-----w- C:\Users\Soumil\AppData\Local\Ubisoft Game Launcher
2015-05-10 10:15:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2015-05-10 10:15:56 -------- d-----w- C:\Users\Soumil\AppData\Roaming\PunkBuster
2015-05-06 04:50:49 -------- d-----w- C:\ProgramData\Electronic Arts
2015-05-02 10:05:26 -------- d-----w- C:\akshay
.
==================== Find3M ====================
.
2015-03-13 16:16:47 6861968 ----a-w- C:\Windows\System32\nvcpl.dll
2015-03-13 16:16:47 3526856 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-03-13 16:16:45 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-03-13 16:16:45 62608 ----a-w- C:\Windows\System32\nvshext.dll
2015-03-13 16:16:45 386248 ----a-w- C:\Windows\System32\nvmctray.dll
2015-03-13 16:16:45 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-03-13 15:38:39 622224 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-03-11 13:10:00 4246327 ----a-w- C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 18:37:59.81 ===============

Attached Files

attach.txt (13.4 KB)

My computer is infected with malware and it is strange because it created a new user account. What is even stranger is the name of the account (Bocfsbek). I know I didn't create it, and no one else created it, so the only option left is malware and virus. I am really good at fixing computers (software and operating system) and getting rid of and preventing viruses. So far I have taken the following steps

1. Run ESET Smart Security

2. Run Malwarebytes Anti-Malware

3. Delete user account like any other user would

4. Delete user account through command prompt

5. Delete user account by going under computer, local disk C, users, and then deleting the user there.

6. Run Hitman Pro

7. Run Emsisoft Emergency Kit

8. System Restore

9. Rogue Killer

10. Rootkill

11. Combo Fix

12. Ccleaner (I have heard bad things about it and I didn't like it so I removed it from my computer)

13. Avast Premier Antivirus

14. Tdsskiller

15. Malicious Software Removal Tool from Microsoft

16. Command Prompt (type C: then attrib) and I found one autorun program and deleted it

17. Adware Cleaner


Each time I start or restart the computer, the user reappears. On all of these except Avast and Malicious Software Removal tool, something was detected and I removed it. My computer has and still is working extremely great, I run scans on it regularly and run disk defragments, disk cleanups ...

If you are wondering how I run my scans, I run full scans, quick scans, and smart scans. I don't run them at the same time to prevent the computer from slowing down and possibly each scan missing something. In addition, I regularly run windows updates and make sure my drivers are up to date.

As to what I think the cause could be is I had a computer I was fixing for someone that was messed up and I think it still has viruses and malware on it. I had it connected to the network so I could work on it better and I think it spread from that computer to mine. That computer is no longer on the network and I am working on scans to find malware and/or viruses on it.

Before all of this, I had ESET Smart Security and Malwarebytes installed. I also had rootkill and TDsskiller but those don't install on your computer, you just download them and save them to your downloads folder and then run them.

My computer is running windows 7 professional, 32 bit, it is a Compaq computer (before HP and Compaq merged), AMD Athlon Dual Core Processor, 3gb of memory, 320gb hard drive, and NVIDIA GeoForce 6150 SE Graphics.

Our network is secure and we have a password that is about nine characters long and includes numbers and letters (it is random password). I have tried just about everything in the book that I know of and still can't get the problem fixed. I have attached a screenshot below that I hope will help you.

If you need more information, I will be glad to provide it to you.

Attached Thumbnails

 

Hi there,

my computer is really slow. To open a Firefox window it takes 1-2 minutes and same with internal computer documents and so on.
Very ofter comp. freezes and has a message "Firefox is not responding"

Very frustrated.

My operational system is

Acer AOD270
Processor - Intel Atom CPU N 2600
Memory - 1GB
32 bit op system
Win 7 Starter
Service Pack 1


I downloaded dds.txt...

Any help would be appreciated.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17728
Run by js at 15:17:49 on 2015-05-12
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [AdobeBridge] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\A457C6965614E6464456E6963756 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\F45316 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\js\appdata\roaming\mozilla\firefox\profiles\81ax6hui.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DsiWMIService;Dritek WMI Service
R? GamesAppService;GamesAppService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMSwissArmy;MBAMSwissArmy
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? BazisVirtualCDBus;WinCDEmu Virtual Bus Driver
S? ePowerSvc;ePower Service
S? GREGService;GREGService
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? IconMan_R;IconMan_R
S? igddim32;igddim32
S? igdkmd32;igdkmd32
S? IntcDAud;Intel(R) Display Audio
S? Live Updater Service;Live Updater Service
S? RS_Service;Raw Socket Service
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
.
=============== Created Last 30 ================
.
2015-05-12 12:08:59 93808 ----a-w- c:\program files\mozilla firefox\updated\nssdbm3.dll
2015-05-12 12:03:04 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a855c2a8-8e81-4ec4-a76b-02b685edf081}\mpengine.dll
2015-04-21 18:11:36 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8adc1390-b856-42bf-b9ff-2078fb60574c}\mpengine.dll
2015-04-20 12:21:31 -------- d-----w- C:\AdwCleaner
2015-04-18 05:32:48 -------- d-----r- c:\program files\Skype
2015-04-18 05:27:40 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-18 05:27:39 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-18 05:27:39 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-18 05:27:39 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-18 05:27:39 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-18 05:27:38 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-18 05:27:37 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-18 05:27:35 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-18 05:27:35 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-18 05:27:11 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-18 05:27:07 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-18 05:24:14 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-04-18 05:21:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-18 05:21:25 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-18 05:21:25 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-18 05:21:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-18 05:21:24 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-18 05:21:24 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-18 05:20:50 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-18 05:20:48 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-18 05:20:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
==================== Find3M ====================
.
2015-03-17 05:01:09 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01:08 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:01:08 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 04:59:26 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57:20 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57:20 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57:17 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57:12 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:57:07 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:56:59 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56:59 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56:43 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56:38 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56:28 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53:35 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50:47 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50:43 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28:48 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- c:\windows\system32\html.iec
2015-03-13 03:26:19 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-03-13 03:16:24 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15:40 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-03-13 03:09:27 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-03-13 02:43:41 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 01:23:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13:52 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09:16 299008 ----a-w- c:\windows\system32\atmfd.dll
2014-05-20 17:12:20 6103040 ----a-w- c:\program files\GUTC6F.tmp
.
============= FINISH: 15:20:42.44 ===============

Attached Files

attach.txt (3.3 KB)

Hi
I have a serious problem in Windows 7 Service Pack 1 64bit
When I run the any game, two or three times on the error, and after a few minutes to play, the game will hang
These programs also got tested, but that does not work
SpyHunter
malwarebytes
ccleaner


Error Image

So on my MSi GE70 games won't load. When I try to run one (any game) it will freeze at launch and then I have to close it with the task manager. Youtube videos will load, but they don't play, and sometimes when I try to play them my browser (Chrome) will crash. I've scanned for viruses but nothing was found. I have absolutely no idea what to do.

So the past two days I have had issues with my internet coming in and out or running extremely slow. When I monitor the Kbps sending/receiving, it fluctuates wildly from very fast to non-existent. I am very new to PC and have been trying to locate the problem through this site and others. I found a suggestion to run dds.com and dds.scr to show potential threats, but couldn't get those to run on Windows 8 so I was found a program FRST64 to run. I've attached the log zip below. My limited knowledge seems to indicate all the extra hosts that are connected might be an issue, however, I am very very naive to this thing. I sincerely hope someone can help because my only option right now is to reformat and try again.

Attached Files

	Addition.zip (8.8 KB)
	FRST.zip (67.3 KB)

My computer is infected with malware and it is strange because it created a new user account. What is even stranger is the name of the account (Bocfsbek). I know I didn't create it, and no one else created it, so the only option left is malware and virus. I am really good at fixing computers (software and operating system) and getting rid of and preventing viruses. So far I have taken the following steps

1. Run ESET Smart Security

2. Run Malwarebytes Anti-Malware

3. Delete user account like any other user would

4. Delete user account through command prompt

5. Delete user account by going under computer, local disk C, users, and then deleting the user there.

6. Run Hitman Pro

7. Run Emsisoft Emergency Kit

8. System Restore

9. Rogue Killer

10. Rootkill

11. Combo Fix

12. Ccleaner (I have heard bad things about it and I didn't like it so I removed it from my computer)

13. Avast Premier Antivirus

14. Tdsskiller

15. Malicious Software Removal Tool from Microsoft

16. Command Prompt (type C: then attrib) and I found one autorun program and deleted it

17. Adware Cleaner


Each time I start or restart the computer, the user reappears. On all of these except Avast and Malicious Software Removal tool, something was detected and I removed it. My computer has and still is working extremely great, I run scans on it regularly and run disk defragments, disk cleanups ...

If you are wondering how I run my scans, I run full scans, quick scans, and smart scans. I don't run them at the same time to prevent the computer from slowing down and possibly each scan missing something. In addition, I regularly run windows updates and make sure my drivers are up to date.

As to what I think the cause could be is I had a computer I was fixing for someone that was messed up and I think it still has viruses and malware on it. I had it connected to the network so I could work on it better and I think it spread from that computer to mine. That computer is no longer on the network and I am working on scans to find malware and/or viruses on it.

Before all of this, I had ESET Smart Security and Malwarebytes installed. I also had rootkill and TDsskiller but those don't install on your computer, you just download them and save them to your downloads folder and then run them.

My computer is running windows 7 professional, 32 bit, it is a Compaq computer (before HP and Compaq merged), AMD Athlon Dual Core Processor, 3gb of memory, 320gb hard drive, and NVIDIA GeoForce 6150 SE Graphics.

Our network is secure and we have a password that is about nine characters long and includes numbers and letters (it is random password). I have tried just about everything in the book that I know of and still can't get the problem fixed. I have attached a screenshot below that I hope will help you.

If you need more information, I will be glad to provide it to you.

Attached Thumbnails

 

I have a laptop that is dual boot Ubuntu and XP pro (it's an older laptop). I primarily use the Ubuntu and not the XP. In fact I likely have used the XP boot twice. The hard drive is 250GB.

I don't download anything and basically just use it for surfing and searches. Lately I have been getting messages that disk space is running low. I have my Ubuntu set up so that I can see the XP folders. When the disk space got critical Ubuntu launched a disk analyzer utility with a nice graphical representation of the hard drive. The folders with the most disk usage were listed at the top. It turns out it was the XP Pro user folder. There is also a folder name 'apt' that I do not have "permission" to access. No idea what that's all about.

I suspect a virus, bot or zombie attack. I have an Ubuntu Virus Scanner app that specifically scans Windows files. I use this laptop for downloading any files from CNet, SourceForge, etc... and scan them before installing them on my main Windows 7 laptop. This scanner did not find anything but I suspect whatever infection I have has already told the Virus Scanner to ignore it.

Has anyone seen this. What do you suspect? I know Ubuntu viruses are possible but less common than Windows. Just wonder what virus spreads from Ubuntu to the Win XP Pro portion of a dual boot PC?

:hide:

Hi all, my machine has been acting somewhat strangely for the past few days as detailed in my post here http://www.techsupportforum.com/foru...ml#post6338386. It seems to be working better now after running sfcfix but I was told I should post over here just to be sure. Here are my DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.25.2
Run by Matthew at 18:06:42 on 2015-05-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3510.1858 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Matthew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Matthew\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Matthew\AppData\Local\WindowsSys2.exe
C:\Program Files\SafeConnect\SafeConnectClient.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1006\TmIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\matthew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "c:\users\matthew\appdata\roaming\spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\users\matthew\appdata\roaming\spotify\Spotify.exe" -autostart -minimized
uRun: [f.lux] "c:\users\matthew\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [System Alert] c:\windows\system32\System Alert.exe
uRun: [D5DB7544-3EC2-44AF-B067-F5ED965A51BC] "c:\users\matthew\appdata\local\WindowsSys2.exe" /STARTUP
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\matthew\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\matthew\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://8.19.48.111/CACHE/stc/5/binaries/vpnweb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\144545139333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\36F6C6F6271646F6D27657563747 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.33.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\4556C626F6F583443413 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94C38BF9-485C-487C-B0AB-898FE16DD0C8} : DHCPNameServer = 128.197.253.188 128.197.253.126
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1006\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.81\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2014-9-11 142432]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scManager.sys [2012-11-19 176520]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-4-21 281400]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-4-21 38200]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-1-27 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-2-24 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-2-24 269824]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\tmproxy.exe [2010-4-21 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 insvc_1.10.0.13;Infonaut 1.10.0.13 Client Service;"c:\program files\infonaut_1.10.0.13\service\insvc.exe" --> c:\program files\infonaut_1.10.0.13\service\insvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-5-13 102912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-7 20464]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-4-21 50704]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-27 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-7 652360]
.
=============== Created Last 30 ================
.
2015-05-26 21:37:23 -------- d-----w- C:\AdwCleaner
2015-05-26 21:35:58 9265072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{017c9874-12a3-4e7d-a7b1-635f66548c11}\mpengine.dll
2015-05-26 21:35:41 -------- d-----w- C:\RegBackup
2015-05-26 21:29:40 -------- d-----w- C:\SFCFix
2015-05-26 21:28:58 -------- d-----w- c:\users\matthew\appdata\local\niemiro
2015-05-21 19:34:12 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432236852-5910-8057-C4C04F324D31
2015-05-21 19:34:04 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432236844-5910-8057-C4C04F324D31
2015-05-21 19:23:58 -------- d-----w- c:\program files\CCleaner
2015-05-21 17:32:24 -------- d-----w- c:\program files\TECHHUBBYSOL
2015-05-21 17:31:42 -------- d-----w- c:\users\matthew\appdata\local\Techhubby
2015-05-21 17:24:31 -------- d-----w- c:\users\matthew\appdata\local\15357
2015-05-21 17:05:12 128512 ----a-w- c:\users\matthew\appdata\local\WindowsSys2.exe
2015-05-21 17:00:41 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432227641-5910-8057-C4C04F324D31
2015-05-21 17:00:17 -------- d-----w- c:\program files\System Alert
2015-05-21 16:57:00 -------- d-----w- c:\users\matthew\appdata\local\Arun Programs
2015-05-21 16:44:23 908832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3a6a1fa2-ad3f-4d0d-b322-3549c4b6ec58}\gapaengine.dll
2015-05-21 16:43:50 9265072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-05-14 22:42:39 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:30:47 259072 ----a-w- c:\windows\system32\services.exe
2015-05-13 18:28:35 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-04 05:52:30 -------- d-----w- c:\users\matthew\appdata\local\FluxSoftware
.
==================== Find3M ====================
.
2015-05-26 21:54:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-26 21:54:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-05 01:12:49 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:11:55 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-04-27 19:11:53 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-27 19:11:53 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-27 19:08:02 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-04-27 19:05:39 851456 ----a-w- c:\windows\system32\diagtrack.dll
2015-04-27 19:05:35 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- c:\windows\system32\tdh.dll
2015-04-27 19:05:33 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-27 19:05:33 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-04-27 19:05:32 43008 ----a-w- c:\windows\system32\srclient.dll
2015-04-27 19:05:32 400896 ----a-w- c:\windows\system32\srcore.dll
2015-04-27 19:05:29 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- c:\windows\system32\secur32.dll
2015-04-27 19:05:17 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-27 19:04:47 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-27 19:04:45 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-04-27 19:04:37 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-04-27 19:04:37 17408 ----a-w- c:\windows\system32\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-04-27 19:04:24 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-04-27 19:04:21 69632 ----a-w- c:\windows\system32\smss.exe
2015-04-27 19:04:14 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-04-27 19:04:12 37888 ----a-w- c:\windows\system32\relog.exe
2015-04-27 19:04:05 22528 ----a-w- c:\windows\system32\lsass.exe
2015-04-27 19:04:04 82944 ----a-w- c:\windows\system32\logman.exe
2015-04-27 19:03:58 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-04-27 19:01:33 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-27 18:59:41 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-04-27 18:59:36 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-27 18:00:30 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-04-21 16:25:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-04-21 16:25:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-04-21 16:11:10 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- c:\windows\system32\html.iec
2015-04-21 16:08:41 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-04-21 15:58:44 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-04-21 15:57:57 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-04-21 15:51:54 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-04-21 15:43:28 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- c:\windows\system32\jscript9.dll
2015-04-21 15:25:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- c:\windows\system32\wininet.dll
2015-04-20 02:56:29 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:03:22 2382336 ----a-w- c:\windows\system32\win32k.sys
2015-04-18 02:56:57 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-14 07:38:52 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-04-08 03:14:07 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14:07 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14:07 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-03-25 03:00:57 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00:57 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00:57 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-23 03:06:47 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06:32 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06:22 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06:21 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06:21 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06:21 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59:03 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06:01 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 23:34:52 95408 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 23:34:52 245096 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2015-03-04 04:16:14 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:11:12 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-03-04 04:10:54 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10:53 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-03-04 04:10:52 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10:52 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:10:37 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-03-04 04:06:41 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-03-03 13:16:52 246920 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:07:28.52 ===============
and I've attached attach.txt as well. I also recently cleaned out my browsers using Junkware Removal Tool and ADWCleaner. Here are my JRT logs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.0 (05.25.2015:1)
OS: Windows 7 Professional x86
Ran by Matthew on Tue 05/26/2015 at 17:35:39.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] apnmcp
Successfully stopped: [Service] brshelper
Successfully deleted: [Service] brshelper
Successfully stopped: [Service] netfilter
Successfully deleted: [Service] netfilter
Successfully stopped: [Service] smupd
Successfully deleted: [Service] smupd
Successfully stopped: [Service] smupdd
Successfully deleted: [Service] smupdd
Successfully stopped: [Service] spbiupd
Successfully deleted: [Service] spbiupd
Successfully stopped: [Service] spbiupdd
Successfully deleted: [Service] spbiupdd



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\AI_Updater
Successfully deleted: [Task] C:\Windows\System32\tasks\boosterpop
Successfully deleted: [Task] C:\Windows\System32\tasks\HDNINSTSCHD
Successfully deleted: [Task] C:\Windows\System32\tasks\IE_ERR4WDR
Successfully deleted: [Task] C:\Windows\System32\tasks\IEError
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Master
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Popup
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Popup3
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Start
Successfully deleted: [Task] C:\Windows\System32\tasks\UPDTEXE4_WDR



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hawker
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcprivacydock
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hawker
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80CFE4F4-B31A-4850-8A62-67832B628DBA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Shop Time



~~~ Files

Successfully deleted: [File] C:\end
Successfully deleted: [File] C:\Windows\verson_hawker.txt
Successfully deleted: [File] C:\Users\Matthew\appdata\local\nsaE9B7.tmp
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\aghaobcn\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\cbhicrqr\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\fuzwseql\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\newxfolq\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\szfaqduc\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\zgzmikpx\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\zosaxknb\encecal.dll [Adware.AdPeak?]



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\app_setup
Successfully deleted: [Folder] C:\Program Files\askpartnernetwork
Successfully deleted: [Folder] C:\Program Files\conduit
Successfully deleted: [Folder] C:\Program Files\delta
Successfully deleted: [Folder] C:\Program Files\PariccELess
Successfully deleted: [Folder] C:\Program Files\pcp
Successfully deleted: [Folder] C:\Program Files\PorriceLeossa
Successfully deleted: [Folder] C:\Program Files\portable weatherapp
Successfully deleted: [Folder] C:\Program Files\predm
Successfully deleted: [Folder] C:\Program Files\searchprotect
Successfully deleted: [Folder] C:\ProgramData\abc
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\askpartnernetwork
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\browserdefender
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\hawker
Successfully deleted: [Folder] C:\Users\Matthew\appdata\local\installer
Successfully deleted: [Folder] C:\Users\Matthew\appdata\locallow\claro ltd
Successfully deleted: [Folder] C:\Users\Matthew\appdata\locallow\conduit
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\microsoft\windows\start menu\programs\pc performer
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\pc privacy dock
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\performersoft
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\search protection
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\searchprotect
Successfully deleted: [Folder] C:\Users\Matthew\documents\optimizer pro
Successfully deleted: [Folder] C:\Users\Matthew\documents\pcprivacydock
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\askpartnernetwork
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\conduit
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\crashrpt
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\cre
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\pc_privacy_dock
Successfully deleted: [Folder] C:\Users\Matthew\appdata\local\ospd_us_1071 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\aghaobcn [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\cbhicrqr [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\fuzwseql [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\newxfolq [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\szfaqduc [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\zgzmikpx [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\zosaxknb [Adware.AdPeak?]



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\user.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\bprotect.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\yahoo_ff.xml
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\smartbar
Successfully deleted the following from C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\prefs.js

user_pref(CT3072253.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.Facebook_Mode, 2);
user_pref(CT3072253.Facebook_User_Locale, en);
user_pref(CT3072253.FirstTime, true);
user_pref(CT3072253.FirstTimeFF3, true);
user_pref(CT3072253.UserID, UN56340175764143331);
user_pref(CT3072253.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3072253.autoDisableScopes, -1);
user_pref(CT3072253.cb_experience_000, 88);
user_pref(CT3072253.cb_firstuse0100, 1);
user_pref(CT3072253.cbcountry_001, US);
user_pref(CT3072253.cbfirsttime, Sun Aug 12 2012 17:39:08 GMT-0400 (Eastern Daylight Time));
user_pref(CT3072253.defaultSearch, FALSE);
user_pref(CT3072253.embeddedsData, [{\appId\:\129571859753931591\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3072253.enableAlerts, always);
user_pref(CT3072253.enableSearchFromAddressBar, FALSE);
user_pref(CT3072253.firstTimeDialogOpened, true);
user_pref(CT3072253.fixPageNotFoundError, true);
user_pref(CT3072253.fixPageNotFoundErrorInHidden, true);
user_pref(CT3072253.fixUrls, true);
user_pref(CT3072253.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES, resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L
user_pref(CT3072253.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES, openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=
user_pref(CT3072253.installId, fft2CD1.tmp.exe);
user_pref(CT3072253.installType, XPE);
user_pref(CT3072253.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.isNewTabEnabled, true);
user_pref(CT3072253.isPerformedSmartBarTransition, true);
user_pref(CT3072253.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3072253.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\hxxp%3A%2F%2Fwww.reddit.com%2Fr%2FHistoricalWhatIf%2F\,\EB_MAIN_FRAME_TITLE\:
user_pref(CT3072253.newSettings, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.openThankYouPage, true);
user_pref(CT3072253.openUninstallPage, FALSE);
user_pref(CT3072253.search.searchAppId, 129571859753931591);
user_pref(CT3072253.search.searchCount, 1);
user_pref(CT3072253.searchInNewTabEnabledInHidden, true);
user_pref(CT3072253.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3072253\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControl2.OurToolbar.com//xpi\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl2\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1349896906457);
user_pref(CT3072253.serviceLayer_services_appTracking_lastUpdate, 1344807547583);
user_pref(CT3072253.serviceLayer_services_appsMetadata_lastUpdate, 1350127424176);
user_pref(CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1349037393233);
user_pref(CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate, 1354985899027);
user_pref(CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1349037393412);
user_pref(CT3072253.serviceLayer_services_searchAPI_lastUpdate, 1350155994255);
user_pref(CT3072253.serviceLayer_services_serviceMap_lastUpdate, 1354928324535);
user_pref(CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate, 1349037393314);
user_pref(CT3072253.serviceLayer_services_toolbarSettings_lastUpdate, 1354985898654);
user_pref(CT3072253.serviceLayer_services_translation_lastUpdate, 1354928324723);
user_pref(CT3072253.settingsINI, true);
user_pref(CT3072253.shouldFirstTimeDialog, false);
user_pref(CT3072253.smartbar.CTID, CT3072253);
user_pref(CT3072253.smartbar.Uninstall, 0);
user_pref(CT3072253.smartbar.toolbarName, uTorrentControl2 );
user_pref(CT3072253.startPage, userChanged);
user_pref(CT3072253.toolbarBornServerTime, 13-8-2012);
user_pref(CT3072253.toolbarCurrentServerTime, 8-12-2012);
user_pref(CT3072253.url_history0001, hxxp://www.politifact.com/truth-o-meter/article/2012/oct/08/suggest-fact-check-us-use-politifactthis/:::clickhandler:::1350008771659,,,
user_pref(CT3298566.1000082.isPlayDisplay, true);
user_pref(CT3298566.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3298566.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.FF19Solved, true);
user_pref(CT3298566.FirstTime, true);
user_pref(CT3298566.FirstTimeFF3, true);
user_pref(CT3298566.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(CT3298566.TopHitsConfig.enc, ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zc
user_pref(CT3298566.UserID, UN39718417211268134);
user_pref(CT3298566.YTbyClickFavorites.enc, W10=);
user_pref(CT3298566.YTbyClickRecent.enc, W10=);
user_pref(CT3298566.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3298566.autoDisableScopes, 14);
user_pref(CT3298566.browser.search.defaultthis.engineName, true);
user_pref(CT3298566.defaultSearch, true);
user_pref(CT3298566.embeddedsData, [{\appId\:\130110228003246321\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3298566.enableAlerts, true);
user_pref(CT3298566.enableFix404ByUser, TRUE);
user_pref(CT3298566.enableSearchFromAddressBar, true);
user_pref(CT3298566.firstTimeDialogOpened, true);
user_pref(CT3298566.fixPageNotFoundError, true);
user_pref(CT3298566.fixPageNotFoundErrorByUser, true);
user_pref(CT3298566.fixPageNotFoundErrorInHidden, true);
user_pref(CT3298566.fixUrls, true);
user_pref(CT3298566.installDate, 28/5/2013 10:39:40);
user_pref(CT3298566.installId, cid111);
user_pref(CT3298566.installSessionId, {8AC80814-5EA5-41F2-A7C3-8D330E2C214E});
user_pref(CT3298566.installSp, TRUE);
user_pref(CT3298566.installType, conduitnsisintegration);
user_pref(CT3298566.installUsage, 2013-06-06T01:31:20.4418221+03:00);
user_pref(CT3298566.installUsageEarly, 2013-06-06T01:31:17.5245473+03:00);
user_pref(CT3298566.installerVersion, 1.4.2.3);
user_pref(CT3298566.isCheckedStartAsHidden, true);
user_pref(CT3298566.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.isFirstTimeToolbarLoading, false);
user_pref(CT3298566.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3298566.keyword, true);
user_pref(CT3298566.lastNewTabSettings, {\isEnabled\:false,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN397184172112681
user_pref(CT3298566.lastVersion, 10.16.300.3);
user_pref(CT3298566.mam_gk_appStateReportTime.enc, MTM3MDQ3MTQ4OTk1Nw==);
user_pref(CT3298566.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3298566.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3298566.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3298566.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref(CT3298566.mam_gk_appsDefaultEnabled.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImE1NGZiYjczLWU3OWEtNDAwOS04NjUxLTFiYTYxZW
user_pref(CT3298566.mam_gk_currentVersion.enc, MS42LjAuOTk=);
user_pref(CT3298566.mam_gk_eventsCache.enc, eyI2Njc2Mzc0Zi1kODI3LTRkZGMtOTc0NC1hZjk4NTdiOWY0YWMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3298566.mam_gk_first_time.enc, MQ==);
user_pref(CT3298566.mam_gk_gadgetOpen.enc, d2VsY29tZQ==);
user_pref(CT3298566.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3298566.mam_gk_lastLoginTime.enc, MTM3MDQ3MTQ4NjExMQ==);
user_pref(CT3298566.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3298566.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_settings1.6.0.99.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMV8wIiwiaXNUZXN0Ijp0cnVlLCJpc1dlbGNvbWVFeHBlcmllbmN
user_pref(CT3298566.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_showWelcomeGadget.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_userId.enc, MGZjMmMyNTEtODY0MC00OTVlLWIwZTYtZjk2M2E4NWU0Yjhi);
user_pref(CT3298566.migrateAppsAndComponents, true);
user_pref(CT3298566.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://MixiDJV30.Our
user_pref(CT3298566.openThankYouPage, false);
user_pref(CT3298566.openUninstallPage, true);
user_pref(CT3298566.originalHomepage, hxxp://www.politifact.com);
user_pref(CT3298566.originalSearchAddressUrl, hxxps://isearch.avg.com/search?cid=%7B68322086-56e8-4ee9-8507-5b41541fc664%7D&mid=23513c543f7747d0ac4a8d6f4cdee406-72980b38dd9
user_pref(CT3298566.originalSearchEngine, Bing);
user_pref(CT3298566.revertSettingsEnabled, false);
user_pref(CT3298566.search.searchAppId, 130110228003246321);
user_pref(CT3298566.search.searchCount, 0);
user_pref(CT3298566.searchFromAddressBarEnabledByUser, true);
user_pref(CT3298566.searchInNewTabEnabledByUser, true);
user_pref(CT3298566.searchInNewTabEnabledInHidden, true);
user_pref(CT3298566.searchProtector.notifyChanges, {\dataType\:\string\,\data\:\false\});
user_pref(CT3298566.searchRevert, false);
user_pref(CT3298566.searchUserMode, 2);
user_pref(CT3298566.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3298566.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3298566\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://MixiDJV30.OurToolbar.com//xpi\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\MixiDJ V30\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1370471481986);
user_pref(CT3298566.serviceLayer_services_appsMetadata_lastUpdate, 1370471481929);
user_pref(CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1370471481837);
user_pref(CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1370471480121);
user_pref(CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1370471482579);
user_pref(CT3298566.serviceLayer_services_location_lastUpdate, 1370471480550);
user_pref(CT3298566.serviceLayer_services_login_10.16.300.3_lastUpdate, 1370471482278);
user_pref(CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1370471481885);
user_pref(CT3298566.serviceLayer_services_searchAPI_lastUpdate, 1370471480129);
user_pref(CT3298566.serviceLayer_services_serviceMap_lastUpdate, 1370471478267);
user_pref(CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate, 1370471481778);
user_pref(CT3298566.serviceLayer_services_toolbarSettings_lastUpdate, 1370471479349);
user_pref(CT3298566.serviceLayer_services_translation_lastUpdate, 1370471481958);
user_pref(CT3298566.settingsINI, true);
user_pref(CT3298566.shouldFirstTimeDialog, false);
user_pref(CT3298566.showToolbarPermission, false);
user_pref(CT3298566.smartbar.CTID, CT3298566);
user_pref(CT3298566.smartbar.Uninstall, 0);
user_pref(CT3298566.smartbar.homepage, true);
user_pref(CT3298566.smartbar.toolbarName, MixiDJ V30 );
user_pref(CT3298566.startPage, true);
user_pref(CT3298566.toolbarBornServerTime, 6-6-2013);
user_pref(CT3298566.toolbarCurrentServerTime, 6-6-2013);
user_pref(CT3298566.toolbarLoginClientTime, Wed Jun 05 2013 16:31:22 GMT-0600 (Mountain Daylight Time));
user_pref(CT3298566.versionFromInstaller, 10.16.300.3);
user_pref(CT3298566_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1371080184969,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN39718417211268134&UM=2&UP=SP6BA6D775-929A-47FA-A5DB
user_pref(Smartbar.ConduitSearchEngineList, MixiDJ V30 Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxps://isearch.avg.com/search?cid=%7B68322086-56e8-4ee9-8507-5b41541fc664%7D&mid=23513c543f7747d0ac4a8d6f4cdee406-72980b38
user_pref(Smartbar.keywordURLSelectedCTID, CT3298566);
user_pref(browser.search.defaultthis.engineName, MixiDJ V30 Customized Web Search);
user_pref(browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=3&q={searchTerms});
user_pref(extensions.506a239b818d5.scode, (function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnalert11.co
user_pref(extensions.BabylonToolbar_i.newTab, true);
user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://www.claro-search.com/?affID=114506&tt=3912_2&babsrc=NT_clro&mntrId=6eb04da700000000000068a3c4169287);
user_pref(extensions.GXTKBkXggUm6P5CH.scode, (function(){try{if(window.location.href.indexOf(\rjr5qHsFrTY5qdrEpdn9qjg5qTY\)>-1){return;}}catch(e){}try{var d=[[\www.virac
user_pref(extensions.QoFSdcLQt2HsQt3X.scode, (function(){try{if(window.location.href.indexOf(\rjr5qHsFrTY5qdrEpdn9qjg5qTY\)>-1){return;}}catch(e){}try{var d=[[\www.virac
user_pref(extensions.claro.admin, false);
user_pref(extensions.claro.aflt, babsst);
user_pref(extensions.claro.dfltLng, en);
user_pref(extensions.claro.excTlbr, false);
user_pref(extensions.claro.id, 6eb04da700000000000068a3c4169287);
user_pref(extensions.claro.instlDay, 15611);
user_pref(extensions.claro.instlRef, sst);
user_pref(extensions.claro.prdct, claro);
user_pref(extensions.claro.prtnrId, claro);
user_pref(extensions.claro.tlbrId, claro);
user_pref(extensions.claro.vrsn, 1.6.4.1);
user_pref(extensions.claro.vrsni, 1.6.4.1);
user_pref(extensions.claro_i.smplGrp, none);
user_pref(extensions.claro_i.vrsnTs, 1.6.4.19:19:16);
user_pref(extensions.crossriderapp26278.adsOldValue, 10);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 6eb04da700000000000068a3c4169287);
user_pref(extensions.delta.instlDay, 15869);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.21.5);
user_pref(extensions.delta.vrsnTs, 1.8.21.521:20:09);
user_pref(extensions.delta.vrsni, 1.8.21.5);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121441);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extentions.y2layers.defaultEnableAppsList, bestvideodownloader,buzzdock,YontooNewOffers);
user_pref(extentions.y2layers.installId, 425c3413-d80b-4bd8-b00f-453b06906a2e);
user_pref(smartbar.addressBarOwnerCTID, CT3298566);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298566&oct
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(smartbar.defaultSearchOwnerCTID, CT3298566);
user_pref(smartbar.homePageOwnerCTID, CT3298566);
user_pref(smartbar.machineId, /C9+HS/UZI29/BYW3IEXF1QOXZFQOIWDS+UPN/AKINQHLFNKGLDGPSZV7OIMWSRNYID0BZGXT8/QZCGWTAUWMW);
user_pref(smartbar.originalHomepage, hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=13);
Emptied folder: C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\minidumps [53 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/26/2015 at 17:37:31.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and my ADW logs # AdwCleaner v4.205 - Logfile created 26/05/2015 at 17:39:40
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Matthew - MATTHEW
# Running from : C:\Users\Matthew\Downloads\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : APNMCP
[#] Service Deleted : SPDRIVER_1.42.1.1870

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2650880150728770864
Folder Deleted : C:\ProgramData\a7cc6c19000017a9
Folder Deleted : C:\ProgramData\{7c0bff9e-a75a-d21f-7c0b-bff9ea75fe7a}
Folder Deleted : C:\Program Files\ConnectPC
Folder Deleted : C:\Program Files\Hawker
Folder Deleted : C:\Program Files\Priceless
Folder Deleted : C:\Users\Matthew\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\ProgramData\bjpchbfkcjcpafkggdmjcgkhilammejk
Folder Deleted : C:\ProgramData\coffdcpgfndebnobjbdimccfjkbjhdhb
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbmfpngjjgdllneeigpgjifpgocmfgmb_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_laankejkbhbdhmipfmgcngdelahlfoji_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgijmajocgfcbeboacabfgobmjgjcoja_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgijmajocgfcbeboacabfgobmjgjcoja
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\Matthew\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\bprotector web data

***** [ Scheduled tasks ] *****

Task Deleted : EPUpdater
Task Deleted : gtaUpt
Task Deleted : Inst_Rep
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SPDriver
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : PCPrivacyDock_Start
Task Deleted : PCPrivacyDock_Popup
Task Deleted : PCPrivacyDock_Master

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKCU\Software\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKCU\Software\5d538cd9b068bd46
Key Deleted : HKLM\SOFTWARE\5d538cd9b068bd46
Key Deleted : HKLM\SOFTWARE\7b7d31ed-8fad-3564-87a6-c1c422265cf1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{853130B6-1A29-4D9D-9513-2A461287651E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{853130B6-1A29-4D9D-9513-2A461287651E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Hawker
Key Deleted : HKCU\Software\PCPrivacyDockLanguage
Key Deleted : HKCU\Software\sidecom
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Hawker
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN39718417211268134&SSPV=EB_SSPV&Lay=1&UM=[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.506a239b818d5.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"su[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.GXTKBkXggUm6P5CH.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHsFrTY5qdrEpdn9qjg5qTY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.QoFSdcLQt2HsQt3X.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHsFrTY5qdrEpdn9qjg5qTY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]

-\\ Google Chrome v

[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=3912_2&babsrc=SP_clro&mntrId=6eb04da700000000000068a3c4169287
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18762388492178927&ctid=CT3298566&UM=2
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=121441&babsrc=SP_ss&mntrId=6EB068A3C4169287
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/

*************************

AdwCleaner[R0].txt - [16122 bytes] - [26/05/2015 17:38:22]
AdwCleaner[S0].txt - [16486 bytes] - [26/05/2015 17:39:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16546 bytes] ##########

Thanks!

Attached Files

attach.txt (19.6 KB)

Hello,
I would like to thank you so much for your help first, I really need it and actually broke down crying when I got this malware. I have been trying to rid myself of it and I think I have done so. I am sorry but I have already deleted various files and such, I have deleted everything with the word Dregol and I thought I was done. Although I incorrectly deleted google chrome and so I could not re-install it (or at least I think that is the case). Please help!!! I believe I got the malware when downloading and installing a iso for a play station 2 simulator (it wasn't me it was a friend doing it for no good reason >.<). It was called dregol and whenever I opened up any search engine it brought me to their website. I uninstalled firefox and chrome and found ways to delete it from being the primary source and how to manually delete it from my computer but I have not yet deleted it from chrome and I cannot re-install it. Everytime I try it says "Installation failed. The Google Chrome installer failed to start." Please help me it is distracting me and I REALLY need help. Thank you so much,
-a simple guy who needs help

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17356 BrowserJavaVersion: 10.60.2
Run by Thomas at 18:45:51 on 2015-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8061.4246 [GMT -4:00]
.
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Project\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Music\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Users\Thomas\AppData\Local\Apps\2.0\8KNXZW9J.36B\XLQPW1YB.E9O\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Program Files (x86)\BenQ\Display Pilot\DTHtml.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Program Files (x86)\Razer\Core\RazerCore.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~2\NORTON~2\Engine\2220~1.31\navw32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Thomas\Downloads\ChromeSetup.exe
C:\Users\Thomas\AppData\Local\Temp\GUMACF1.tmp\GoogleUpdate.exe
C:\Users\Thomas\AppData\Local\Temp\GUMACF1.tmp\GoogleUpdateSetup.exe
C:\Program Files (x86)\GUMBF78.tmp\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coieplg.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coieplg.dll
uRun: [Spotify Web Helper] "C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] "\\localhost\C$\@GMT-2015.05.15-23.44.09\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify] "C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT BEN] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -BEN
StartupFolder: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247}\4425F676562737 : DHCPNameServer = 192.168.1.1 167.206.245.135 167.206.245.136
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247}\E435140254870727563737 : DHCPNameServer = 192.168.43.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\CoIEPlg.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [iTunesHelper] "D:\Music\iTunes\iTunesHelper.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\q9zjyd9j.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-21 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NSx64\1602000.01F\SymDS64.sys [2015-5-21 490712]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NSx64\1602000.01F\SymEFA64.sys [2015-5-21 1151704]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2015-3-16 73296]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [2015-5-19 1639128]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\1602000.01F\ccSetx64.sys [2015-5-21 165080]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150520.001\IDSviA64.sys [2015-5-20 671448]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2015-1-18 74432]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2015-5-21 108216]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\1602000.01F\Ironx64.sys [2015-5-21 271576]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\1602000.01F\symnets.sys [2015-5-21 565464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-20 244736]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124568]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [2015-5-21 282528]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2015-1-19 122384]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-2-4 187072]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-6-30 32544]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-1-18 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2015-1-18 129600]
R2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [2015-2-3 4250624]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-8-21 906432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-5-21 142640]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-21 791024]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2015-1-18 129472]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
R3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2014-12-30 35496]
R3 RZSURROUNDVADService;Razer Surround Audio Service;C:\Windows\System32\drivers\RzSurroundVAD.sys [2015-2-9 40640]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-10 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2014-6-30 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-6-30 32400]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-6-9 32768]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2014-6-30 58000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-10 30208]
S3 VLAN;Realtek Virtual Adapter;C:\Windows\System32\drivers\RtVlan60.sys [2014-6-30 32400]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-10 1255736]
.
=============== Created Last 30 ================
.
2015-05-21 22:22:38 -------- d-----w- C:\Users\Thomas\AppData\Local\Google
2015-05-21 22:11:34 -------- d-----w- C:\Program Files (x86)\GUM97AC.tmp
2015-05-21 22:04:30 -------- d-----w- C:\NPE
2015-05-21 22:01:29 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2015-05-21 22:01:12 -------- d-----w- C:\Users\Thomas\AppData\Local\NPE
2015-05-21 21:07:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2015-05-21 20:29:15 102616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-05-21 20:29:15 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2015-05-21 20:29:11 916184 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\srtsp64.sys
2015-05-21 20:29:11 565464 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\symnets.sys
2015-05-21 20:29:11 490712 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymDS64.sys
2015-05-21 20:29:11 42200 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\srtspx64.sys
2015-05-21 20:29:11 271576 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\Ironx64.sys
2015-05-21 20:29:11 23568 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymELAM.sys
2015-05-21 20:29:11 165080 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\ccSetx64.sys
2015-05-21 20:29:11 1151704 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymEFA64.sys
2015-05-21 20:28:44 -------- d-----w- C:\Windows\System32\drivers\NSx64\1602000.01F
2015-05-21 20:28:44 -------- d-----w- C:\Windows\System32\drivers\NSx64
2015-05-21 20:28:42 -------- d-----w- C:\Program Files (x86)\Norton Security
2015-05-21 20:26:11 -------- d-----w- C:\ProgramData\NortonInstaller
2015-05-21 20:26:11 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2015-05-21 20:24:54 -------- d-----w- C:\ProgramData\Norton
2015-05-21 19:52:25 -------- d-----w- C:\Users\Thomas\AppData\Local\Chromium
2015-05-21 02:35:27 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Tera_Awesomium
2015-05-21 02:31:52 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8A68D-ACC4-47D1-9DC6-8B0E05BCB6F6}\mpengine.dll
2015-05-19 21:31:50 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-16 21:29:48 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1640244D-A03E-4F30-B6C0-1F49B8439783}\gapaengine.dll
2015-05-15 23:47:29 -------- d-----w- C:\Users\Thomas\AppData\Local\Apple Computer
2015-05-15 23:47:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-05-15 23:47:12 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-15 23:47:12 -------- d-----w- C:\Program Files\iPod
2015-05-15 23:47:12 -------- d-----w- C:\Program Files (x86)\iTunes
2015-05-15 23:44:04 -------- d-----w- C:\Users\Thomas\AppData\Local\Apple
2015-05-15 23:43:50 -------- d-----w- C:\Program Files\Bonjour
2015-05-15 23:43:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-05-13 03:13:00 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:13:00 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:35:55 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-07 19:45:11 -------- d-----w- C:\Users\Thomas\Tracing
.
==================== Find3M ====================
.
2015-05-15 19:26:31 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-15 19:26:31 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 14:33:27 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-21 14:33:25 524288 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 14:33:03 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 14:33:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 14:33:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-04-21 14:32:45 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 13:53:34 2237440 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 13:53:29 601600 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 13:52:53 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 13:52:51 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 13:52:51 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-04-21 13:52:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 03:06:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-18 02:59:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-18 02:37:08 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-18 02:34:17 441856 ----a-w- C:\Windows\System32\html.iec
2015-04-18 02:12:40 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-04-18 02:09:03 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-14 05:49:32 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
.
============= FINISH: 18:46:05.62 ===============

Attached Files

attach.txt (7.2 KB)

so first i DID indeed run a virus scan using Spyhunter, that removed 237 hostile things. THEN i ran a bootscan with Avast, because Spyhunter does not offer that service. the bootscan turned up negative, but i'm still having issues. these include but are not limited to...

the computer takes AT LEAST 5 minutes to start up and get it's **** together

windows media player crashes upon starting it

i tried a second scan with spyhunter IN SAFE MODE and teh scan stopped scanning files 35% of the way through, even though the program was still functioning and had not crashed

just a few minutes ago, the com restarted on it's own

and the universal symptom of everything slowing to a crawl.

I attached your log thingies though I'm not sure what they tell you but i trust y'all to do me right.

Attached Files

	attach.txt (43.2 KB)
	dds.txt (32.3 KB)

Hi Chemist

Sorry I have been on holiday, link below to original thread, completed your last instruction.

http://www.techsupportforum.com/foru...es-993978.html

Combofix.txt log

ComboFix 15-05-25.01 - Dianne Fox 27/05/2015 20:54:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.888 [GMT 1:00]
Running from: c:\documents and settings\Dianne Fox\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dianne Fox\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
FILE ::
"c:\documents and settings\Dianne Fox\Desktop\backups\backup-20131209-213253-350.dll"
"c:\documents and settings\Dianne Fox\My Documents\Di's Stuff\downloads\asc-setup.exe"
"c:\program files\NCH Software\Disketch\disketch.exe"
"c:\program files\NCH Software\Disketch\disketchsetup_v3.32.exe"
"c:\program files\NCH Software\ExpressBurn\expressburn.exe"
"c:\program files\NCH Software\ExpressBurn\expressburnsetup_v4.82.exe"
"c:\program files\NCH Software\Switch\switch.exe"
"c:\program files\NCH Software\Switch\switchsetup_v4.79.exe"
"c:\program files\NCH Software\VideoPad\videopad.exe"
"c:\program files\NCH Software\VideoPad\videopadsetup_v4.05.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dianne Fox\Desktop\backups\backup-20131209-213253-350.dll
c:\documents and settings\Dianne Fox\My Documents\Di's Stuff\downloads\asc-setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
.
.
((((((((((((((((((((((((( Files Created from 2015-04-27 to 2015-05-27 )))))))))))))))))))))))))))))))
.
.
2015-05-20 19:00 . 2015-05-20 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-05-20 19:00 . 2015-05-20 19:00 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2015-05-16 16:41 . 2015-05-16 16:43 -------- d-----w- c:\documents and settings\Dianne Fox\Application Data\uTorrent
2015-05-15 08:28 . 2015-05-15 08:53 -------- d-----w- C:\AdwCleaner
2015-05-12 21:56 . 2015-05-12 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-05-12 18:55 . 2015-05-12 18:46 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-05-12 18:48 . 2015-05-12 18:45 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-12 18:45 . 2015-05-12 18:45 43112 ----a-w- c:\windows\avastSS.scr
2015-05-10 10:19 . 2015-05-10 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Trusteer
2015-05-09 12:28 . 2015-05-09 12:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2015-05-08 16:25 . 2015-05-08 16:25 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-02 16:40 . 2015-05-02 16:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Trusteer
2015-05-02 16:18 . 2015-05-02 16:18 -------- d-----w- c:\documents and settings\Dianne Fox\Local Settings\Application Data\CDex
2015-05-02 16:17 . 2015-05-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2015-05-02 16:17 . 2015-05-10 11:13 -------- d-----w- c:\program files\CDex
2015-05-02 16:00 . 2015-05-27 19:31 -------- d-----w- c:\documents and settings\Dianne Fox\Application Data\NCH Software
2015-05-02 15:40 . 2015-05-27 19:33 -------- d-----w- c:\program files\NCH Software
2015-05-02 15:40 . 2015-05-27 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-20 18:57 . 2014-06-01 15:22 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-12 18:46 . 2013-12-30 14:05 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-05-12 18:46 . 2013-12-30 14:05 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-12 18:46 . 2013-12-30 14:05 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-12 18:46 . 2013-12-30 14:05 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-12 18:46 . 2014-05-11 13:50 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-12 18:46 . 2013-12-30 14:05 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-12 18:42 . 2013-12-30 14:05 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-27 20:20 . 2013-08-03 11:57 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-27 20:20 . 2013-08-03 11:57 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 08:37 . 2014-06-01 15:22 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2014-06-01 15:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-29 09:46 . 2014-06-29 09:46 6010880 ----a-w- c:\program files\GUT5.tmp
2013-10-12 11:16 . 2013-10-12 11:16 50053120 ----a-w- c:\program files\GUT3.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-12 18:44 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dianne Fox\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Dianne Fox\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [30/12/2013 15:05 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [30/12/2013 15:05 209048]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [08/05/2015 17:25 218008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/12/2013 15:05 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/12/2013 15:05 427992]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [20/05/2015 20:00 47928]
R1 RapportCerberus_1412097;RapportCerberus_1412097;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412097.sys [12/05/2015 19:36 528600]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [08/05/2015 17:25 279800]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/05/2015 17:25 348632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [11/05/2014 14:50 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [30/12/2013 15:05 74976]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [20/05/2015 20:00 656184]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [08/05/2015 17:25 2214168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/06/2014 16:22 23256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [01/06/2014 16:22 1080120]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [01/06/2014 16:22 119512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-27 19:35 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 20:20]
.
2015-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-05-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-12 18:44]
.
2015-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 18:52]
.
2015-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 18:52]
.
2015-05-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-25 01:59]
.
2014-03-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-25 01:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dianne Fox\Application Data\Mozilla\Firefox\Profiles\qo3ndag9.default-1398015338453\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-05-27 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\trusteer\rapport\bin\rooksbas.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\program files\trusteer\rapport\bin\rooksbas.dll
.
- - - - - - - > 'explorer.exe'(3992)
c:\program files\trusteer\rapport\bin\rooksbas.dll
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-05-27 21:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-27 20:47
ComboFix2.txt 2015-05-15 20:49
.
Pre-Run: 29,327,253,504 bytes free
Post-Run: 29,478,494,208 bytes free
.
- - End Of File - - 65D2A4B1FC390106F07B4AC04B2CE8C6
8F558EB6672622401DA993E1E865C861

Hi

Avast keeps popping up saying its blocked a harmful file, some it moves to the chest, some it just blocks. I have screenshotted the avast chest should you need it, one of the issues seems to be a type of windows update file in WIN32??? I run XP SP3 still.
I have run DDS.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dianne Fox at 21:40:58 on 2015-05-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.622 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.10.11023.1534\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dianne~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375641003437
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30DA2D19-782B-44F3-8089-367301CE92E5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\42.0.2311.135\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dianne fox\application data\mozilla\firefox\profiles\qo3ndag9.default-1398015338453\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-30 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-30 209048]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-5-8 218008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-30 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-30 427992]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-13 42272]
R1 RapportCerberus_1412097;RapportCerberus_1412097;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412097.sys [2015-5-12 528600]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-5-8 279800]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-5-8 348632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-11 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-30 74976]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-30 343336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-5-8 2214168]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.0\ToolbarUpdater.exe [2014-4-29 1801240]
R4 RapportCerberus_1412095;RapportCerberus_1412095;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412095.sys [2015-5-10 528856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2015-05-12 18:56:20 57888 ----a-w- c:\windows\system32\drivers\asw2B9.tmp
2015-05-12 18:56:16 208024 ----a-w- c:\windows\system32\drivers\asw2B8.tmp
2015-05-12 18:56:12 427736 ----a-w- c:\windows\system32\drivers\asw2B7.tmp
2015-05-12 18:56:11 49904 ----a-w- c:\windows\system32\drivers\asw2B6.tmp
2015-05-12 18:56:08 73440 ----a-w- c:\windows\system32\drivers\asw2B5.tmp
2015-05-12 18:56:06 24144 ----a-w- c:\windows\system32\drivers\asw2B4.tmp
2015-05-12 18:54:10 55200 ----a-w- c:\windows\system32\drivers\asw2B3.tmp
2015-05-12 18:53:26 788272 ----a-w- c:\windows\system32\drivers\asw2B2.tmp
2015-05-12 18:45:24 43112 ----a-w- c:\windows\avastSS.scr
2015-05-08 16:25:16 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-02 16:18:32 -------- d-----w- c:\documents and settings\dianne fox\local settings\application data\CDex
2015-05-02 16:17:42 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2015-05-02 16:17:14 -------- d-----w- c:\program files\CDex
2015-05-02 16:00:27 -------- d-----w- c:\documents and settings\dianne fox\application data\NCH Software
2015-05-02 15:40:46 -------- d-----w- c:\program files\NCH Software
.
==================== Find3M ====================
.
2015-05-12 18:46:26 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-12 18:46:23 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-12 18:46:22 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-12 18:46:22 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-12 18:42:14 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-10 12:37:21 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-27 20:20:29 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-27 20:20:28 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 16:04:46 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-06-29 09:46:27 6010880 ----a-w- c:\program files\GUT5.tmp
2013-10-12 11:16:22 50053120 ----a-w- c:\program files\GUT3.tmp
.
============= FINISH: 21:45:11.53 ===============

Attached Files

attach.txt (12.8 KB)

My computer is infected with malware and it is strange because it created a new user account. What is even stranger is the name of the account (Bocfsbek). I know I didn't create it, and no one else created it, so the only option left is malware and virus. I am really good at fixing computers (software and operating system) and getting rid of and preventing viruses. So far I have taken the following steps

1. Run ESET Smart Security

2. Run Malwarebytes Anti-Malware

3. Delete user account like any other user would

4. Delete user account through command prompt

5. Delete user account by going under computer, local disk C, users, and then deleting the user there.

6. Run Hitman Pro

7. Run Emsisoft Emergency Kit

8. System Restore

9. Rogue Killer

10. Rootkill

11. Combo Fix

12. Ccleaner (I have heard bad things about it and I didn't like it so I removed it from my computer)

13. Avast Premier Antivirus

14. Tdsskiller

15. Malicious Software Removal Tool from Microsoft

16. Command Prompt (type C: then attrib) and I found one autorun program and deleted it

17. Adware Cleaner


Each time I start or restart the computer, the user reappears. On all of these except Avast and Malicious Software Removal tool, something was detected and I removed it. My computer has and still is working extremely great, I run scans on it regularly and run disk defragments, disk cleanups ...

If you are wondering how I run my scans, I run full scans, quick scans, and smart scans. I don't run them at the same time to prevent the computer from slowing down and possibly each scan missing something. In addition, I regularly run windows updates and make sure my drivers are up to date.

As to what I think the cause could be is I had a computer I was fixing for someone that was messed up and I think it still has viruses and malware on it. I had it connected to the network so I could work on it better and I think it spread from that computer to mine. That computer is no longer on the network and I am working on scans to find malware and/or viruses on it.

Before all of this, I had ESET Smart Security and Malwarebytes installed. I also had rootkill and TDsskiller but those don't install on your computer, you just download them and save them to your downloads folder and then run them.

My computer is running windows 7 professional, 32 bit, it is a Compaq computer (before HP and Compaq merged), AMD Athlon Dual Core Processor, 3gb of memory, 320gb hard drive, and NVIDIA GeoForce 6150 SE Graphics.

Our network is secure and we have a password that is about nine characters long and includes numbers and letters (it is random password). I have tried just about everything in the book that I know of and still can't get the problem fixed. I have attached a screenshot below that I hope will help you.

If you need more information, I will be glad to provide it to you.

Attached Thumbnails

 

Hello, I'm experiencing some problems while surfing the net, I'm using an old PC I had kept for offline use only for about 5 years. I have seen it stalls or seems like it needs too much time before I can use it since it takes about 40 seconds between clicking any button and getting the action performed. About 8 days ago I tried to connect it to the internet and as soon as I logged to my account I experienced the sames as described but this time Internet Explorer opened 15 sessions/ web pages approximately, I then had to wait as usual to close them all. All the windows were showing the homepage (google), so I went to check the emails and facebook but I got the message "Internet Explorer cannot Display The Webpage", as if there was no internet connection.

I can access Google, Techsupportforum, some local news papers and some other website in which I read some tips on how to solve this but had no success. I can't access facebook since the first day I connected it to the net but there is a social networking site where I can see the home page but when trying to login to my account after entering all my information instead of going to my profile I get the same message. I installed the updates needed and shut it down. The next day I thought there could be some malware causing the problem so I scanned the PC with eSET online scanner and indeed it detected some threats and quarantined them. I just thought it was clean and tried to use it friday may 29 afternoon and noticed it still takes too much time to get to the point in which it can work as it should so I scanned the PC again with the same eSET tool and this time the scan results were negative, no threats found.

But I still can't get to those websites, so I started a thread at the Windows Vista section but they sent me here. I checked to see if there are restricted websites in my browser but there are none, I'm using an eMachines model W3653 running Windows Vista Home Premium/ 32Bits with Internet Explorer 9.

any indications as to why this happens and how to solve this aill be very appreciated, thanks in advance

Here is the report from DDS.txt:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16644 BrowserJavaVersion: 11.45.2
Run by khoyi kabhuto at 3:30:12 on 2015-05-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.239 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcgcoms.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell AIO 810\DLCGmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.pr/
uSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653
mSearch Page = ${URL_SEARCHPAGE}
uURLSearchHooks: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} -
mURLSearchHooks: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} -
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_45\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_45\bin\jp2ssv.dll
BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: PHPNukeEN Toolbar: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} -
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\khoyi kabhuto\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [Skytel] Skytel.exe
StartupFolder: c:\users\khoyik~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Save the YouTube video as MP3 - <no file>
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.17\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.55.102.2 8.8.8.8
TCP: Interfaces\{C7A12C23-6793-4E52-A2CB-35D964851A58} : DHCPNameServer = 24.55.102.2 8.8.8.8
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2009-1-13 5152]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2008-10-19 94208]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2013-3-6 32896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9686962c47df9;Google Update Service (gupdate1c9686962c47df9);c:\program files\google\update\GoogleUpdate.exe [2008-12-27 144200]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-14 30192]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-7-3 335872]
.
=============== Created Last 30 ================
.
2015-05-29 18:24:19 9265072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{df4fe93d-061b-47ff-92df-36a1417a01d1}\mpengine.dll
2015-05-23 20:24:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-23 20:23:07 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-23 20:14:06 99480 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-23 20:14:06 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-23 20:14:06 619664 ----a-w- c:\windows\system32\icardagt.exe
2015-05-23 20:13:56 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-23 20:12:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-05-23 20:12:26 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-05-23 20:10:29 81560 ----a-w- c:\windows\system32\mscories.dll
2015-05-23 20:10:29 156824 ----a-w- c:\windows\system32\mscorier.dll
2015-05-23 20:10:29 1131664 ----a-w- c:\windows\system32\dfshim.dll
2015-05-23 19:59:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-05-23 19:59:08 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-05-23 19:59:08 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-05-23 19:58:22 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-05-23 19:57:08 2048 ----a-w- c:\windows\system32\tzres.dll
2015-05-23 19:55:54 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-05-23 19:55:54 279040 ----a-w- c:\windows\system32\schannel.dll
2015-05-23 19:55:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-05-23 19:54:43 297984 ----a-w- c:\windows\system32\gdi32.dll
2015-05-23 19:34:14 499200 ----a-w- c:\windows\system32\kerberos.dll
2015-05-23 19:33:34 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-05-23 19:33:34 244152 ----a-w- c:\windows\system32\clfs.sys
2015-05-23 19:32:36 64000 ----a-w- c:\windows\system32\smss.exe
2015-05-23 19:32:36 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-23 19:32:36 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-05-23 19:32:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2015-05-23 19:32:35 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-23 19:31:56 67072 ----a-w- c:\windows\system32\packager.dll
2015-05-23 19:19:04 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-05-23 19:19:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-05-23 19:19:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-05-23 19:19:04 2065408 ----a-w- c:\windows\system32\win32k.sys
2015-05-23 19:19:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-05-23 19:19:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-05-23 19:19:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-23 19:19:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-05-23 19:19:03 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-05-23 19:19:03 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-05-23 19:18:09 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-05-23 19:11:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-05-23 19:11:45 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-05-23 19:09:37 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-23 19:07:32 985088 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-05-23 19:07:32 967168 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-05-23 19:07:32 939008 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-05-23 19:07:32 1850880 ----a-w- c:\program files\windows journal\Journal.exe
2015-05-23 19:07:32 1219584 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-05-23 18:52:20 -------- d-----w- c:\windows\system32\MRT
2015-05-23 18:51:33 807936 ----a-w- c:\windows\system32\msctf.dll
2015-05-23 18:50:59 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-05-23 18:41:08 82432 ----a-w- c:\windows\system32\consent.exe
2015-05-23 18:41:08 33280 ----a-w- c:\windows\system32\appinfo.dll
2015-05-23 18:41:08 1993728 ----a-w- c:\windows\system32\authui.dll
2015-05-23 18:41:07 332800 ----a-w- c:\windows\system32\msihnd.dll
2015-05-23 18:41:07 2264064 ----a-w- c:\windows\system32\msi.dll
2015-05-23 18:26:24 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-05-23 18:26:24 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-05-23 18:26:23 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-05-23 18:26:23 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-05-23 18:24:30 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-05-23 18:24:30 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-05-23 18:24:30 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-05-23 18:13:22 279552 ----a-w- c:\windows\system32\services.exe
2015-05-23 17:56:42 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-05-23 17:49:38 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-05-23 17:39:24 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-05-23 17:24:55 502784 ----a-w- c:\windows\system32\usp10.dll
2015-05-23 17:24:54 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-05-23 17:24:54 15872 ----a-w- c:\windows\system32\icaapi.dll
2015-05-23 17:24:29 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-05-23 17:24:27 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2015-05-23 17:24:27 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-05-23 17:24:27 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-05-23 17:23:55 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-23 17:23:47 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2015-05-23 17:23:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-05-23 17:23:45 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2015-05-23 17:23:45 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2015-05-23 17:23:44 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2015-05-23 17:23:40 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-05-23 17:23:40 37376 ----a-w- c:\windows\system32\cdd.dll
2015-05-23 17:23:38 506880 ----a-w- c:\windows\system32\qedit.dll
2015-05-23 17:22:49 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-05-23 17:22:46 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-05-23 17:22:45 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-05-23 17:22:45 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-05-23 17:22:45 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-05-23 17:22:45 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-05-23 17:22:45 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-05-23 17:22:24 1401344 ----a-w- c:\windows\system32\msxml6.dll
2015-05-23 17:21:12 443904 ----a-w- c:\windows\system32\win32spl.dll
2015-05-23 17:21:12 37376 ----a-w- c:\windows\system32\printcom.dll
2015-05-23 17:21:09 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2015-05-23 17:21:05 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-05-23 17:21:02 155648 ----a-w- c:\windows\system32\wscript.exe
2015-05-23 17:21:02 135168 ----a-w- c:\windows\system32\cscript.exe
2015-05-23 17:21:02 131072 ----a-w- c:\windows\system32\wshom.ocx
2015-05-23 17:21:01 172032 ----a-w- c:\windows\system32\scrrun.dll
2015-05-23 17:21:00 36864 ----a-w- c:\windows\system32\wshcon.dll
2015-05-23 17:20:54 812544 ----a-w- c:\windows\system32\certutil.exe
2015-05-23 17:20:54 41984 ----a-w- c:\windows\system32\certenc.dll
2015-05-23 17:20:32 993792 ----a-w- c:\windows\system32\crypt32.dll
2015-05-23 17:20:01 158208 ----a-w- c:\windows\system32\imagehlp.dll
2015-05-23 17:19:55 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2015-05-23 17:19:49 615936 ----a-w- c:\windows\system32\themeui.dll
2015-05-23 17:19:47 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-05-23 17:19:44 89088 ----a-w- c:\windows\system32\wiafbdrv.dll
2015-05-23 17:19:44 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2015-05-23 17:19:44 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2015-05-23 17:19:36 98304 ----a-w- c:\windows\system32\cryptnet.dll
2015-05-23 17:19:36 172544 ----a-w- c:\windows\system32\wintrust.dll
2015-05-23 17:19:36 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2015-05-23 17:19:18 876032 ----a-w- c:\windows\system32\wer.dll
2015-05-23 06:08:14 -------- d-----w- c:\programdata\Oracle
.
==================== Find3M ====================
.
2015-04-10 15:25:46 367616 ----a-w- c:\windows\system32\html.iec
2015-04-10 15:25:45 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-04-10 15:20:33 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-04-10 15:20:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-04-10 15:19:31 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-04-10 15:19:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-04-10 15:18:44 11776 ----a-w- c:\windows\system32\mshta.exe
2015-04-10 15:18:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 3:33:29.39 ===============


Any advice as to why is this happening and how ti fix this will be very appreciated.

Attached Files

attach.txt (11.5 KB)