A Command Promt taskeng.exe continues to pop up on my sons computer an error follows explaining "Windows cannot find 'C\Program Fikes\user extension\client.exe'. make sure you typed the name correctly and then try again. '' The PC can lo longer access the internet.

I have attempted to restore to a previous point and it has not helped

While running dds the system blue screened and would not reload. The system startup froze at the USB devices attached. I restarted the system after that it would freeze at the RAM. I unplugged the PC and left it for a week. I was able to turn on Windows and run the dds.
Here is the report. Thank you so much for your help

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 10.65.2
Run by Goddess at 12:48:16 on 2015-06-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2810.1304 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Free Desktop Clock\timeserv.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\System32\ezSharedSvcHost.exe
C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\PasswordBox\pbbtnService.exe
C:\Program Files\RDM+\rdmpserv.exe
C:\Program Files\Coupoon\UpdateCheck.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker 2.0\ReminderApp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Goddess\AppData\Local\Google\Update\GoogleUpdate.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BIOSTAR\BIO-Remote\BIO_Remote.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Users\Goddess\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\AVG\AVG2014\avgmfapx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\GWX\GWXConfigManager.exe
C:\Program Files\Coupoon\UpdateCheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2014\avgdiagex.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Program Files\Coupoon\UpdateCheck.exe
C:\Program Files\AVG\AVG2014\avgmfapx.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:62182;https=127.0.0.1:62182
uProxyOverride = <-loopback>
mWinlogon: Userinit = c:\windows\system32\ezShellStart.exe
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - c:\program files\passwordbox\application\pbbtn.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: MP3 Rocket Downloader: {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll
uRun: [Google Update] "c:\users\goddess\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [cdloader] "c:\users\goddess\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [ROC_ROC_APR2013_AV] c:\users\goddess\appdata\roaming\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 76ca63aee80747d0884dd179211a5626-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [HP Photosmart 5510d series (NET)] "c:\program files\hp\hp photosmart 5510d series\bin\ScanToPCActivationApp.exe" -deviceID "CN1C43B1CK05RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
uRun: [AVG-Secure-Search-Update_0913a] c:\users\goddess\appdata\roaming\avg 0913a campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 76ca63aee80747d0884dd179211a5626-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
uRun: [FreeAC] c:\program files\freealarmclock\FreeAlarmClock.exe -autorun
uRun: [AtomicAlarmClock6] c:\program files\free desktop clock\FreeDesktopClock.exe
uRun: [LightShot] c:\users\goddess\appdata\local\skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmartViewAgent] "c:\program files\devicevm\smartview\SmartViewAgent.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Razer Nostromo Driver] c:\program files\razer\nostromo\RazerNostromoSysTray.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [ReminderApp] c:\program files\nova development\greeting card factory photo card maker 2.0\ReminderApp.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Lightshot] c:\program files\skillbrains\lightshot\Lightshot.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [wlanutil_ASIL] c:\program files\lanexpress\wlanasil\utility\WlanASIL.exe -hide
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\users\goddess\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\goddess\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\goddess\appdata\roaming\micros~1\windows\startm~1\programs\startup\intera~1.lnk - c:\program files\interactive calendar\InteractiveCalendar.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bio-re~1.lnk - c:\program files\biostar\bio-remote\BIO_Remote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: apollolibrary.com
Trusted Zone: mathxl.com
Trusted Zone: phoenix.edu
Trusted Zone: toolwire.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{813FAAB0-C9B3-4A08-9C14-F3DE0FB9F6E0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{813FAAB0-C9B3-4A08-9C14-F3DE0FB9F6E0}\E4457425F58696764695D6B414E6754655275426A5346365864645A49464 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{813FAAB0-C9B3-4A08-9C14-F3DE0FB9F6E0}\E4457425F5A5443677A6C67727E67305352403573714F65574971426F4A75797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF91FAC1-9DE3-4B23-A5F0-7BA132238E57} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FA2FA7B8-7F6D-44BA-A8FD-6B0685136F01} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - c:\windows\system32\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.65\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\goddess\appdata\roaming\mozilla\firefox\profiles\8oy3fg67.default-1422851366512\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\goddess\appdata\local\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\users\goddess\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\goddess\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-17 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-6-17 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-29 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-17 27416]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-6-13 21728]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-30 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-7-21 200984]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-10-24 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-20 197400]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2012-7-11 17024]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-5-3 176128]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-1 72864]
R2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\free desktop clock\timeserv.exe [2013-10-3 2007040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-12-16 3247120]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-12-16 289328]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-4 296808]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2012-6-23 514232]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2013-4-9 577536]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-7-9 195400]
R2 PasswordBox;PasswordBox;c:\program files\passwordbox\pbbtnService.exe [2014-5-14 67584]
R2 RDMPLocalService;RDM+ Local Service;c:\program files\rdm+\rdmpserv.exe [2012-6-24 1083904]
R2 UpdateCheck;UpdateCheck;c:\program files\coupoon\updatecheck.exe run --> c:\program files\coupoon\UpdateCheck.exe run [?]
R2 vToolbarUpdater18.5.0;vToolbarUpdater18.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.5.0\ToolbarUpdater.exe [2015-5-17 1812416]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-6-13 285152]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-5-3 101392]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-4-19 1092160]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-1 24736]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2012-5-28 34128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-13 337512]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\drivers\rzjoystk.sys [2011-3-24 16896]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-6-13 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 CltMngSvc;Search Protect Service;c:\progra~1\searchprotect\main\bin\cltmngsvc.exe --> c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S2 SmartViewService;SmartView service;c:\program files\devicevm\smartview\smartviewservice.exe --> c:\program files\devicevm\smartview\SmartViewService.exe [?]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\system32\stkcsrv.exe --> c:\windows\system32\StkCSrv.exe [?]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2012-6-30 858880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-1 34976]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2011-3-1 43680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BS_HWMIo;BS_HWMIo;c:\program files\temperaturemonitor\BS_HWMIo.sys [2012-6-13 5120]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-1 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-1 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-1 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-1 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-1 242336]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-13 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2012-6-30 719616]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-5-17 102912]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-13 14848]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
S3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-7-14 127360]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2007-6-28 577152]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-13 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-15 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2015-05-19 00:00:19 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 16:13:14 -------- d-----w- c:\users\goddess\appdata\local\{55F96379-52D8-4F7A-9189-48FE4B403597}
2015-05-17 12:45:11 342016 ----a-w- c:\windows\system32\certcli.dll
2015-05-17 12:45:11 248832 ----a-w- c:\windows\system32\schannel.dll
2015-05-17 12:41:56 4305920 ----a-w- c:\windows\system32\jscript9.dll
2015-05-17 12:41:50 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-05-17 12:41:32 844288 ----a-w- c:\windows\system32\drivers\umdf\WpdMtpDr.dll
2015-05-17 12:41:32 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-17 12:39:15 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-05-17 12:39:07 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-05-17 12:39:06 2382336 ----a-w- c:\windows\system32\win32k.sys
2015-05-17 12:38:56 259072 ----a-w- c:\windows\system32\services.exe
2015-05-17 12:38:31 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-17 12:38:31 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-05-17 12:38:31 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-17 12:38:30 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-05-17 12:36:16 938496 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-05-17 12:36:15 971264 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-05-17 12:36:15 1223680 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-05-17 12:36:14 991232 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-05-17 12:36:02 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2015-05-17 12:36:01 1415168 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2015-05-17 12:35:59 672768 ----a-w- c:\program files\windows journal\InkSeg.dll
2015-05-17 12:35:59 484352 ----a-w- c:\program files\windows journal\MSPVWCTL.DLL
2015-05-17 12:35:59 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-05-17 12:35:58 84480 ----a-w- c:\program files\windows journal\jnwdui.dll
2015-05-17 12:35:57 48640 ----a-w- c:\program files\windows journal\PDIALOG.exe
2015-05-17 12:35:57 274944 ----a-w- c:\program files\common files\microsoft shared\ink\InkDiv.dll
2015-05-17 12:35:57 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-05-17 12:35:57 19968 ----a-w- c:\program files\windows journal\jnwmon.dll
2015-05-17 12:35:57 126464 ----a-w- c:\program files\common files\microsoft shared\ink\rtscom.dll
2015-05-17 12:35:55 22528 ----a-w- c:\program files\windows journal\jnwppr.dll
2015-05-17 12:35:53 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-05-17 12:35:52 47104 ----a-w- c:\program files\windows journal\NBMapTIP.dll
2015-05-17 12:31:52 123904 ----a-w- c:\windows\system32\poqexec.exe
2015-05-17 11:15:07 -------- d-----w- c:\users\goddess\appdata\local\{C15C76B5-6625-4DCF-8BDC-76B68B7D1831}
2015-05-17 11:10:04 -------- d-----w- c:\users\goddess\appdata\local\{DA72833B-3375-4D3A-8DB8-E867EA98BE1B}
2015-05-17 02:58:02 -------- d-----w- c:\programdata\abc
2015-05-16 08:02:18 -------- d-----w- c:\users\goddess\appdata\local\{6E9409A9-F31C-4F84-9366-C76CC9B8B286}
2015-05-16 07:47:19 -------- d-----w- c:\users\goddess\appdata\local\{643CDE4F-A4C7-42E7-B5B0-6102B0E82909}
.
==================== Find3M ====================
.
2015-05-03 03:58:16 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-03 03:58:16 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-03 02:36:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-04-27 19:11:55 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-04-27 19:11:53 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-27 19:11:53 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-27 19:08:02 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-04-27 19:05:39 851456 ----a-w- c:\windows\system32\diagtrack.dll
2015-04-27 19:05:35 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- c:\windows\system32\tdh.dll
2015-04-27 19:05:33 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-27 19:05:33 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-04-27 19:05:32 43008 ----a-w- c:\windows\system32\srclient.dll
2015-04-27 19:05:32 400896 ----a-w- c:\windows\system32\srcore.dll
2015-04-27 19:05:29 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- c:\windows\system32\secur32.dll
2015-04-27 19:05:17 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-27 19:04:47 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-27 19:04:45 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-04-27 19:04:37 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-04-27 19:04:37 17408 ----a-w- c:\windows\system32\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-04-27 19:04:24 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-04-27 19:04:21 69632 ----a-w- c:\windows\system32\smss.exe
2015-04-27 19:04:14 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-04-27 19:04:12 37888 ----a-w- c:\windows\system32\relog.exe
2015-04-27 19:04:05 22528 ----a-w- c:\windows\system32\lsass.exe
2015-04-27 19:04:04 82944 ----a-w- c:\windows\system32\logman.exe
2015-04-27 19:03:58 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-04-27 19:01:33 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-27 18:59:41 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-04-27 18:59:36 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-27 18:00:30 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-04-26 04:40:51 12351744 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2015-04-26 04:40:49 577152 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2015-04-26 04:40:48 53248 ----a-w- c:\windows\system32\StkCProp.ax
2015-04-21 16:25:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-04-21 16:25:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-04-21 16:11:07 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- c:\windows\system32\html.iec
2015-04-21 16:08:41 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-04-21 15:58:44 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-04-21 15:57:57 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-04-21 15:51:54 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-04-21 15:43:28 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-21 15:25:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- c:\windows\system32\wininet.dll
2015-03-25 03:00:57 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00:57 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00:57 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-23 03:06:47 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06:32 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06:22 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06:21 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06:21 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06:21 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59:03 896000 ----a-w- c:\windows\system32\aeinv.dll
.
============= FINISH: 12:55:54.04 ===============

Attached Files

Attach.txt (12.2 KB)

Hi all.

I've been having a few troubles with my laptop lately, and it's come to a head today.

Firstly, I've noticed extreme slowdown during the start-up process, immediately after logging into Windows 8.1. This seemed to happen suddenly rather than gradually.

Secondly, I've had multiple instances of /windows/sytem32/cmd.exe and taskeng "running" on-screen for a couple of seconds, then disappearing. My Google research leads me to believe this is due to some kind of malicious software.

Thirdly, I no longer seem to be able to turn my anti-virus program on.

Unfortunately, I also don't seem to be able to run DDS on 8.1, as it gives me a dialog stating "DDS is not meant to run in compatibility mode."

Any help would be much appreciated.

i connect android LG G2 via USB to laptop, my laptop got a CRACK VIRUS, this virus never harm in laptop cause window have anti-virus.

but then i didnt clear the virus before connect LG G2 via USB.

at last, i take out the USB, the syndrome starts appears......the LG G2 cannot operate wifi or line, the wifi, mobile internet, and call and messenge cannot function,

the virus seems to broke in to LG.................cause LG didnt install any anti-virus

:banghead: i've tried the factory action a few times, never helps to recover the problem
:banghead: i hopes to remove the virusin LG through laptop usb, cause i cannot install the anti-virus now without any line coonetion
:confused: how? how to scan the LG virus with laptop?

Hello TSF Team,

Last few days every time I start up a game, my ram goes up to 80-90%, and when I am not running any game and just Google Chrome ram usage is up to 50-60% O.O!

What is going on ?

I have 8GB of RAM 1600Mhz.

Hi all, my machine has been acting somewhat strangely for the past few days as detailed in my post here http://www.techsupportforum.com/foru...ml#post6338386. It seems to be working better now after running sfcfix but I was told I should post over here just to be sure. Here are my DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.25.2
Run by Matthew at 18:06:42 on 2015-05-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3510.1858 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Matthew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Matthew\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Matthew\AppData\Local\WindowsSys2.exe
C:\Program Files\SafeConnect\SafeConnectClient.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1006\TmIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\matthew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "c:\users\matthew\appdata\roaming\spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\users\matthew\appdata\roaming\spotify\Spotify.exe" -autostart -minimized
uRun: [f.lux] "c:\users\matthew\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [System Alert] c:\windows\system32\System Alert.exe
uRun: [D5DB7544-3EC2-44AF-B067-F5ED965A51BC] "c:\users\matthew\appdata\local\WindowsSys2.exe" /STARTUP
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\matthew\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\matthew\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://8.19.48.111/CACHE/stc/5/binaries/vpnweb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\144545139333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\36F6C6F6271646F6D27657563747 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.33.1
TCP: Interfaces\{1073343B-1FAB-4179-B69A-2D781B34A266}\4556C626F6F583443413 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94C38BF9-485C-487C-B0AB-898FE16DD0C8} : DHCPNameServer = 128.197.253.188 128.197.253.126
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1006\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.81\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2014-9-11 142432]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scManager.sys [2012-11-19 176520]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2010-4-21 281400]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-4-21 38200]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-1-27 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-2-24 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-2-24 269824]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\tmproxy.exe [2010-4-21 689416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 insvc_1.10.0.13;Infonaut 1.10.0.13 Client Service;"c:\program files\infonaut_1.10.0.13\service\insvc.exe" --> c:\program files\infonaut_1.10.0.13\service\insvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-5-13 102912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-7 20464]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-4-21 50704]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-27 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-7 652360]
.
=============== Created Last 30 ================
.
2015-05-26 21:37:23 -------- d-----w- C:\AdwCleaner
2015-05-26 21:35:58 9265072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{017c9874-12a3-4e7d-a7b1-635f66548c11}\mpengine.dll
2015-05-26 21:35:41 -------- d-----w- C:\RegBackup
2015-05-26 21:29:40 -------- d-----w- C:\SFCFix
2015-05-26 21:28:58 -------- d-----w- c:\users\matthew\appdata\local\niemiro
2015-05-21 19:34:12 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432236852-5910-8057-C4C04F324D31
2015-05-21 19:34:04 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432236844-5910-8057-C4C04F324D31
2015-05-21 19:23:58 -------- d-----w- c:\program files\CCleaner
2015-05-21 17:32:24 -------- d-----w- c:\program files\TECHHUBBYSOL
2015-05-21 17:31:42 -------- d-----w- c:\users\matthew\appdata\local\Techhubby
2015-05-21 17:24:31 -------- d-----w- c:\users\matthew\appdata\local\15357
2015-05-21 17:05:12 128512 ----a-w- c:\users\matthew\appdata\local\WindowsSys2.exe
2015-05-21 17:00:41 -------- d-----w- c:\users\matthew\appdata\roaming\4C4C4544-1432227641-5910-8057-C4C04F324D31
2015-05-21 17:00:17 -------- d-----w- c:\program files\System Alert
2015-05-21 16:57:00 -------- d-----w- c:\users\matthew\appdata\local\Arun Programs
2015-05-21 16:44:23 908832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3a6a1fa2-ad3f-4d0d-b322-3549c4b6ec58}\gapaengine.dll
2015-05-21 16:43:50 9265072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-05-14 22:42:39 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:30:47 259072 ----a-w- c:\windows\system32\services.exe
2015-05-13 18:28:35 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-04 05:52:30 -------- d-----w- c:\users\matthew\appdata\local\FluxSoftware
.
==================== Find3M ====================
.
2015-05-26 21:54:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-26 21:54:39 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-05 01:12:49 248832 ----a-w- c:\windows\system32\schannel.dll
2015-04-27 19:11:55 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-04-27 19:11:53 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-27 19:11:53 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-27 19:08:02 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-04-27 19:05:39 851456 ----a-w- c:\windows\system32\diagtrack.dll
2015-04-27 19:05:35 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- c:\windows\system32\tdh.dll
2015-04-27 19:05:33 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-27 19:05:33 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-04-27 19:05:32 43008 ----a-w- c:\windows\system32\srclient.dll
2015-04-27 19:05:32 400896 ----a-w- c:\windows\system32\srcore.dll
2015-04-27 19:05:29 92160 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- c:\windows\system32\secur32.dll
2015-04-27 19:05:17 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-27 19:04:47 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-27 19:04:45 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-04-27 19:04:37 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-04-27 19:04:37 17408 ----a-w- c:\windows\system32\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-04-27 19:04:24 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-04-27 19:04:21 69632 ----a-w- c:\windows\system32\smss.exe
2015-04-27 19:04:14 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-04-27 19:04:12 37888 ----a-w- c:\windows\system32\relog.exe
2015-04-27 19:04:05 22528 ----a-w- c:\windows\system32\lsass.exe
2015-04-27 19:04:04 82944 ----a-w- c:\windows\system32\logman.exe
2015-04-27 19:03:58 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-04-27 19:01:33 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-27 18:59:41 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-04-27 18:59:36 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-04-27 18:00:30 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-04-21 16:25:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-04-21 16:25:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-04-21 16:11:10 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- c:\windows\system32\html.iec
2015-04-21 16:08:41 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-04-21 15:58:44 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-04-21 15:57:57 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-04-21 15:51:54 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-04-21 15:43:28 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- c:\windows\system32\jscript9.dll
2015-04-21 15:25:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- c:\windows\system32\wininet.dll
2015-04-20 02:56:29 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:03:22 2382336 ----a-w- c:\windows\system32\win32k.sys
2015-04-18 02:56:57 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-14 07:38:52 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-04-08 03:14:07 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14:07 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14:07 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-03-25 03:00:57 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00:57 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00:57 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-23 03:06:47 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06:32 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06:22 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06:21 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06:21 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06:21 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59:03 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06:01 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 23:34:52 95408 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2015-03-04 23:34:52 245096 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2015-03-04 04:16:14 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:11:12 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-03-04 04:10:54 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10:53 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-03-04 04:10:52 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10:52 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:10:37 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-03-04 04:06:41 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-03-03 13:16:52 246920 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:07:28.52 ===============
and I've attached attach.txt as well. I also recently cleaned out my browsers using Junkware Removal Tool and ADWCleaner. Here are my JRT logs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.0 (05.25.2015:1)
OS: Windows 7 Professional x86
Ran by Matthew on Tue 05/26/2015 at 17:35:39.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] apnmcp
Successfully stopped: [Service] brshelper
Successfully deleted: [Service] brshelper
Successfully stopped: [Service] netfilter
Successfully deleted: [Service] netfilter
Successfully stopped: [Service] smupd
Successfully deleted: [Service] smupd
Successfully stopped: [Service] smupdd
Successfully deleted: [Service] smupdd
Successfully stopped: [Service] spbiupd
Successfully deleted: [Service] spbiupd
Successfully stopped: [Service] spbiupdd
Successfully deleted: [Service] spbiupdd



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\AI_Updater
Successfully deleted: [Task] C:\Windows\System32\tasks\boosterpop
Successfully deleted: [Task] C:\Windows\System32\tasks\HDNINSTSCHD
Successfully deleted: [Task] C:\Windows\System32\tasks\IE_ERR4WDR
Successfully deleted: [Task] C:\Windows\System32\tasks\IEError
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Master
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Popup
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Popup3
Successfully deleted: [Task] C:\Windows\System32\tasks\PCPrivacyDock_Start
Successfully deleted: [Task] C:\Windows\System32\tasks\UPDTEXE4_WDR



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hawker
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcprivacydock
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hawker
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80CFE4F4-B31A-4850-8A62-67832B628DBA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{853130B6-1A29-4D9D-9513-2A461287651E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Shop Time



~~~ Files

Successfully deleted: [File] C:\end
Successfully deleted: [File] C:\Windows\verson_hawker.txt
Successfully deleted: [File] C:\Users\Matthew\appdata\local\nsaE9B7.tmp
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\aghaobcn\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\cbhicrqr\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\fuzwseql\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\newxfolq\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\szfaqduc\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\zgzmikpx\encecal.dll [Adware.AdPeak?]
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\zosaxknb\encecal.dll [Adware.AdPeak?]



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\app_setup
Successfully deleted: [Folder] C:\Program Files\askpartnernetwork
Successfully deleted: [Folder] C:\Program Files\conduit
Successfully deleted: [Folder] C:\Program Files\delta
Successfully deleted: [Folder] C:\Program Files\PariccELess
Successfully deleted: [Folder] C:\Program Files\pcp
Successfully deleted: [Folder] C:\Program Files\PorriceLeossa
Successfully deleted: [Folder] C:\Program Files\portable weatherapp
Successfully deleted: [Folder] C:\Program Files\predm
Successfully deleted: [Folder] C:\Program Files\searchprotect
Successfully deleted: [Folder] C:\ProgramData\abc
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\askpartnernetwork
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\browserdefender
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\hawker
Successfully deleted: [Folder] C:\Users\Matthew\appdata\local\installer
Successfully deleted: [Folder] C:\Users\Matthew\appdata\locallow\claro ltd
Successfully deleted: [Folder] C:\Users\Matthew\appdata\locallow\conduit
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\microsoft\windows\start menu\programs\pc performer
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\pc privacy dock
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\performersoft
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\search protection
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\searchprotect
Successfully deleted: [Folder] C:\Users\Matthew\documents\optimizer pro
Successfully deleted: [Folder] C:\Users\Matthew\documents\pcprivacydock
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\askpartnernetwork
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\conduit
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\crashrpt
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\cre
Successfully deleted: [Folder] C:\Users\Matthew\local settings\application data\pc_privacy_dock
Successfully deleted: [Folder] C:\Users\Matthew\appdata\local\ospd_us_1071 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\aghaobcn [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\cbhicrqr [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\fuzwseql [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\newxfolq [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\szfaqduc [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\zgzmikpx [Adware.AdPeak?]
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\zosaxknb [Adware.AdPeak?]



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\user.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\bprotect.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\searchplugins\yahoo_ff.xml
Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\smartbar
Successfully deleted the following from C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\prefs.js

user_pref(CT3072253.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.Facebook_Mode, 2);
user_pref(CT3072253.Facebook_User_Locale, en);
user_pref(CT3072253.FirstTime, true);
user_pref(CT3072253.FirstTimeFF3, true);
user_pref(CT3072253.UserID, UN56340175764143331);
user_pref(CT3072253.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3072253.autoDisableScopes, -1);
user_pref(CT3072253.cb_experience_000, 88);
user_pref(CT3072253.cb_firstuse0100, 1);
user_pref(CT3072253.cbcountry_001, US);
user_pref(CT3072253.cbfirsttime, Sun Aug 12 2012 17:39:08 GMT-0400 (Eastern Daylight Time));
user_pref(CT3072253.defaultSearch, FALSE);
user_pref(CT3072253.embeddedsData, [{\appId\:\129571859753931591\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3072253.enableAlerts, always);
user_pref(CT3072253.enableSearchFromAddressBar, FALSE);
user_pref(CT3072253.firstTimeDialogOpened, true);
user_pref(CT3072253.fixPageNotFoundError, true);
user_pref(CT3072253.fixPageNotFoundErrorInHidden, true);
user_pref(CT3072253.fixUrls, true);
user_pref(CT3072253.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES, resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L
user_pref(CT3072253.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES, openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=
user_pref(CT3072253.installId, fft2CD1.tmp.exe);
user_pref(CT3072253.installType, XPE);
user_pref(CT3072253.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.isNewTabEnabled, true);
user_pref(CT3072253.isPerformedSmartBarTransition, true);
user_pref(CT3072253.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3072253.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\hxxp%3A%2F%2Fwww.reddit.com%2Fr%2FHistoricalWhatIf%2F\,\EB_MAIN_FRAME_TITLE\:
user_pref(CT3072253.newSettings, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.openThankYouPage, true);
user_pref(CT3072253.openUninstallPage, FALSE);
user_pref(CT3072253.search.searchAppId, 129571859753931591);
user_pref(CT3072253.search.searchCount, 1);
user_pref(CT3072253.searchInNewTabEnabledInHidden, true);
user_pref(CT3072253.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3072253\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://uTorrentControl2.OurToolbar.com//xpi\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\uTorrentControl2\});
user_pref(CT3072253.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3072253.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1349896906457);
user_pref(CT3072253.serviceLayer_services_appTracking_lastUpdate, 1344807547583);
user_pref(CT3072253.serviceLayer_services_appsMetadata_lastUpdate, 1350127424176);
user_pref(CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1349037393233);
user_pref(CT3072253.serviceLayer_services_login_10.10.20.14_lastUpdate, 1354985899027);
user_pref(CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1349037393412);
user_pref(CT3072253.serviceLayer_services_searchAPI_lastUpdate, 1350155994255);
user_pref(CT3072253.serviceLayer_services_serviceMap_lastUpdate, 1354928324535);
user_pref(CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate, 1349037393314);
user_pref(CT3072253.serviceLayer_services_toolbarSettings_lastUpdate, 1354985898654);
user_pref(CT3072253.serviceLayer_services_translation_lastUpdate, 1354928324723);
user_pref(CT3072253.settingsINI, true);
user_pref(CT3072253.shouldFirstTimeDialog, false);
user_pref(CT3072253.smartbar.CTID, CT3072253);
user_pref(CT3072253.smartbar.Uninstall, 0);
user_pref(CT3072253.smartbar.toolbarName, uTorrentControl2 );
user_pref(CT3072253.startPage, userChanged);
user_pref(CT3072253.toolbarBornServerTime, 13-8-2012);
user_pref(CT3072253.toolbarCurrentServerTime, 8-12-2012);
user_pref(CT3072253.url_history0001, hxxp://www.politifact.com/truth-o-meter/article/2012/oct/08/suggest-fact-check-us-use-politifactthis/:::clickhandler:::1350008771659,,,
user_pref(CT3298566.1000082.isPlayDisplay, true);
user_pref(CT3298566.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3298566.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.FF19Solved, true);
user_pref(CT3298566.FirstTime, true);
user_pref(CT3298566.FirstTimeFF3, true);
user_pref(CT3298566.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(CT3298566.TopHitsConfig.enc, ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zc
user_pref(CT3298566.UserID, UN39718417211268134);
user_pref(CT3298566.YTbyClickFavorites.enc, W10=);
user_pref(CT3298566.YTbyClickRecent.enc, W10=);
user_pref(CT3298566.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3298566.autoDisableScopes, 14);
user_pref(CT3298566.browser.search.defaultthis.engineName, true);
user_pref(CT3298566.defaultSearch, true);
user_pref(CT3298566.embeddedsData, [{\appId\:\130110228003246321\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3298566.enableAlerts, true);
user_pref(CT3298566.enableFix404ByUser, TRUE);
user_pref(CT3298566.enableSearchFromAddressBar, true);
user_pref(CT3298566.firstTimeDialogOpened, true);
user_pref(CT3298566.fixPageNotFoundError, true);
user_pref(CT3298566.fixPageNotFoundErrorByUser, true);
user_pref(CT3298566.fixPageNotFoundErrorInHidden, true);
user_pref(CT3298566.fixUrls, true);
user_pref(CT3298566.installDate, 28/5/2013 10:39:40);
user_pref(CT3298566.installId, cid111);
user_pref(CT3298566.installSessionId, {8AC80814-5EA5-41F2-A7C3-8D330E2C214E});
user_pref(CT3298566.installSp, TRUE);
user_pref(CT3298566.installType, conduitnsisintegration);
user_pref(CT3298566.installUsage, 2013-06-06T01:31:20.4418221+03:00);
user_pref(CT3298566.installUsageEarly, 2013-06-06T01:31:17.5245473+03:00);
user_pref(CT3298566.installerVersion, 1.4.2.3);
user_pref(CT3298566.isCheckedStartAsHidden, true);
user_pref(CT3298566.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.isFirstTimeToolbarLoading, false);
user_pref(CT3298566.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3298566.keyword, true);
user_pref(CT3298566.lastNewTabSettings, {\isEnabled\:false,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN397184172112681
user_pref(CT3298566.lastVersion, 10.16.300.3);
user_pref(CT3298566.mam_gk_appStateReportTime.enc, MTM3MDQ3MTQ4OTk1Nw==);
user_pref(CT3298566.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3298566.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3298566.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3298566.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref(CT3298566.mam_gk_appsDefaultEnabled.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImE1NGZiYjczLWU3OWEtNDAwOS04NjUxLTFiYTYxZW
user_pref(CT3298566.mam_gk_currentVersion.enc, MS42LjAuOTk=);
user_pref(CT3298566.mam_gk_eventsCache.enc, eyI2Njc2Mzc0Zi1kODI3LTRkZGMtOTc0NC1hZjk4NTdiOWY0YWMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3298566.mam_gk_first_time.enc, MQ==);
user_pref(CT3298566.mam_gk_gadgetOpen.enc, d2VsY29tZQ==);
user_pref(CT3298566.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3298566.mam_gk_lastLoginTime.enc, MTM3MDQ3MTQ4NjExMQ==);
user_pref(CT3298566.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3298566.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_settings1.6.0.99.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMV8wIiwiaXNUZXN0Ijp0cnVlLCJpc1dlbGNvbWVFeHBlcmllbmN
user_pref(CT3298566.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_showWelcomeGadget.enc, dHJ1ZQ==);
user_pref(CT3298566.mam_gk_userId.enc, MGZjMmMyNTEtODY0MC00OTVlLWIwZTYtZjk2M2E4NWU0Yjhi);
user_pref(CT3298566.migrateAppsAndComponents, true);
user_pref(CT3298566.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://MixiDJV30.Our
user_pref(CT3298566.openThankYouPage, false);
user_pref(CT3298566.openUninstallPage, true);
user_pref(CT3298566.originalHomepage, hxxp://www.politifact.com);
user_pref(CT3298566.originalSearchAddressUrl, hxxps://isearch.avg.com/search?cid=%7B68322086-56e8-4ee9-8507-5b41541fc664%7D&mid=23513c543f7747d0ac4a8d6f4cdee406-72980b38dd9
user_pref(CT3298566.originalSearchEngine, Bing);
user_pref(CT3298566.revertSettingsEnabled, false);
user_pref(CT3298566.search.searchAppId, 130110228003246321);
user_pref(CT3298566.search.searchCount, 0);
user_pref(CT3298566.searchFromAddressBarEnabledByUser, true);
user_pref(CT3298566.searchInNewTabEnabledByUser, true);
user_pref(CT3298566.searchInNewTabEnabledInHidden, true);
user_pref(CT3298566.searchProtector.notifyChanges, {\dataType\:\string\,\data\:\false\});
user_pref(CT3298566.searchRevert, false);
user_pref(CT3298566.searchUserMode, 2);
user_pref(CT3298566.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3298566.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3298566\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://MixiDJV30.OurToolbar.com//xpi\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\MixiDJ V30\});
user_pref(CT3298566.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1370471481986);
user_pref(CT3298566.serviceLayer_services_appsMetadata_lastUpdate, 1370471481929);
user_pref(CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1370471481837);
user_pref(CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1370471480121);
user_pref(CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1370471482579);
user_pref(CT3298566.serviceLayer_services_location_lastUpdate, 1370471480550);
user_pref(CT3298566.serviceLayer_services_login_10.16.300.3_lastUpdate, 1370471482278);
user_pref(CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1370471481885);
user_pref(CT3298566.serviceLayer_services_searchAPI_lastUpdate, 1370471480129);
user_pref(CT3298566.serviceLayer_services_serviceMap_lastUpdate, 1370471478267);
user_pref(CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate, 1370471481778);
user_pref(CT3298566.serviceLayer_services_toolbarSettings_lastUpdate, 1370471479349);
user_pref(CT3298566.serviceLayer_services_translation_lastUpdate, 1370471481958);
user_pref(CT3298566.settingsINI, true);
user_pref(CT3298566.shouldFirstTimeDialog, false);
user_pref(CT3298566.showToolbarPermission, false);
user_pref(CT3298566.smartbar.CTID, CT3298566);
user_pref(CT3298566.smartbar.Uninstall, 0);
user_pref(CT3298566.smartbar.homepage, true);
user_pref(CT3298566.smartbar.toolbarName, MixiDJ V30 );
user_pref(CT3298566.startPage, true);
user_pref(CT3298566.toolbarBornServerTime, 6-6-2013);
user_pref(CT3298566.toolbarCurrentServerTime, 6-6-2013);
user_pref(CT3298566.toolbarLoginClientTime, Wed Jun 05 2013 16:31:22 GMT-0600 (Mountain Daylight Time));
user_pref(CT3298566.versionFromInstaller, 10.16.300.3);
user_pref(CT3298566_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1371080184969,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN39718417211268134&UM=2&UP=SP6BA6D775-929A-47FA-A5DB
user_pref(Smartbar.ConduitSearchEngineList, MixiDJ V30 Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxps://isearch.avg.com/search?cid=%7B68322086-56e8-4ee9-8507-5b41541fc664%7D&mid=23513c543f7747d0ac4a8d6f4cdee406-72980b38
user_pref(Smartbar.keywordURLSelectedCTID, CT3298566);
user_pref(browser.search.defaultthis.engineName, MixiDJ V30 Customized Web Search);
user_pref(browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=3&q={searchTerms});
user_pref(extensions.506a239b818d5.scode, (function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnalert11.co
user_pref(extensions.BabylonToolbar_i.newTab, true);
user_pref(extensions.BabylonToolbar_i.newTabUrl, hxxp://www.claro-search.com/?affID=114506&tt=3912_2&babsrc=NT_clro&mntrId=6eb04da700000000000068a3c4169287);
user_pref(extensions.GXTKBkXggUm6P5CH.scode, (function(){try{if(window.location.href.indexOf(\rjr5qHsFrTY5qdrEpdn9qjg5qTY\)>-1){return;}}catch(e){}try{var d=[[\www.virac
user_pref(extensions.QoFSdcLQt2HsQt3X.scode, (function(){try{if(window.location.href.indexOf(\rjr5qHsFrTY5qdrEpdn9qjg5qTY\)>-1){return;}}catch(e){}try{var d=[[\www.virac
user_pref(extensions.claro.admin, false);
user_pref(extensions.claro.aflt, babsst);
user_pref(extensions.claro.dfltLng, en);
user_pref(extensions.claro.excTlbr, false);
user_pref(extensions.claro.id, 6eb04da700000000000068a3c4169287);
user_pref(extensions.claro.instlDay, 15611);
user_pref(extensions.claro.instlRef, sst);
user_pref(extensions.claro.prdct, claro);
user_pref(extensions.claro.prtnrId, claro);
user_pref(extensions.claro.tlbrId, claro);
user_pref(extensions.claro.vrsn, 1.6.4.1);
user_pref(extensions.claro.vrsni, 1.6.4.1);
user_pref(extensions.claro_i.smplGrp, none);
user_pref(extensions.claro_i.vrsnTs, 1.6.4.19:19:16);
user_pref(extensions.crossriderapp26278.adsOldValue, 10);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 6eb04da700000000000068a3c4169287);
user_pref(extensions.delta.instlDay, 15869);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.21.5);
user_pref(extensions.delta.vrsnTs, 1.8.21.521:20:09);
user_pref(extensions.delta.vrsni, 1.8.21.5);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121441);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extentions.y2layers.defaultEnableAppsList, bestvideodownloader,buzzdock,YontooNewOffers);
user_pref(extentions.y2layers.installId, 425c3413-d80b-4bd8-b00f-453b06906a2e);
user_pref(smartbar.addressBarOwnerCTID, CT3298566);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298566&oct
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN39718417211268134&UM=2&q=);
user_pref(smartbar.defaultSearchOwnerCTID, CT3298566);
user_pref(smartbar.homePageOwnerCTID, CT3298566);
user_pref(smartbar.machineId, /C9+HS/UZI29/BYW3IEXF1QOXZFQOIWDS+UPN/AKINQHLFNKGLDGPSZV7OIMWSRNYID0BZGXT8/QZCGWTAUWMW);
user_pref(smartbar.originalHomepage, hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN39718417211268134&UM=2&SearchSource=13);
Emptied folder: C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\ekw1m3zj.default\minidumps [53 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/26/2015 at 17:37:31.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and my ADW logs # AdwCleaner v4.205 - Logfile created 26/05/2015 at 17:39:40
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Matthew - MATTHEW
# Running from : C:\Users\Matthew\Downloads\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : APNMCP
[#] Service Deleted : SPDRIVER_1.42.1.1870

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2650880150728770864
Folder Deleted : C:\ProgramData\a7cc6c19000017a9
Folder Deleted : C:\ProgramData\{7c0bff9e-a75a-d21f-7c0b-bff9ea75fe7a}
Folder Deleted : C:\Program Files\ConnectPC
Folder Deleted : C:\Program Files\Hawker
Folder Deleted : C:\Program Files\Priceless
Folder Deleted : C:\Users\Matthew\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
Folder Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\ProgramData\bjpchbfkcjcpafkggdmjcgkhilammejk
Folder Deleted : C:\ProgramData\coffdcpgfndebnobjbdimccfjkbjhdhb
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbmfpngjjgdllneeigpgjifpgocmfgmb_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_laankejkbhbdhmipfmgcngdelahlfoji_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgijmajocgfcbeboacabfgobmjgjcoja_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgijmajocgfcbeboacabfgobmjgjcoja
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\Matthew\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\bprotector web data

***** [ Scheduled tasks ] *****

Task Deleted : EPUpdater
Task Deleted : gtaUpt
Task Deleted : Inst_Rep
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SPDriver
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : PCPrivacyDock_Start
Task Deleted : PCPrivacyDock_Popup
Task Deleted : PCPrivacyDock_Master

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKCU\Software\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKCU\Software\5d538cd9b068bd46
Key Deleted : HKLM\SOFTWARE\5d538cd9b068bd46
Key Deleted : HKLM\SOFTWARE\7b7d31ed-8fad-3564-87a6-c1c422265cf1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{853130B6-1A29-4D9D-9513-2A461287651E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{853130B6-1A29-4D9D-9513-2A461287651E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Hawker
Key Deleted : HKCU\Software\PCPrivacyDockLanguage
Key Deleted : HKCU\Software\sidecom
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Hawker
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN39718417211268134&SSPV=EB_SSPV&Lay=1&UM=[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.506a239b818d5.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"su[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.GXTKBkXggUm6P5CH.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHsFrTY5qdrEpdn9qjg5qTY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]
[ekw1m3zj.default\prefs.js] - Line Deleted : user_pref("extensions.QoFSdcLQt2HsQt3X.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHsFrTY5qdrEpdn9qjg5qTY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]

-\\ Google Chrome v

[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=3912_2&babsrc=SP_clro&mntrId=6eb04da700000000000068a3c4169287
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18762388492178927&ctid=CT3298566&UM=2
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=121441&babsrc=SP_ss&mntrId=6EB068A3C4169287
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/

*************************

AdwCleaner[R0].txt - [16122 bytes] - [26/05/2015 17:38:22]
AdwCleaner[S0].txt - [16486 bytes] - [26/05/2015 17:39:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16546 bytes] ##########

Thanks!

Attached Files

attach.txt (19.6 KB)

I am using windows 8.1 was on facebook and clicked on an ad and a popup came up saying I am infected. The virus is Trojan TRU DealWare.Stealth.
How can I get this out of my computer. I tried Avast but it never found it.

Hello,
I'm posting here because after a series of days trying to solve the problem I went back to starting point (BSOD). Dateails of error after machine characteristics:
· OS - Win 7 pro x64
· What was the original installed OS on sthe ystem? Win7 pro
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? came installed with Win 7 pro
· Approximate age of system (hardware): 5 yo
· Approximate age of OS installation (if you know) : 5yo
· Have you re-installed the OS? no

· CPU i7
· Video Card: Saphire HD 7970
· MotherBoard (if NOT a laptop) Asus turbo V ??
· Power Supply - brand & wattage (if NOT a laptop): Antec 750 W

· System Manufacturer : Keynux
· Exact model number (if laptop, check label on bottom). P183 ????

Desktop mid tower

1: Windows 7 working fine up to here start lagging becoming slower and slower
2: after 1 week of point 1 I boot the pc and windows logo shows up and after a minute or so it freezes and gives a BSOD : c000021a
the windows subsystem process terminated etc etc c000006 (0xfd95ab52 0x00b6e400).
3:this problem was never solved so I send the HD (sata 1Tb) to a professional that open in clean room (he also clean the wallet =1000€) and made a clone in another HD.

4: meanwhile I try old clone done 3 years ago in another HD and it boots fine and windows works nice. But this clone lacks many programs installed since then and data.
5: I get the new cloned HD from the guy the also cleaned my walletl, and I try to boot.
6: I do see the windows logo and short after I get the BSOD with message:
stop: c0000005 the instruction at 0x%081 reference memory at etc etc

7: hardware works all fine because I put back old cloned HD and everything works fine.

8: I did run 3 times : chkdsk /r and it finds 24 Kb in bad sectors (not much)!

9: I cannot boot the disk at all but I can see its contend with gparted

10: I really need to restore the Windows because I cannot get back some of the programs installed since old clone ...very expensive and intricate connections for professional use.

Can this windows error be overcome?
Please help if you think the problem can be solved. I'm puzzled that the new expensive clone has a error that prevents it to boot.

Many Thanks

I'm trying to start my computer but as soon as I turn it on, it constantly says "Your PC ran into a problem, and needs to restart. We are just collecting some error info, and then we will restart for you." But it won't go past 0%. And goes to a "preparing automatic repair" and nothing happens just goes back to the blue screen. It's constantly doing this. :huh:

Hey guys, I was sent here by the Microsoft BSOD forum, since they thought these bluescreens may be related to some kind of infection. My old thread is here:

hxxp://www.techsupportforum.com/forums/f299/blue-screens-on-boot-1004498.html

Basically on boot, the computer immediately bluescreens and restarts itself. I was able to boot into safemode, but then my buddy just took a look at it and got a bit overzealous with uninstalling drivers to try and get rid of the BSOD, and now it can't boot into safe mode or with the last known good configuration either. I do have access to Windows installation media, and can burn other boot disks as needed. Since I couldn't boot it though, I can't run dds.scr... is there any way to run it from a boot disk or something?

Finally, I'll copy here the details about my laptop from the other thread:

· OS - Windows Vista Home Premium
· x86
· What was the original installed OS on the system? - Windows Vista Home Premium
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? - OEM
· Approximate age of system (hardware) - don't know (not my computer)
· Approximate age of OS installation (if you know) - don't know
· Have you re-installed the OS? - No

· CPU - Intel Core 2 Duo T6500
· Video Card - doesn't show up in dxdiag
· MotherBoard (if NOT a laptop)
· Power Supply - brand & wattage (if NOT a laptop)

· System Manufacturer - Dell
· Exact model number (if laptop, check label on bottom) - PP41L

Thank you so much in advance for any help or direction you might be able to give me!

:banghead:

Hello....

As indicated by the above not-so-smillie I'm frustrated to no end but lucky to still have networking capability for the moment.
I noticed the cooling fan on my laptop running more than it needed to be so I checked Task Manager to see what was running.
Checking under "show processes from all users" I found several hundred running instances of the following programs:
cmd.exe
conhost.exe
schtasks.exe
svchost.exe

Windows Defender has identified one of the culprits as:
ransom:HTML/Crowti.A
which is tagged by Defender attempting something every 3-5 minutes at Severe threat level. The machine hiccups/ freezes for a split second, Defender quarantines it and usually I'll get control back afterward.

I was running Symmantec Endpoint Client which I have since removed, leaving Defender and MBAM on the system.

When I tried to run DDS the system froze completely and required a hard reset. I have not attempted again until I get feedback from the Forum, hence the lack of requested log files.

Of note also is that this machine is on my network wirelessly along with a desktop (not mapped yet on this machine) and a WD MyBook Duo (not yet set up but it is mapped). There are errors logged in the Motorola cable modem/ router (SBG6580) but were all the same date and don't appear to be relevant.

My other problem aside from the virus is that this machine appears unable to be booted from a WinPE disk/ USB drive. Sources have indicated that the BIOS on this machine is too old to support it so I'm stuck hoping that that I don't lose the MBR or other critical data before a resolution. I had been looking into having a cloned drive availalable but don't know the best method of doing that. I can't back up anything now without fear of cloning the virus as well.

Any initial assistance is appreciated. I'll run DDS in safe mode if it yields the necessary data or at least enough to start the process.

I hadn't been able to update virus definitions for a long time. Contacted MWB and they said to do a complete uninstall and clean install but my computer won't allow that. I have gotten, "Source code error, cannot read" and 'root file not found '. Told MWB about this, told me to dl and install clean repair kit but again my computer says I can't.

I am not computer savvy so I do not know what is going on. Right now I have completely removes all traces of MWB from my computer using the removal tool from them.

My husband's laptop an Acer running W8.1 is having the same trouble removed it from there too.

Can anyone tell me anything about all this? thank you:ermm:

Hi all,

I run Microsoft Security Essentials, paired with Malware Antibytes Pro (Malware, not AV).

Once a week or more, I run AdwCleaner, and CCleaner.

I just uninstalled Qbittorent for First-steps and have DDS and Hijackthis logs.

My CPU will run fine for several hours, then start freezing sporadically for 3-5 seconds, but normally only when I am connected to the internet (cable or Wifi).

This isn't just browsers, but all programs- video, iTunes, trying to type in MS Word, etc.

A month ago I just re-installed windows in a clean-wipe for Acer (so not completely clean, but I removed the Acer junk), since I had a bunch of Malware.

Now I feel like I picked up some more malware that isn't being found by my above programs, due to the entire system freezing sporadically when connected to the internet.

Sometimes it goes away after 2x restarts.


DDS pasted below:



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by xlrambling at 8:37:04 on 2015-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3934.1683 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Windows\Prey\wpxsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\Prey\current\bin\node.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Windows\Prey\versions\1.3.9\node_modules\triggers\bin\lightevt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\GWX\GWX.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\xlrambling\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [f.lux] "C:\Users\xlrambling\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Google Update] "C:\Users\xlrambling\AppData\Local\Google\Update\GoogleUpdate.exe" /c
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{513472FE-0CFD-4120-A3E8-58B3B1CF50C3} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{6838EE3D-728C-4CF4-9A6F-4655A3E94550} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{6838EE3D-728C-4CF4-9A6F-4655A3E94550}\3514C44502C414B4540234F4646454540224255414B4 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xlrambling\AppData\Roaming\Mozilla\Firefox\Profiles\44frtrc8.default-1428326091743\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\xlrambling\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\xlrambling\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\xlrambling\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124568]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-11-4 68648]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-11-4 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-9-2 51752]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-6-1 83576]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-3-20 238384]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-20 331264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-19 435240]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-5 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-5 63704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-3-11 14464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-06-20 13:50:55 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A68611C-0C49-4EA8-A579-FEBCA8C63C1F}\offreg.912.dll
2015-06-20 13:46:49 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A68611C-0C49-4EA8-A579-FEBCA8C63C1F}\mpengine.dll
2015-06-19 01:44:36 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8BEC0FB-015F-497C-8AFE-F8AEFD4FD29E}\gapaengine.dll
2015-06-19 01:43:41 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-10 00:54:51 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-06-06 16:38:07 -------- d-----w- C:\Windows\en
2015-06-06 16:37:34 -------- d-----w- C:\Windows\fr
2015-06-06 16:37:30 -------- d-----w- C:\Windows\es
2015-06-06 16:37:25 -------- d-----w- C:\Windows\pt-br
2015-06-06 16:33:20 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2015-06-06 16:33:20 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2015-06-06 16:33:20 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2015-06-06 16:33:20 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2015-06-06 16:33:20 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2015-06-06 16:33:20 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2015-06-06 16:33:19 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2015-06-06 16:33:19 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2015-06-06 16:31:37 6081224 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e11465841d0a07502\onedrivesetup.exe
2015-06-06 16:31:37 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2015-06-06 16:31:35 -------- d-----r- C:\Users\xlrambling\OneDrive
2015-06-06 16:31:11 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-06-06 16:29:08 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e716b91a1d0a07504\DXSETUP.exe
2015-06-06 16:29:07 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e716b91a1d0a07504\DSETUP.dll
2015-06-06 16:29:07 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e716b91a1d0a07504\dsetup32.dll
2015-06-06 16:29:03 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e42226261d0a07503\DSETUP.dll
2015-06-06 16:29:03 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e42226261d0a07503\DXSETUP.exe
2015-06-06 16:29:03 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e42226261d0a07503\dsetup32.dll
2015-06-06 16:28:53 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\df7296451d0a07501\DSETUP.dll
2015-06-06 16:28:53 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\df7296451d0a07501\DXSETUP.exe
2015-06-06 16:28:53 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\df7296451d0a07501\dsetup32.dll
2015-06-06 16:28:49 -------- d-----w- C:\Users\xlrambling\AppData\Local\Windows Live
2015-06-01 23:44:06 -------- d-----w- C:\Users\xlrambling\AppData\Local\GWX
.
==================== Find3M ====================
.
2015-06-20 13:32:31 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-11 03:41:25 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-11 03:41:25 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:21:46 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2015-04-29 18:07:07 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2015-04-29 18:05:19 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-04-24 18:17:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-04-24 17:56:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-04-24 15:56:57 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-14 15:37:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
.
============= FINISH: 8:42:28.46 ===============

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16659
Run by Brian at 0:58:26 on 2015-06-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3062.1129 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\O2 Connection Manager\WaHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\goodsol\goodsol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k wdisvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = Google
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: TalkTalk Mail Toolbar Loader: {97736b03-27dc-47fd-939e-12f77f73d792} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: TalkTalk Mail Toolbar: {E9D7AA34-9F3B-4A42-BE5D-E049DA305EC3} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: TalkTalk Mail Toolbar: {e9d7aa34-9f3b-4a42-be5d-e049da305ec3} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\brian\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [WatcherHelper] "c:\program files\o2 connection manager\WaHelper.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
dRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imageb~1.lnk - c:\program files\canon\imagebrowser ex\MFManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
TCP: NameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{2340FAC1-633B-4E4F-8767-6A8212877192} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{475BA6F5-E4BC-430D-8636-00C48D4235A8} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{AB3637D4-AA2A-4909-88B3-CBC73369DF2E} : DHCPNameServer = 8.8.8.8 62.40.32.33
TCP: Interfaces\{B2E3C615-ED9E-4FE9-BC0B-E096E733A9E8} : DHCPNameServer = 192.168.8.1 192.168.8.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\2mdl8s0t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.talktalk.co.uk/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\users\brian\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\2mdl8s0t.default\extensions\{cefad33d-02d1-4da7-a524-9d9cd97948d2}\plugins\np_ybs.dll
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-5-7 191968]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-5-7 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-5-7 166880]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-3-20 35808]
R0 RapportHades;RapportHades;c:\windows\system32\drivers\RapportHades.sys [2015-5-28 68280]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-3-11 132576]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-4-27 226784]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-5-14 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-4-15 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-5-4 213984]
R1 RapportCerberus_1412108;RapportCerberus_1412108;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412108.sys [2015-6-17 528600]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-5-28 279800]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-5-28 348632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-5-18 3438544]
R2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-4-7 776656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-5-18 311792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2013-7-29 34712]
R2 O2 HiLink;O2 HiLink;c:\programdata\mobilebrserv\mbbService.exe [2013-8-9 232288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-5-28 2222360]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2008-6-4 118784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-5-28 218008]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-7-22 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-12 772296]
.
=============== Created Last 30 ================
.
2015-06-18 17:45:09 -------- d--h--w- c:\windows\msdownld.tmp
2015-06-17 21:13:18 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-06-17 21:12:48 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-06-17 20:57:07 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-06-17 20:56:53 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-17 20:56:53 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-17 20:56:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2015-06-17 20:56:52 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2015-06-17 20:56:52 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2015-06-17 20:56:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-05-28 14:16:18 68280 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-05-28 14:16:16 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-26 11:08:18 -------- d-----w- c:\program files\goodsol
.
==================== Find3M ====================
.
2015-05-30 23:55:03 1809920 ----a-w- c:\windows\system32\jscript9.dll
2015-05-30 23:54:04 367616 ----a-w- c:\windows\system32\html.iec
2015-05-30 23:49:49 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-05-30 23:49:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-05-30 23:49:02 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-05-30 23:48:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-05-30 23:47:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-05-30 23:47:50 11776 ----a-w- c:\windows\system32\mshta.exe
2015-05-23 08:19:17 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-23 08:19:17 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 12:49:12 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-07 12:52:08 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-05-07 12:52:06 191968 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-04 13:15:06 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-30 16:03:33 279040 ----a-w- c:\windows\system32\schannel.dll
2015-04-30 13:14:01 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-27 12:19:26 226784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-04-19 21:24:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-19 21:24:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-19 21:24:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-04-19 20:19:37 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-04-19 20:18:56 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-19 20:13:15 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-04-19 20:12:25 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-04-19 20:12:20 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-04-15 12:05:06 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-14 01:35:06 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 01:35:06 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22:42 279552 ----a-w- c:\windows\system32\services.exe
.
============= FINISH: 1:00:06.83 ===============

Attached Files

attach.txt (9.2 KB)

I hadn't been able to update virus definitions for a long time. Contacted MWB and they said to do a complete uninstall and clean install but my computer won't allow that. I have gotten, "Source code error, cannot read" and 'root file not found '. Told MWB about this, told me to dl and install clean repair kit but again my computer says I can't.

I am not computer savvy so I do not know what is going on. Right now I have completely removes all traces of MWB from my computer using the removal tool from them.

My husband's laptop an Acer running W8.1 is having the same trouble removed it from there too.

Can anyone tell me anything about all this? thank you:ermm:

Please help. It seems as if I have a virus called Tencent QQ. It is all chinese stuff that pops up on my computer and I have no clue how to get rid of it. There is nothing in Programes to uninstall, but the file is sitting under my C:]programfiles (x86) as Tencent and then QQ what ever. Please help!!!
I can not delete this file as it keep on saying I have no rights, but I am the owner, administrator everything.

Help!!!

Hi,

I am having a problem with Linkbucks, which I'm pretty sure is on my router:

Whenever I click on links on twitter or facebook I am redirected to linkbucks. This is happening on all my devices (Mac, Windows 8 PC, android phone) - on chrome it redirects to linkbucks and on IE I just get a 404. I've tried the mac with a 3G dongle and the phone on 3G and the problem stops, so I think the router must be the source of the problem.

I've tried running an adware remover but that didn't come up with anything. There's nothing in my chrome extensions either.

Once I realised it was the router I then tried resetting it but it kept coming back. I have changed the admin password to a strong password as it was originally left on the default password, but it has just come back again after doing this.

I had also been getting a redirect virus that seems to be on google related sites - it won't show me google search results and redirects me to a dodgy fake flash player when I try to use youtube. This hasn't come back since I changed the password, but it has been less than 24 hours since I've done it, so it might still come back.

The router is a TP-Link (TD-W8901G) ADSL router.

Can anyone help?

Thanks

PS - I can't make the scans work, because I'm using a mac.

I posted my question on a wrong place -- http://www.techsupportforum.com/foru...ml#post6407674
I hope someone can help me repair the Chrome browser and remove an unwanted cassiopesa search engine. Thanks very much

Got this after putting new game CD in. Ransom message does not look like images I've seen. Also the fox (?) site with the portal key did not recognise the files as Crypto. My Eset antivirus said it cleaned it. As did the ESET online scanner. As did Malwarebytes. The message is still on the screen and will not remove. Task manager processes no longer show.
DDS follows:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by Stuart at 20:32:06 on 2015-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16322.13846 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A0F1F251-27A0-46FE-8193-E559EAD1AD4C} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-9-15 20464]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2015-1-30 246000]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-12-4 927232]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-1-28 1349576]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2015-1-30 159480]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-18 1152656]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-4 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-7 1884304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-4 22997648]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-5-15 410952]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-9-15 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-9-15 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-7 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-16 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-14 883928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-12 1080120]
S3 dc21x4vm;dc21x4vm;C:\Windows\System32\drivers\dc21x4vm.sys [2009-6-10 57344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-12 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-8 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-8 1255736]
.
=============== Created Last 30 ================
.
2015-06-23 18:23:52 -------- d-----w- C:\Program Files (x86)\ESET
2015-06-23 17:40:31 -------- d-----w- C:\ProgramData\avinecuryladypom
2015-06-13 15:02:45 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-06-13 15:02:45 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-06-13 15:02:45 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-06-13 15:02:45 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-06-13 15:02:45 -------- d-----w- C:\Program Files (x86)\OpenAL
2015-06-09 17:51:14 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-06-09 17:50:49 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-02 15:17:36 -------- d-----w- C:\Users\Stuart\AppData\Local\GWX
.
==================== Find3M ====================
.
2015-06-23 18:04:14 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-13 08:07:06 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-13 08:07:06 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-05-01 16:51:27 1316184 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-05-01 16:51:27 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-05-01 16:50:57 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-05-01 16:50:57 1570672 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
.
============= FINISH: 20:32:12.42 ===============

Attached Files

attach.txt (9.1 KB)

Apologies as I posted this in wrong place. Not sure I should do it again in the correct one as you will probably pick it up. But here goes.

Got this from game cd. Ransom message does not look like images of Crypto message. Fox site (?) with portal key to remove did not recognise files. Ransom message still on screen, will not remove even though ESET antivirus cleaned, as did online ESET and Malwarebytes.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by Stuart at 20:32:06 on 2015-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16322.13846 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A0F1F251-27A0-46FE-8193-E559EAD1AD4C} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-9-15 20464]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2015-1-30 246000]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-12-4 927232]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-1-28 1349576]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2015-1-30 159480]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-18 1152656]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-12-4 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-7 1884304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-4 22997648]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-5-15 410952]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-9-15 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-9-15 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-7 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-16 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-14 883928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-12 1080120]
S3 dc21x4vm;dc21x4vm;C:\Windows\System32\drivers\dc21x4vm.sys [2009-6-10 57344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-12 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-8 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-8 1255736]
.
=============== Created Last 30 ================
.
2015-06-23 18:23:52 -------- d-----w- C:\Program Files (x86)\ESET
2015-06-23 17:40:31 -------- d-----w- C:\ProgramData\avinecuryladypom
2015-06-13 15:02:45 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-06-13 15:02:45 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-06-13 15:02:45 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-06-13 15:02:45 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-06-13 15:02:45 -------- d-----w- C:\Program Files (x86)\OpenAL
2015-06-09 17:51:14 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-06-09 17:50:49 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-02 15:17:36 -------- d-----w- C:\Users\Stuart\AppData\Local\GWX
.
==================== Find3M ====================
.
2015-06-23 18:04:14 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-13 08:07:06 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-13 08:07:06 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-05-01 16:51:27 1316184 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-05-01 16:51:27 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-05-01 16:50:57 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-05-01 16:50:57 1570672 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
.
============= FINISH: 20:32:12.42 ===============

Attached Files

attach.txt (9.1 KB)