I Have Some Malware or Adware On My PC. I Somehow Downloaded Some Program Called CrossBrowse And WebShield. It Also Came With A Bunch Of Little Programs One Of Them Was Named Storm Watch And I Cant Remember The Others Because I Used IObit Uninstaller Instantly. Now I Have Random Pop-up And Web Shield Ads, For Example There Would Be Certain Words That Have A Double Blue Line Under Them And When I Hover Over It They Will Show A Web Shield Ad. I Have Done A Scan Using Awcleaner 4.205 And It Found Some Stuff Pertaining To It But Didn't Fix It. Also Did Scan With Malware Bytes It Didn't Up With Anything And Hitman Pro Found Some Stuff But Didn't Fix The Problem.

Please Any Help Will Be Greatly Appreciated.

:banghead:

Hello....

As indicated by the above not-so-smillie I'm frustrated to no end but lucky to still have networking capability for the moment.
I noticed the cooling fan on my laptop running more than it needed to be so I checked Task Manager to see what was running.
Checking under "show processes from all users" I found several hundred running instances of the following programs:
cmd.exe
conhost.exe
schtasks.exe
svchost.exe

Windows Defender has identified one of the culprits as:
ransom:HTML/Crowti.A
which is tagged by Defender attempting something every 3-5 minutes at Severe threat level. The machine hiccups/ freezes for a split second, Defender quarantines it and usually I'll get control back afterward.

I was running Symmantec Endpoint Client which I have since removed, leaving Defender and MBAM on the system.

When I tried to run DDS the system froze completely and required a hard reset. I have not attempted again until I get feedback from the Forum, hence the lack of requested log files.

Of note also is that this machine is on my network wirelessly along with a desktop (not mapped yet on this machine) and a WD MyBook Duo (not yet set up but it is mapped). There are errors logged in the Motorola cable modem/ router (SBG6580) but were all the same date and don't appear to be relevant.

My other problem aside from the virus is that this machine appears unable to be booted from a WinPE disk/ USB drive. Sources have indicated that the BIOS on this machine is too old to support it so I'm stuck hoping that that I don't lose the MBR or other critical data before a resolution. I had been looking into having a cloned drive availalable but don't know the best method of doing that. I can't back up anything now without fear of cloning the virus as well.

Any initial assistance is appreciated. I'll run DDS in safe mode if it yields the necessary data or at least enough to start the process.

I have a Samsung Laptop running Windows 8.1.

We were just on vacation and I had taken my laptop and used it at various hotels. At one of the hotels I wanted to create a Wi-Fi hotspot so did a search and found several sites that recommended using Virtual Router Plus, so I downloaded and installed it. I only used it for a short period of time but since then I had a small video window on the right side of the page that is overtop of everything else so when you scroll the page the window stays there and obscures some of the text on the page so you have to try to read it above or below the window. There is also no apparent way to close the window.

Shortly after that I started to get two video windows side by side on the bottom of the page but at least these had an X above the window so I could close them, but the one on the side does not so there is no way to close it. They all each have audio so there is different audio coming from all three windows.

I also received the odd error message referring to my proxy server so went into tools - internet options - connections and LAN settings and found that proxy server was checked but was greyed out so it could not be unchecked. I went to the action center and found that Windows Defender was turned off and I was not able to turn it on.

I came here and downloaded DDS.scr however when trying to run it get a message it cannot be run in compatibility mode.

I decided to try a system restore to a date before all of this started. It completely successfully but still have all of the same issues except now the video window pops up in the middle of the page and I also received a pop-up about calling a toll free number to talk to a Microsoft Certified Technician.

I am familiar with their scam but thought I would phone just to see what they had to say. They told me to press the Windows Key + R and type inf infections. I didn't actually type it as I don't know if that was part of the virus or malware that could create more issues. I told him that nothing came up after typing that which really confused him. He then wanted to "share" my screen so I just laughed and told him that wasn't happening and hung up.

I have attached the message I get when trying to run DDS, the IE page with the video window in the centre of it and the message about contacting the Microsoft Certified Technician.

I should also mention I had run Malwarebytes Antimalware right at the first sign of issues and it did find some problems which I let it fix but the problems are still here.

I would have tried running DDS in safe mode except can't find a way to get into safe mode anymore as the usual F8 at boot doesn't work.

I would appreciate assistance in cleaning things up.

Thank you

Attached Thumbnails

     

Hi,

I am having a problem with Linkbucks, which I'm pretty sure is on my router:

Whenever I click on links on twitter or facebook I am redirected to linkbucks. This is happening on all my devices (Mac, Windows 8 PC, android phone) - on chrome it redirects to linkbucks and on IE I just get a 404. I've tried the mac with a 3G dongle and the phone on 3G and the problem stops, so I think the router must be the source of the problem.

I've tried running an adware remover but that didn't come up with anything. There's nothing in my chrome extensions either.

Once I realised it was the router I then tried resetting it but it kept coming back. I have changed the admin password to a strong password as it was originally left on the default password, but it has just come back again after doing this.

I had also been getting a redirect virus that seems to be on google related sites - it won't show me google search results and redirects me to a dodgy fake flash player when I try to use youtube. This hasn't come back since I changed the password, but it has been less than 24 hours since I've done it, so it might still come back.

The router is a TP-Link (TD-W8901G) ADSL router.

Can anyone help?

Thanks

PS - I can't make the scans work, because I'm using a mac.

Hello,

first of all, I don't know to much about viruses and I'm not sure if it really is one.
I had already 2 checks with Avira, but without success.
The pictures appear in small groups spread on the screen.
They only appear after a certain amount of time and if I touche them with my mouse, they disappear.

Maybe one of you know what it is and can help me.
Thank you very much in advance.

Lupido

Attached Thumbnails

 

Attached Images

 

My computer is infected with malware and it is strange because it created a new user account. What is even stranger is the name of the account (Bocfsbek). I know I didn't create it, and no one else created it, so the only option left is malware and virus. I am really good at fixing computers (software and operating system) and getting rid of and preventing viruses. So far I have taken the following steps

1. Run ESET Smart Security

2. Run Malwarebytes Anti-Malware

3. Delete user account like any other user would

4. Delete user account through command prompt

5. Delete user account by going under computer, local disk C, users, and then deleting the user there.

6. Run Hitman Pro

7. Run Emsisoft Emergency Kit

8. System Restore

9. Rogue Killer

10. Rootkill

11. Combo Fix

12. Ccleaner (I have heard bad things about it and I didn't like it so I removed it from my computer)

13. Avast Premier Antivirus

14. Tdsskiller

15. Malicious Software Removal Tool from Microsoft

16. Command Prompt (type C: then attrib) and I found one autorun program and deleted it

17. Adware Cleaner


Each time I start or restart the computer, the user reappears. On all of these except Avast and Malicious Software Removal tool, something was detected and I removed it. My computer has and still is working extremely great, I run scans on it regularly and run disk defragments, disk cleanups ...

If you are wondering how I run my scans, I run full scans, quick scans, and smart scans. I don't run them at the same time to prevent the computer from slowing down and possibly each scan missing something. In addition, I regularly run windows updates and make sure my drivers are up to date.

As to what I think the cause could be is I had a computer I was fixing for someone that was messed up and I think it still has viruses and malware on it. I had it connected to the network so I could work on it better and I think it spread from that computer to mine. That computer is no longer on the network and I am working on scans to find malware and/or viruses on it.

Before all of this, I had ESET Smart Security and Malwarebytes installed. I also had rootkill and TDsskiller but those don't install on your computer, you just download them and save them to your downloads folder and then run them.

My computer is running windows 7 professional, 32 bit, it is a Compaq computer (before HP and Compaq merged), AMD Athlon Dual Core Processor, 3gb of memory, 320gb hard drive, and NVIDIA GeoForce 6150 SE Graphics.

Our network is secure and we have a password that is about nine characters long and includes numbers and letters (it is random password). I have tried just about everything in the book that I know of and still can't get the problem fixed. I have attached a screenshot below that I hope will help you.

If you need more information, I will be glad to provide it to you.

Attached Thumbnails

 

Hi there,

my computer is really slow. To open a Firefox window it takes 1-2 minutes and same with internal computer documents and so on.
Very ofter comp. freezes and has a message "Firefox is not responding"

Very frustrated.

My operational system is

Acer AOD270
Processor - Intel Atom CPU N 2600
Memory - 1GB
32 bit op system
Win 7 Starter
Service Pack 1


I downloaded dds.txt...

Any help would be appreciated.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17728
Run by js at 15:17:49 on 2015-05-12
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [AdobeBridge] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\A457C6965614E6464456E6963756 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E4514A59-2BF3-46DA-8E37-0264F12F0957}\F45316 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\js\appdata\roaming\mozilla\firefox\profiles\81ax6hui.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DsiWMIService;Dritek WMI Service
R? GamesAppService;GamesAppService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMSwissArmy;MBAMSwissArmy
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WDC_SAM;WD SCSI Pass Thru driver
R? wlcrasvc;Windows Live Mesh remote connections service
S? BazisVirtualCDBus;WinCDEmu Virtual Bus Driver
S? ePowerSvc;ePower Service
S? GREGService;GREGService
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? IconMan_R;IconMan_R
S? igddim32;igddim32
S? igdkmd32;igdkmd32
S? IntcDAud;Intel(R) Display Audio
S? Live Updater Service;Live Updater Service
S? RS_Service;Raw Socket Service
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? RTL8167;Realtek 8167 NT Driver
.
=============== Created Last 30 ================
.
2015-05-12 12:08:59 93808 ----a-w- c:\program files\mozilla firefox\updated\nssdbm3.dll
2015-05-12 12:03:04 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a855c2a8-8e81-4ec4-a76b-02b685edf081}\mpengine.dll
2015-04-21 18:11:36 9201616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8adc1390-b856-42bf-b9ff-2078fb60574c}\mpengine.dll
2015-04-20 12:21:31 -------- d-----w- C:\AdwCleaner
2015-04-18 05:32:48 -------- d-----r- c:\program files\Skype
2015-04-18 05:27:40 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-18 05:27:39 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-18 05:27:39 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-18 05:27:39 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-18 05:27:39 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-18 05:27:38 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-18 05:27:37 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-18 05:27:35 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-18 05:27:35 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-18 05:27:11 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-18 05:27:07 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-18 05:24:14 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-04-18 05:21:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-18 05:21:25 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-18 05:21:25 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-18 05:21:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-18 05:21:24 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-18 05:21:24 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-18 05:20:50 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-18 05:20:48 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-18 05:20:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
==================== Find3M ====================
.
2015-03-17 05:01:09 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01:08 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:01:08 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 04:59:26 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57:20 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57:20 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57:20 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57:17 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57:12 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:57:07 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:56:59 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56:59 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56:43 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56:38 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56:28 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53:35 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50:47 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50:43 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-03-13 03:28:48 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- c:\windows\system32\html.iec
2015-03-13 03:26:19 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-03-13 03:16:24 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-03-13 03:15:40 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-03-13 03:09:27 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-03-13 03:01:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- c:\windows\system32\jscript9.dll
2015-03-13 02:43:41 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-26 03:11:26 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 01:23:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13:52 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09:16 299008 ----a-w- c:\windows\system32\atmfd.dll
2014-05-20 17:12:20 6103040 ----a-w- c:\program files\GUTC6F.tmp
.
============= FINISH: 15:20:42.44 ===============

Attached Files

attach.txt (3.3 KB)

Hello everyone,
I have these weird happy face squares that keep showing up on my screen, on browser windows and on documents. If I open a document and move my mouse over where the squares are they disappear, but they keep coming back. I haven't downloaded anything weird and every time I run a scan it says I have 0 viruses. I tried reinitializing my computer which seemed to work for a while, but now they're back. They always seem to show up first on Facebook if that helps. I've attached a screen shot of what they look like on a word document.

Attached Thumbnails

 

I have a problem going on line when I try to open anything from any browser some open very slow and most don’t respond at all.
I checked the connection with Verizon and its works fine.
I did a speed test and I get 3.75 download and about 75 upload.
I tried to connect to team Viewer and was not responsive.
When I can get to my logmein accounts it shows this computer as offline
I cleaned with malwarebytes Anti-malwarwe and with adw cleaner and didn’t help
I enclosed the logs you requested
I appreciate your in this matter

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 10.45.2
Run by European Art Design at 14:26:29 on 2015-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1255.972.1033.18.8153.5296 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\PKBACK# 001 (E)\PKBACK# 001 (E)\oye\spkl.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Users\European Art Design\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
C:\ProgramData\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\svchost.exe -k ICGroup
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k ICWatchdogGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\svchost.exe -k ICDispatcherGroup
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [kbdsprt] <no file>
mExplorerRun: [localSPM] C:\PKBACK# 001 (E)\PKBACK# 001 (E)\oye\spkl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\ProgramData\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: Interfaces\{5B3268D6-806D-47D1-9AAE-8CC3ED869E9E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B64879F1-2A0B-4779-9045-4A1C5178EA06} : NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{B64879F1-2A0B-4779-9045-4A1C5178EA06} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.myheritage.com
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\European Art Design\AppData\Roaming\Mozilla\Firefox\Profiles\slijxjg7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\Users\European Art Design\AppData\Roaming\Mozilla\Firefox\Profiles\slijxjg7.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-9 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-5-10 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-5-10 204288]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-22 219480]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-3-30 2490216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-9 13592]
R2 ICHFilter;ICHFilter;C:\Windows\LvgIC488\ICHFilter.sys [2015-5-7 24776]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-3-30 417552]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-11-12 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 124568]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-6-6 435496]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-5-9 1695040]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-2-5 5429520]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-9 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-5-9 77824]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-5-10 93712]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-10 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-9 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-9 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-30 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-10 648808]
R4 tdiliv;tdiliv;C:\Windows\lvgic488\tdiliv.sys [2015-5-7 63688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-27 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-9 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\System32\drivers\hppdbulkio.sys [2013-8-13 22328]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-27 63704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2013-8-12 20480]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2013-1-28 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-6 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-6 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-19 1255736]
.
=============== Created Last 30 ================
.
2015-06-04 17:45:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2EA9DCC-5A4B-41CC-99D4-7EE28BD8C219}\offreg.612.dll
2015-06-04 17:38:00 -------- d-----w- C:\AdwCleaner
2015-06-04 17:36:28 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2EA9DCC-5A4B-41CC-99D4-7EE28BD8C219}\offreg.460.dll
2015-06-04 17:15:24 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2EA9DCC-5A4B-41CC-99D4-7EE28BD8C219}\offreg.604.dll
2015-06-04 04:29:37 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2EA9DCC-5A4B-41CC-99D4-7EE28BD8C219}\offreg.664.dll
2015-06-04 04:28:55 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2EA9DCC-5A4B-41CC-99D4-7EE28BD8C219}\mpengine.dll
2015-06-03 21:57:48 -------- d-----w- C:\Dexcom
2015-06-03 21:57:46 -------- d-----w- C:\Program Files (x86)\Dexcom
2015-06-03 04:31:49 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BDAE338-6158-4222-91DC-606E6C99A20F}\gapaengine.dll
2015-06-03 04:30:16 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-14 07:02:28 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 07:02:28 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:14:21 328704 ----a-w- C:\Windows\System32\services.exe
2015-05-13 12:13:41 3204608 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2015-05-31 07:48:22 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-14 13:37:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-14 13:37:46 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 13:37:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-03-30 19:25:00 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
.
============= FINISH: 14:29:27.48 ===============

Attached Files

attach.txt (26.9 KB)

Good afternoon:

I was trying to run AVG on my machine when I received the error that I could not due to a "software restriction" policy. I presumed that this means I have some nasty little digital critter lurking in my machine, so I've run AdwCleaner, FRST, & Malwarebytes. Some items that were found I went ahead and healed. I am still unable to run AVG. I am posting my most recent FRST results. Can anyone offer some insight into this? Thank you very much in advance.


Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolsoftware.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(E-Color, Inc.) C:\Program Files\E-Color\True Internet Color\TICIcon.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolupdates.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33714176 2010-01-17] (VIA Technologies, Inc.)
HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-03-18] (HP)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1308676778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-08-25] (ATI Technologies Inc.)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [72760 2013-04-18] (AOL Inc.)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-73586283-583907252-725345543-1004\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-06-21]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SonnReg.lnk [2011-06-21]
ShortcutTarget: SonnReg.lnk -> C:\Program Files\E-Color\Registration\SonnReg.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk [2011-06-21]
ShortcutTarget: True Internet Color Icon.lnk -> C:\Program Files\E-Color\True Internet Color\TICIcon.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\Charles\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2015-04-30]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1308667684859
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\9su78zrq.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://mysearch.avg.com/search?cid={F6B4FFEC-162F-4160-9205-9354B88F1107}&mid=7af4e34c1c6b47d1bcf7d14acce4e9e6-66d1b63bc16fbb8ba622324ec1971f82b767bdbe&lang=en&ds=AVG&pr=fr&d=2013-01-21 07:54:23&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.1.0.10\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-11] () [File not signed]
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [45056 2009-09-04] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2106880 2010-01-11] (VIA Technologies, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:40 - 2015-06-04 14:40 - 00011452 _____ () C:\Documents and Settings\Charles\Desktop\FRST.txt
2015-06-04 14:09 - 2015-06-04 14:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 14:08 - 2015-06-04 14:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-04 14:08 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-04 14:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 15:08 - 2015-06-04 13:18 - 00060928 _____ () C:\WINDOWS\md5deep.exe
2015-06-02 14:55 - 2015-06-04 14:03 - 00000000 ____D () C:\AdwCleaner
2015-06-02 14:55 - 2015-06-02 15:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-02 14:53 - 2015-06-04 14:40 - 00000000 ____D () C:\FRST
2015-06-02 14:52 - 2015-06-02 14:52 - 02231296 _____ () C:\Documents and Settings\Charles\Desktop\AdwCleaner.exe
2015-06-02 14:52 - 2015-06-02 14:52 - 01147392 _____ (Farbar) C:\Documents and Settings\Charles\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:40 - 2011-06-21 10:11 - 00000000 ____D () C:\Documents and Settings\Charles\Local Settings\Temp
2015-06-04 14:32 - 2011-06-21 05:59 - 00601640 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 14:29 - 2011-06-21 10:07 - 01960982 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-04 14:28 - 2011-06-21 10:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-04 14:28 - 2011-06-21 06:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-06-04 14:28 - 2011-06-21 06:02 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-06-04 14:28 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-06-04 14:26 - 2011-06-21 10:11 - 00000178 ___SH () C:\Documents and Settings\Charles\ntuser.ini
2015-06-04 14:26 - 2011-06-21 10:10 - 00032646 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-04 14:07 - 2015-01-05 11:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-04 13:14 - 2011-06-21 15:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-06-04 08:28 - 2011-12-19 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-04 08:23 - 2011-06-21 13:30 - 00002473 _____ () C:\Documents and Settings\Charles\Desktop\Word.lnk
2015-06-03 07:59 - 2014-09-17 08:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-01 07:37 - 2015-01-21 09:44 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-01 07:37 - 2014-03-31 08:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-01 07:37 - 2011-06-21 05:58 - 00363567 _____ () C:\WINDOWS\setupapi.log
2015-05-26 14:56 - 2015-01-23 09:13 - 00001635 _____ () C:\Documents and Settings\All Users\Desktop\HP Print and Scan Doctor.lnk
2015-05-22 10:01 - 2011-06-21 12:53 - 00000000 ____D () C:\Documents and Settings\Charles\My Documents\Window Fashions
2015-05-22 09:05 - 2011-06-21 13:30 - 00002471 _____ () C:\Documents and Settings\Charles\Desktop\Excel.lnk
2015-05-19 08:07 - 2012-04-04 10:32 - 00000000 ____D () C:\Documents and Settings\Charles\My Documents\Accounting Work For Carol
2015-05-14 13:49 - 2011-12-23 13:32 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2015-05-07 13:52 - 2013-02-08 04:37 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2015-05-07 13:52 - 2012-04-19 04:50 - 00191968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2015-05-07 13:52 - 2011-08-08 07:08 - 00166880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

==================== Files in the root of some directories =======

2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.Exception.log
2012-09-18 08:49 - 2015-02-26 17:30 - 0001925 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.HttpServerSetup.log
2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.DesktopHelper.Exception.log
2013-08-20 13:35 - 2015-02-26 15:10 - 0000231 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Transcoder.Exception.log
2011-07-21 11:13 - 2014-06-06 08:46 - 0007168 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 14:54 - 2012-12-01 14:54 - 0027520 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\dt.dat

Some files in TEMP:
====================
C:\Documents and Settings\Charles\Local Settings\Temp\HPPSdr.exe
C:\Documents and Settings\Charles\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe

Just need a checkup to make sure my laptop is completely free of infections and malware.
--------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801
Run by Administrator56109 at 18:54:33 on 2015-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3468 [GMT -4:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\BatteryCare\BatteryCare.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: CKeyScramblerBHO Object: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAPower = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41}\34F6E6E65636475646 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41}\84F4D454D223635423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41}\84F4D454D223635423F516C6D6F6E646 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41}\84F4D454D273834444 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CKeyScramblerBHO Object: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-12-27 28600]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-12-9 20184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-12-9 792648]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-12-9 45880]
R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2013-5-12 43392]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-12-27 434424]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-12-27 434424]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-12-27 152744]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-12-27 44088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-12-27 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-12-27 1876816]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2013-4-16 417912]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-6-4 76520]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-1-30 129384]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-10-14 185352]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-4-7 827640]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-12-27 1185584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-12-9 2265304]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-27 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-27 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-18 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-22 129752]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;C:\Windows\System32\drivers\psmounterex.sys [2013-4-16 63096]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2011-2-5 53312]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-25 344680]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-15 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-5 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2015-05-19 03:16:30 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 03:16:30 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 03:11:44 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-19 03:10:59 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-05-19 03:10:59 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-19 03:10:59 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-05-19 03:10:59 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-05-19 03:10:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-05-19 03:10:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-05-19 03:10:43 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-19 03:10:43 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-19 03:10:43 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-19 03:10:43 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-09 17:24:06 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
==================== Find3M ====================
.
2015-05-19 03:11:44 1254400 ----a-w- C:\Windows\System32\diagtrack.dll
2015-05-19 03:09:39 328704 ----a-w- C:\Windows\System32\services.exe
2015-05-05 13:11:40 152744 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-05-05 13:11:36 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-19 14:58:32 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-19 14:58:32 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-07 12:11:35 44088 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-03-16 05:27:53 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-16 05:27:53 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-16 05:27:53 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-16 05:27:53 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-16 05:27:53 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-16 05:27:53 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-16 05:27:53 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-16 05:27:53 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-16 05:27:53 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-16 05:27:53 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-16 05:27:28 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-03-16 05:27:14 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-16 05:27:14 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-16 05:26:35 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-16 05:26:35 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-16 05:24:31 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-16 05:24:31 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-16 05:23:25 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
.
============= FINISH: 18:57:09.67 ===============

Attached Files

Attach.zip (103.0 KB)

Ok so for some time now malware bytes is blocking my metro/modern/etc IE of windows 8.1 from redirecting to androrat.xx.xx (put x's for safety but it's co.cc) and to ncrypt.xx (it started with ncrypt but today i saw the androrat one and - kinda forgot about this one but i do know it might be .in or something)

OH and dds wouldn't run so i got info from this thread named can't run dd

OK so for some messed up reason it's not letting me post the FRST since the board keeps complaining

"The text that you have entered is too long (111723 characters). Please shorten it to 100000 characters long." - although it's longer then 111723 so.. instead i uploaded the log

Attached Files

	Addition.txt (33.3 KB)
	FRST.txt (110.2 KB)

Please find paste of dds.txt and attached file attach.txt. Thank you

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.31.2
Run by ghamrick at 14:10:08 on 2015-06-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.11967.9943 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe
C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Officejet Pro 8610 (NET)] "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN45LBK1XT:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Akamai NetSession Interface] "C:\Users\ghamrick\AppData\Local\Akamai\netsession_win.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [DelaypluginInstall] C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ghamrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files\OpenVPN\bin\openvpn-gui.exe
StartupFolder: C:\Users\ghamrick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PASSWO~1.LNK - D:\Password Safe\pwsafe.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{0C9854BA-E9D7-4606-ABD7-782B8B923BB4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{61C2F9C5-4B45-415F-9D38-3DB6EB229621} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\84F4F4655425E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\86F6F6675627E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{796DFF5C-045D-4CCF-B4BC-B9F3CDDFAEA7}\E45445745414256353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CD5734AE-ED61-4179-A6EA-5466204EB18C} : DHCPNameServer = 208.67.222.222 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Integrated Camera_Monitor] C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
Hosts: 192.168.1.1 router.asus.com
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-10-17 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-17 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-16 283064]
R1 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 IntelHaxm;Intel Haxm;C:\Windows\System32\drivers\IntelHaxm.sys [2013-11-6 89072]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-10-17 59168]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-4-17 111048]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-10-17 72992]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-10-17 197408]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2013-10-24 115184]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 124568]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-11-15 65657]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-10-17 101888]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2014-5-9 11576]
R3 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-6-18 1095616]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-6-18 1333184]
R3 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-6-18 1124288]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-5-21 111104]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-6-9 849408]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-10-24 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-17 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-17 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-17 791608]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-7-26 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-19 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-5-16 31472]
R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2015-5-5 688032]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2013-10-17 27432]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-17 169432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-19 1080120]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2014-1-9 15768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-10-17 319536]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-6-4 43664]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-7-26 35256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-3-9 272440]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-19 63704]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 MSSQL$CIMS_DEV;SQL Server (CIMS_DEV);C:\Program Files\Microsoft SQL Server\MSSQL10_50.CIMS_DEV\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-10-17 1668896]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-10-17 1664800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-19 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
.
=============== File Associations ===============
.
FileExt: .pif: CryptoPreventPIF="C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" *"%1" %*
FileExt: .scr: CryptoPreventSCR="C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: VisualStudio.js.12.0 - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2015-06-04 15:37:44 -------- dc----w- C:\FRST
2015-06-04 14:27:51 43664 -c--a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2015-06-04 14:19:43 -------- dc----w- C:\ProgramData\HitmanPro
2015-06-04 12:55:17 -------- dc----w- C:\AdwCleaner
2015-06-04 12:29:21 12214312 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71B21811-CDB6-4E7A-891E-1B8E1B1B0FC1}\mpengine.dll
2015-06-04 12:17:41 24 -c--a-w- C:\Users\ghamrick\AppData\Roaming\appdataFr25.bin
2015-06-03 12:13:20 1187344 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2BEF488-1E72-409D-8069-5BB343B00906}\gapaengine.dll
2015-06-03 12:12:57 12214312 -c--a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-03 01:15:52 34072 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-06-03 01:15:52 229608 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-06-03 01:15:52 215040 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
2015-06-01 22:49:24 -------- dc----w- C:\Users\ghamrick\AppData\Local\GWX
2015-05-22 20:16:10 -------- dc----w- C:\Users\ghamrick\.gnupg
2015-05-14 07:05:11 -------- dc----w- C:\Windows\PCHEALTH
2015-05-14 07:03:43 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 07:03:43 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:47:00 328704 ----a-w- C:\Windows\System32\services.exe
2015-05-13 12:45:57 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-05-13 12:45:57 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-05-13 12:45:57 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-05-13 12:45:57 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-05-13 12:45:57 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-05-13 12:45:57 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-05-13 12:45:57 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-05-06 20:57:34 -------- dc----w- C:\Program Files (x86)\SunplusIT Integrated Camera
.
==================== Find3M ====================
.
2015-06-04 13:47:26 136408 -c--a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-04 12:20:38 778416 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-04 12:20:38 142512 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 07:35:55 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-05-14 07:35:52 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-05-14 07:19:17 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-14 07:19:17 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-14 07:19:17 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-14 07:19:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-14 07:17:09 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-05-14 07:17:09 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-14 07:17:09 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-05-14 07:17:09 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-05-14 07:16:47 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-05-14 07:16:47 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-05-14 07:16:47 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-05-14 07:09:15 2543104 ----a-w- C:\Windows\System32\wpdshext.dll
2015-05-14 07:09:15 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2015-05-14 07:02:31 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-05-14 07:02:31 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-05-14 07:02:31 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-05-14 07:02:31 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-05-14 07:02:31 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-05-05 08:22:14 428064 -c--a-w- C:\Windows\System32\VCamPPage_x64.dll
2015-05-05 08:17:50 81440 -c--a-w- C:\Windows\System32\DextUVCB_x64.ax
2015-05-05 08:17:50 78368 -c--a-w- C:\Windows\SysWow64\DextUVCB.ax
2015-05-05 08:17:50 688032 -c--a-w- C:\Windows\System32\drivers\SPUVCBv_x64.sys
2015-05-05 08:17:50 357920 -c--a-w- C:\Windows\SysWow64\VCamPPage.dll
2015-04-15 07:08:57 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-04-15 07:08:57 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-04-15 07:03:27 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-04-15 07:03:27 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-04-15 07:03:27 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-04-15 07:03:27 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-04-15 07:01:37 754688 ----a-w- C:\Windows\System32\drivers\http.sys
2015-04-15 07:00:34 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2015-04-15 07:00:34 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2015-04-15 07:00:34 367552 ----a-w- C:\Windows\System32\clfs.sys
2015-04-14 13:37:56 63704 -c--a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-14 13:37:46 107736 -c--a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 13:37:42 25816 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-08 15:02:09 53248 -c--a-w- C:\Windows\SysWow64\zlib.dll
2015-03-16 21:36:56 922704 -c--a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2015-03-16 21:35:46 204264 -c--a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2015-03-16 21:35:46 156360 -c--a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2015-03-16 21:35:46 141440 -c--a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2015-03-16 21:35:46 128592 -c--a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2015-03-12 07:15:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-12 07:15:15 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-12 07:15:15 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-12 07:15:15 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-12 07:15:15 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-12 07:15:15 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-12 07:15:15 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-12 07:15:15 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-12 07:15:15 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-12 07:15:15 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-12 07:13:02 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-03-12 07:13:02 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-03-12 07:13:02 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-03-12 07:12:09 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-12 07:12:09 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-12 07:10:46 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-03-12 07:03:56 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-12 07:03:56 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-12 07:03:37 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-12 07:03:37 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-12 07:00:36 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-12 07:00:36 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
.
============= FINISH: 14:10:52.77 ===============

Attached Files

attach.txt (18.7 KB)

Hi all, first time on the forum

Opened my laptop this morning and got flagged with AVG's message saying im infected with Patched3_c.ADTG. AVG tries to remove it and fails repeatedly.

I did try and remove it myself and failed. Then came on here and read your advice not to try and remove anything your self, I'll now second that as pretty sound advice!

Any help would be much appreciated.

Cheers,

Connor

Hello:
Please help me if you can..........
Something disabled Windows Defender and is letting very large bogus files onto my computer so I installed the latest free version of Avast. I am using win 8.1 in a Lenovo computer. I just discovered that some mystery files are being inserted into my computer by the dozens and these mystery files are extremely large so the hard drive was almost filled up!
Here is what I found by using an app called WinDirStat:
the mystery files look like this: 12754694899610736661_2853498758043839360_4480_4480 ~ 960 MB
and this: ver1
they are sent to this location in my computer: C:\$Recycle.Bin\S-1-5-21-2712117882-3860235528-2112810399-1002

When I open the mystery file with FIREFOX, it looks like this:
file:///C:/recyclebin/12754694899610736661_2853498758043835520_3840_3840
which is an application/octet-stream (960 MB) from C:\recyclebin

Note: file opens in Firefox but there is no information in the page and, after selecting Ctl - U, there is NO code at all!

These files are still coming into my computer after installing Avast so PLEASE help me if you can. I can catch these files with the help of WinDirStat but want to stop them altogether. I believe a virus has invaded my PC and had hoped that Avast would catch and kill it but not so far!
Thanks,
jim

Hi
I have a serious problem in Windows 7 Service Pack 1 64bit
When I run the any game, two or three times on the error, and after a few minutes to play, the game will hang
These programs also got tested, but that does not work
SpyHunter
malwarebytes
ccleaner


Error Image

Hi.

I have a laptop which must be infected with viruses etc.

When I open chrome or IE new pages open up to ad sites. The antivirus which is already installed is notifying me of background changes and system changes from unknown (for me) program names I can't remember now.

I installed AVG and tried a cleanup, and it seems when AVG tries to remove a certain file/program the file/program just duplicates into a new one, making it not possible to get rid of the problem.

Basically I'm infected, and help is appreciated.

I don't have access to a boot CD atm.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17728
Run by TC at 15:49:25 on 2015-05-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1044.18.3817.1334 [GMT 2:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {8242D66F-41BD-4049-C2E6-E578E73B62A0}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {3923378B-6787-4FC7-F856-DE0A9CBC281D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {650F1FDD-CD54-C70F-BA20-58ECC0C35D07}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\ibmpmsvc.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k wbiosvcgroup
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\svchost.exe -k regsvc
c:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\igfxEM.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Windows\system32\taskeng.exe
C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
c:\windows\system32\svchost.exe -k localservicepeernet
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418203365&from=wpm12103&uid=HGSTXHTS725050A7E630_TF655BWJ08V0NR08V0NRX
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.delta-homes.com/?type=hp&ts=1418203365&from=wpm12103&uid=HGSTXHTS725050A7E630_TF655BWJ08V0NR08V0NRX
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418203365&from=wpm12103&uid=HGSTXHTS725050A7E630_TF655BWJ08V0NR08V0NRX
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IGPXTS~1.LNK - C:\Program Files (x86)\Lenovo\USB3.0 DVI Adapter\igpxtskmgn64win7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Users\TC\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fyll felt - C:\Users\TC\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{210A1925-CBED-4FD9-8A13-CEDAD151CC2A} : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{210A1925-CBED-4FD9-8A13-CEDAD151CC2A} : DHCPNameServer = 217.173.252.229 217.173.252.228
TCP: Interfaces\{2DEF87D4-8B8E-49C9-9AB0-628ADD9AEC9D} : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921} : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\130323432303D274A65637475627 : DHCPNameServer = 82.196.201.43 82.196.193.143
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\130323432303D275C414E4 : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\130323432303D275C414E4 : DHCPNameServer = 217.173.247.196 217.173.247.206
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\261636B65707 : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\261636B65707 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\4556C656E6F62793735373B6C6F6 : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\4556C656E6F62793735373B6C6F6 : DHCPNameServer = 193.213.112.4 130.67.15.198
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\845737564702D6564602465602271627560296 : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\845737564702D6564602465602271627560296 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\E43524F594E445542514B4459465 : NameServer = 31.168.224.106,5.135.12.52
TCP: Interfaces\{BEDFD3DC-BB78-4B18-AF2B-5B2628F16921}\E43524F594E445542514B4459465 : DHCPNameServer = 192.168.101.1 192.168.101.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418203365&from=wpm12103&uid=HGSTXHTS725050A7E630_TF655BWJ08V0NR08V0NRX
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [Enhanced Performance Keyboard] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2014-7-13 29512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-13 20464]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 iSafeKrnl;YAC Mini-Filter Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2015-2-5 249000]
R1 iSafeKrnlKit;YAC Kit Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2015-2-5 99496]
R1 iSafeKrnlMon;YAC Monitor Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [2015-2-5 42152]
R1 iSafeKrnlR3;YAC Ring3 Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2015-2-5 93352]
R1 iSafeNetFilter;YAC NDIS Driver;C:\Windows\System32\drivers\iSafeNetFilter.sys [2015-5-12 52392]
R1 TmLwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2012-6-21 197432]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-10-3 1137016]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-10-10 1689976]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-10-3 1157496]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-12 9281840]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2014-7-13 140016]
R2 ibtsiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2014-7-13 113096]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-7-13 282072]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-12 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-7-13 131544]
R2 iSafeService;YAC Service;C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2015-2-5 120128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-7-13 169432]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2013-1-30 405744]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-7-13 59952]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-11-4 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-7-13 74288]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2014-7-13 198704]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2014-7-13 136288]
R2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [2014-7-13 21552]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2014-2-14 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-2-14 69640]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-8-29 69480]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2013-4-16 351032]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2013-4-16 44856]
R2 tmWfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2012-6-21 338232]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-11-4 124400]
R2 TPHKSVC;Visning på skjermen;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-11-4 126512]
R2 ValBioService;ValBioService;C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [2014-7-21 22872]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2014-1-17 49040]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-5-12 620056]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-7-13 495376]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-13 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-13 786416]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-11-12 25528]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2014-7-13 1668904]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2014-2-12 322608]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2014-7-13 424664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-7-13 31472]
R3 TmCCSF;OfficeScan Common Client Solution Framework;C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [2014-4-7 701064]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-12-8 102712]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-5-15 407864]
R3 TmPfw;OfficeScan NT Firewall;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [2015-2-2 596744]
R3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2015-2-2 929328]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2014-7-13 27432]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-21 206744]
R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2014-7-13 1070080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2014-2-12 59440]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-7-23 140600]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-10-19 1408824]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2014-7-13 320576]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2014-7-13 54000]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-10-3 142280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-5 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-11-12 35256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-13 450520]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-12 822232]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-7-13 532224]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-7-13 1664808]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-10-2 1255736]
.
=============== Created Last 30 ================
.
2015-05-12 13:37:35 52392 ----a-w- C:\Windows\System32\drivers\iSafeNetFilter.sys
2015-05-12 13:37:14 -------- d-----w- C:\Users\TC\AppData\Roaming\Elex-tech
2015-05-12 13:28:45 -------- d-----w- C:\AdwCleaner
2015-05-12 13:21:21 -------- d-----w- C:\Program Files (x86)\ESET
2015-05-12 12:59:10 -------- d-----w- C:\Users\TC\AppData\Local\AVG Web TuneUp
2015-05-12 12:57:07 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AF1FB99-F17E-4B25-B810-3686DBD4E4DD}\mpengine.dll
2015-05-12 12:56:41 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2015-05-12 12:56:28 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2015-05-10 12:17:01 -------- d-----w- C:\Users\TC\AppData\Roaming\AVG
2015-05-10 12:14:18 -------- d-----w- C:\Users\TC\AppData\Local\Avg
2015-05-10 12:13:27 -------- d-----w- C:\ProgramData\AVG
2015-05-10 12:06:43 -------- d-----w- C:\Users\TC\AppData\Roaming\AVG2015
2015-05-10 12:05:29 -------- d-----w- C:\Users\TC\AppData\Roaming\TuneUp Software
2015-05-10 12:04:15 -------- d--h--w- C:\$AVG
2015-05-10 12:04:15 -------- d-----w- C:\ProgramData\AVG2015
2015-05-10 12:02:53 -------- d-----w- C:\Program Files (x86)\AVG
2015-05-10 11:57:44 -------- d--h--w- C:\ProgramData\Common Files
2015-05-10 11:57:44 -------- d-----w- C:\Users\TC\AppData\Local\MFAData
2015-05-10 11:57:44 -------- d-----w- C:\Users\TC\AppData\Local\Avg2015
2015-05-10 11:57:44 -------- d-----w- C:\ProgramData\MFAData
2015-05-08 18:03:50 -------- d-----w- C:\Users\TC\AppData\Roaming\Nitro
2015-05-06 03:14:31 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-05-06 03:14:30 -------- d-s---w- C:\Windows\System32\GWX
2015-05-05 12:19:02 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-05-05 12:19:02 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-05-05 12:19:02 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-05-05 12:19:02 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-05-05 12:08:34 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-05-05 12:08:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-05-05 12:08:34 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-05-05 12:08:34 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-05-05 12:08:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-05-05 12:08:34 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-05-05 12:08:34 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-05-05 12:08:34 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-05-05 12:08:34 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-05-05 12:08:34 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-05-05 12:04:40 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-05 12:03:58 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-05-05 12:03:58 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-05-05 12:03:53 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-05-05 12:03:53 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-05-05 12:03:52 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-05-05 12:03:52 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-05-05 12:03:48 754688 ----a-w- C:\Windows\System32\drivers\http.sys
2015-05-05 12:03:41 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-05-05 12:03:41 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-05-05 12:01:00 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-05-05 12:00:59 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-05-05 12:00:55 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-05-05 12:00:11 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-05-05 12:00:11 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-05-05 11:52:13 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-05-05 11:52:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-05-05 11:52:04 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-05-05 11:51:56 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2015-05-05 11:51:56 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2015-05-05 11:51:56 367552 ----a-w- C:\Windows\System32\clfs.sys
2015-05-05 11:46:21 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-05-05 11:46:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
.
==================== Find3M ====================
.
2015-05-10 09:55:13 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-10 09:55:13 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-05 11:51:32 655920 ----a-w- C:\Windows\TSCCensus64.exe
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-17 05:22:37 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll
2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec
2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll
2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec
2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-24 02:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-17 13:29:58 1247912 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-01-06 12:30:45 14147584 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-13 12:26:57 50053120 ----a-w- C:\Program Files (x86)\GUTA8A2.tmp
.
============= FINISH: 15:50:19,41 ===============

Attached Files

	dds.txt (39.8 KB)
	attach.txt (10.3 KB)

Hello, new to this forum.


In short - dllhost.exe in task manager seemed to eat up all my memory (I had 10GB free) and make my computer extremely slow. I opened safe mode, freed up space, and have had no issues since. I need to know whether this was a normal problem with not having enough free space or whether it was caused by a virus.


Not so short -
I read that if the dllhost.exe file is in system 32 it's fine. I searched my computer for dllhosts and found 1 in system 32 and 3 others. Is it normal to have more than 1 of these? If not, I guess these are viruses?

Here are the file locations:

C:\Windows\System32
C:\Windows\SysWOW64
C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7
C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d


I had a problem with a dllhost.exe file, but now I have no issues at all, so I'm unsure whether I'm infected or not.


What happened to make me think I might be infected:
Yesterday I was on youtube and got a message urging me to close chrome down because of too much memory use. I did, then reopened chrome, and got the same message. I closed it down again and my computer was running slower. I clicked a video in one of my folders to play and it played fine. I closed the video down and all the thumbnails were blank and my computer was very slow. (I don't know if these were blank before or after clicking the video.) I opened task manager and dllhost.exe with description com surrogate was using up a lot of memory. I checked my main drive's free space (C drive) and it was on around 1GB - before this it was on around 10GB. I then closed everything down and then was no longer able to open anything. After searching (on my phone) I found that there is a virus which calls itself dllhost.exe which does this.

What I did to solve my problem:
I went into safe mode and deleted many files from my main drive (C drive.) There were no issues in safe mode. I then restarted the computer and since then I have had no problems whatsoever. I haven't even seen dllhost.exe in task manager since.

Why I think it might not be a virus (though unsure) :
I scanned these 4 dllhost files with microsoft security essentials and AVG and no threats were found.
Everything is running perfectly fine as though there never was a problem.
The common dllhost virus issue I read in other forums was about multiple dllhost.exe *32 com surrogates in task manager. This was just 1 single dllhost.exe com surrogate in task manager. without the *32.





One thing aside from just to make sure which makes me think this might be a virus is that after freeing up space on my main drive I had around 32GB free space on it. That was yesterday and today, when I booted my computer, I found the drive was now on 24GB, and have no idea where this went.


So...
Is it possible for my issue to happen without a virus causing it? - could this simply have been a case of having low memory and my computer trying to do something which required more memory than was available, resulting in this?
Is having 4 dllhost.exe files normal and safe? Are these definitely viruses or is there a chance that they are legit files?
Is this overnight loss of GB normal? Could this be being used for temporary things, or is this a bad sign?



Thank you, anybody who can answer any of this. I'm either in great need of help or great need to know my computer is fine.

Hello, I made another forum here that was for games crashing. I was told to post my BSOD dump and system health report so here it is.

Bit of back story is that when I play any pc game they crash. Only the game crashes, no BSOD or anything, it will just freeze then say the game isn't working and I will have to close it.

Any help would be appreciated.
Thanks
Ross

Attached Files

	performance report.zip (140.3 KB)
	SysnativeFileCollectionApp.zip (1.06 MB)

Hi, I have a SERIOUS problem. I can't start my windows 7 without multiple instances of /windows/sytem32/cmd.exe and mspaint.exe cascading accross my screen. my screen also fades in and out form solid red, back to normal, can't shut down, can't function. It does not do this in safe mode. I am typing this post in Ubuntu Linux, as I really have little need for Windows, but do need it for some things. I have run numerous virus scans, last one being a full system scan today by Avast, nothing was found. I have cleaned the malware, not sure what to do now, any and all help would be deeply appreciated.

Thanks

Todd