Hi Tech Support,

I downloaded a .exe file for clashbot that turned out to be a dud and started installing many programs onto the PC. I tried to manually uninstall them but it would just install more.

Below is the DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.45.2
Run by Vicki at 17:06:44 on 2015-07-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8130.4532 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Users\Vicki\AppData\Roaming\TWV\MediaService.exe
C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\helppane.exe
C:\Users\Vicki\AppData\Local\Temp\amisetup9518__12900.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
uRun: [Spotify Web Helper] "C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Dropbox Update] "C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [Bubble Dock] "C:\Users\Vicki\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
uRun: [WindApp] "C:\Users\Vicki\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
uRun: [DeskBar] C:\Users\Vicki\AppData\Local\DeskBar\dblaunch.exe
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
uRunOnce: [IDSS_STARTUP] C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coSAStub.exe /install /force
uRunOnce: [DelTr267338] cmd.exe /c rd /s /q "C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa"
uRunOnce: [Tny_Cassiopesa] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [ospd_us_016010034] "C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRunOnce: [SpaceSondPro_v87.1083] C:\Program Files (x86)\SpaceSondPro_v87.1083\SpaceSondPro_Service.exe ro
mRunOnce: [upospd_us_016010034.exe] C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe -runonce
mRunOnce: [DelTr267338] cmd.exe /c rd /s /q "C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
StartupFolder: C:\Users\Vicki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: SafeKey - C:\Users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01} : NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\030323431453645333032423 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\342473839393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545 : NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{45EB96AC-16FC-42F4-A9C5-90F24D23609D} : NameServer = 82.163.143.131,82.163.142.133
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cassiopessa.com/?f=1&a=csp_tuto1_15_29&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCtBzyyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtC0CyB0BzytC0AtGtD0DtC0AtGtByCyDyEtGtBzyyD0AtG0CyB0D0BtAzz0A0FtCyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzuyE&cr=1026998881&ir=
FF - prefs.js: browser.search.selectedEngine - Search Module
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-3-30 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2015-2-17 864072]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2015-2-17 340448]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [2015-7-19 162392]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2014-3-30 936728]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-3-24 433880]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-3-24 144600]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-3-24 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-3-24 798424]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2014-3-30 240584]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-30 169432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2015-7-19 154856]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2015-7-19 753768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [2015-4-8 207344]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-7-19 76064]
R2 MediaService;Media Service;C:\Users\Vicki\AppData\Roaming\TWV\MediaService.exe [2015-5-21 115712]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-7-19 372144]
R2 migihuse;Menu Find;C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs [2015-7-18 612864]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [2015-7-19 131144]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-30 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-30 16939296]
R2 SMUpd;Search Module Update;C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2015-7-18 2855936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-23 411968]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-6-18 5495056]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2015-2-17 68784]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-3-30 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-3-30 786416]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 401736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2015-2-17 337888]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2015-7-19 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2015-2-17 488000]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-1-16 482600]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2015-7-19 250672]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-30 805088]
R3 SMUpdd;Search Module UpdateD;C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [2015-7-18 41632]
S2 0298121437280780mcinstcleanup;McAfee Application Installer Cleanup (0298121437280780);C:\Users\Vicki\AppData\Local\Temp\029812~1.EXE -cleanup -nolog --> C:\Users\Vicki\AppData\Local\Temp\029812~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-19 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-1-16 100720]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-10 1255736]
.
=============== Created Last 30 ================
.
2015-07-19 04:40:17 32372200 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-19 04:40:16 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2015-07-19 04:40:15 76064 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2015-07-19 04:40:15 -------- d-----w- C:\Users\Vicki\AppData\Local\McAfee File Lock
2015-07-19 04:40:12 -------- d-----w- C:\Program Files (x86)\SafeKey
2015-07-19 04:40:08 -------- d-----w- C:\Program Files (x86)\McAfee.com
2015-07-19 04:39:41 -------- d-----w- C:\Program Files\McAfee.com
2015-07-19 04:39:41 -------- d-----w- C:\Program Files\McAfee
2015-07-19 04:39:39 -------- d-----w- C:\Program Files (x86)\McAfee
2015-07-19 04:34:07 -------- d-----w- C:\ProgramData\3d2eec2000007582
2015-07-19 04:23:35 -------- d-----w- C:\FRST
2015-07-19 04:22:54 -------- d-----w- C:\Program Files (x86)\PCMATICPLUSSOL
2015-07-19 04:20:47 -------- d-----w- C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed
2015-07-19 04:05:23 162392 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys
2015-07-19 04:05:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE070B0.02A
2015-07-19 04:05:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2015-07-19 04:05:20 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2015-07-19 04:02:40 -------- d-----w- C:\Users\Vicki\AppData\Local\Chromium
2015-07-19 04:02:27 -------- d-----w- C:\ProgramData\InstallSightSDK
2015-07-19 04:02:18 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa
2015-07-19 04:01:43 -------- d-----w- C:\Quarantine
2015-07-19 04:01:27 250672 ----a-w- C:\Windows\System32\mfevtps.exe
2015-07-19 04:01:26 -------- d-----w- C:\Program Files\Common Files\McAfee
2015-07-19 04:01:26 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2015-07-19 03:57:23 -------- d-----w- C:\ProgramData\{49daa21b-fd28-36a9-49da-aa21bfd2886f}
2015-07-19 03:56:54 -------- d-----w- C:\Program Files\SpaceSoundPro
2015-07-19 03:56:47 -------- d-----w- C:\Program Files (x86)\predm
2015-07-19 03:51:05 -------- d-----w- C:\Users\Vicki\AppData\Local\BrowserAir
2015-07-19 03:50:44 -------- d-----w- C:\Program Files (x86)\Portable WeatherApp
2015-07-19 03:50:43 -------- d-----w- C:\Users\Vicki\AppData\Local\DeskBar
2015-07-19 03:50:33 -------- d-----w- C:\ProgramData\SearchModule
2015-07-19 03:50:32 -------- d-----w- C:\Program Files\Common Files\Goobzo
2015-07-19 03:50:25 -------- d-----w- C:\Users\Vicki\AppData\Local\Installer
2015-07-19 03:50:21 -------- d-----w- C:\Users\Vicki\AppData\Roaming\WTools
2015-07-19 03:50:17 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Store
2015-07-19 03:50:11 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Nosibay
2015-07-19 03:49:33 -------- d-----w- C:\Users\Vicki\AppData\Local\globalUpdate
2015-07-19 03:49:33 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-07-19 03:49:13 -------- d-----w- C:\Program Files\ffsecure
2015-07-19 03:48:43 -------- d-----w- C:\Users\Vicki\AppData\Roaming\TWV
2015-07-19 03:48:41 -------- d-----w- C:\Program Files (x86)\ospd_us_014010035
2015-07-19 03:48:34 -------- d-----w- C:\Users\Vicki\AppData\Local\ospd_us_016010034
2015-07-19 03:48:34 -------- d-----w- C:\Program Files (x86)\ospd_us_016010034
2015-07-19 03:47:37 -------- d-----w- C:\Users\Vicki\AppData\Local\2F8B4820-1437263257-11DD-B021-BCEE7B8C64A3
2015-07-19 03:46:43 -------- d-----w- C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3
2015-07-19 02:35:41 -------- d-----w- C:\Users\Vicki\AppData\Local\Diagnostics
2015-07-14 23:53:25 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-07 01:12:26 -------- d-----w- C:\Users\Vicki\AppData\Roaming\NVIDIA
2015-07-03 02:15:08 -------- d-----w- C:\Users\Vicki\AppData\Roaming\qmacro
2015-07-03 02:15:07 -------- d-----w- C:\Users\Vicki\AppData\Roaming\mymacro
2015-06-25 11:13:50 26846912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:13:50 112326848 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-06-25 11:09:52 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-06-25 11:09:52 37422272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:09:52 112326848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
.
==================== Find3M ====================
.
2015-07-15 15:13:19 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 15:13:19 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:59:59 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:31 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-09 17:58:26 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-03 18:05:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-03 18:05:43 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-03 18:05:34 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-03 18:05:26 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-03 17:56:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-03 17:56:56 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-03 17:56:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-03 17:55:42 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-03 16:52:31 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-03 16:42:38 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 17:06:56.83 ===============

I am running Windows 7-64 bit ultimate. My system has been infected with worm:win32/gamarue.gen!nk. This worm hides all the files in USB disks and creates a single shortcut by the name of USB disk itself. For example if my pen drive is named john52, the virus will create a file named john52.lnk inside my pen drive.

I had been using Kaspersky internet security 2013 for quite some time but it is not able to detect it. I did a full scan with it and unfortunately didn’t find the virus. Only Microsoft security essentials is able to remove this infection from my pen drive but not from my system. That said, my pen drives gets cleaned when I scan with MSE but when I plug it again, it gets infected too.
What should I do?

A few months ago my PC became infected with a few viruses, Cryptor and some ransomware at the very minimum. After running various AV's and malwarebytes, I seemingly thought I was in the clear. Not sure what residual damage was done to system files, but I am unable to do windows updates. SP1 has been removed from my PC and I can't update it. I cannot use system restore. It only gives me 3 restore points, all of which are within 24 hours of whenever I try to use it, plus it will not restore to any point I pick. Last night I tried updating iTunes. I received an error during install and now iTunes is not operational. I tried uninstalling and re-downloading but I still get an error message. I was told to back up all of my files and to do a reset to factory settings, but I would rather not do that. I was also told I may have corrupt files in my registry but not sure what to do with that. Any help would be greatly appreciated.

Hi, A couple of weeks ago I ran a full scan on MSE, it told me I had a Trojan:Win32/Dynamer!ac, I tried to remove this but computer froze. I went on a malware support site and ran Kaspersky TDSSkiller which found nothing. Further support asked me to run Farbar Recovery Scan and Malwarebytes Antimalware, again neither found anything. Computer declared ok. Since then it has been running very slow and takes ages to start up. A few days ago it went into Startup repair when I switched it on. I found a file on C drive containing mpasbase and mpavbase.vdm._p which I believe are something to do with Microsoft Antivirus definitions.

If I still have a virus what do I do now? and how did I get it? always have MSE and update it. Have no access to a clean computer at the moment to change passwords etc. Have not done a back up as nothing in files that I really need. I don't have a windows install disc or boot cd. I've run DDS and hopefully you will receive the 2 logs.
Thanks in anticipation of your help

Jane

Attached Files

	dds.txt (26.4 KB)
	attach.txt (7.8 KB)

Hello all i have got a new pc, theres hardly anything installed, i was wondering if anyone knew what this ment ?
here is the writting thats inside the notepad file:

[0729/193712:INFO0)] WebCore is now online.
[0729/193712:INFO0)] Running Awesomium 1.7.5.0
[0729/193955:WARNING:Awesomium.NET(0)] System.ComponentModel.InvalidAsynchronousStateException: An error occurred invoking the method. The destination thread no longer exists.
at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCall back d, Object state)
at Awesomium.Core.WebCore.SwoYrDtsHvuLJUY08ID(Object , Object , Object )
at Awesomium.Core.WebCore.wQrBKtHAGh()
[0729/194115:INFO0)] WebCore is now online.
[0729/194115:INFO0)] Running Awesomium 1.7.5.0
[0729/194303:WARNING:Awesomium.NET(0)] System.ComponentModel.InvalidAsynchronousStateException: An error occurred invoking the method. The destination thread no longer exists.
at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCall back d, Object state)
at Awesomium.Core.WebCore.SwoYrDtsHvuLJUY08ID(Object , Object , Object )
at Awesomium.Core.WebCore.wQrBKtHAGh()

Hey all,

I've got a problem that just started a few hours ago, and I'm not sure what is causing it. My best guess, is that it is malware of some sort.

Since a few hours ago, my computer has started doing something odd. Some sites that I go on, are acting rather strange. Ads are coming up in Spanish, even though I am using a computer that has it's default language as English, as well as having my browsers set to English. Netflix, when I tell the computer to play, is showing the title in Spanish, but only after the play button is clicked.

I ran CCleaner thinking maybe a cookie I picked up was causing it or something, I ran malwarebytes and Kaspersky full scans, and nothing was found. I tried doing a system restore to before it happened, and it didn't change anything.

Any help would be greatly appreciated, as I'd like to get rid of whatever is causing this.

Several symptoms, I can't tell if this is a hardwre or software problem

1. machine has become very slow,

2. Firefox freezes, when it starts it may open five or six tabs.

3. wireless mouse stops working, touch pad fails at the same time.

4. Sometimes freezes on the welcome screen, and mouse stops working. Have to power down and start over

5. Doesn't download from dropbox according seamlessly.

6. Had to start in safe mode with networking to post this.

Malwarebytes found nothing yesterday.

Avast free is running.

Tech specs:

Attachment 246466


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.51.2
Run by Diana at 10:25:07 on 2015-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1221 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65224]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 274808]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-21 1048856]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-21 447944]
S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 28656]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 90968]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-9 150160]
S2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-27 146600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-16 136048]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-16 136048]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-2-16 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-16 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-07-30 02:30:40 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44D88405-2854-453F-869E-1778C8F43EF5}\mpengine.dll
2015-07-28 05:09:19 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 05:09:18 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 05:09:18 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 05:09:18 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 05:09:18 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 05:09:18 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 05:09:17 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 05:09:17 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-27 16:29:58 -------- d-----w- C:\Users\Diana\AppData\Local\Dropbox
2015-07-27 09:34:12 43112 ----a-w- C:\Windows\avastSS.scr
2015-07-25 06:19:08 -------- d-----w- C:\Users\Diana\Dropbox
2015-07-20 18:00:49 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-20 18:00:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-20 18:00:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-20 18:00:48 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-20 18:00:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-20 18:00:48 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-20 18:00:48 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-20 18:00:48 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-20 18:00:48 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-20 18:00:48 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-19 17:12:42 -------- d-----w- C:\Users\Diana\Dropbox diana
2015-07-16 17:58:51 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-07-15 10:36:31 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-15 10:35:58 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-15 10:34:42 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-07-15 10:33:51 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-15 10:32:59 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 10:32:59 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 10:32:59 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 10:32:59 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-10 13:43:51 -------- d-sh--w- C:\$RECYCLE.BIN
2015-07-10 13:06:33 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-04 13:10:52 -------- d-----w- C:\AdwCleaner
.
==================== Find3M ====================
.
2015-07-30 16:08:55 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-27 16:03:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-27 16:03:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-27 09:34:17 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-07-27 09:34:17 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-07-27 09:34:17 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-07-27 09:34:17 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-07-27 09:34:17 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-07-27 09:34:17 150160 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-07-27 09:34:01 1048856 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-23 19:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-18 14:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 14:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 14:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-15 21:45:42 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-06-15 21:45:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-06-15 21:44:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-06-15 21:43:35 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-06-15 21:42:49 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
.
============= FINISH: 10:27:07.94 ===============

Attachment 246474

Attached Thumbnails

 

Attached Files

attach.zip (3.0 KB)

I can only get into a browser when I am in safe mode. How do I fix (I have tried installing new drivers; nothing changed)? I am running Windows 7 on a Lenovo ThinkPad. I have tried disabling add-ons, updated browsers, tried to revert to last known working timestamp, and hard reset. I do not currently have access to an install disc or boot CD, and I am unable to include the attach doc.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.7601.18715 BrowserJavaVersion: 10.21.2
Run by admin at 21:23:19 on 2015-07-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3176.2166 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dnldwz_15_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtD0DzztCzy0A0D0DyByC0B0AtB0FyBtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0E0FtCtB0EtB0EtGyD0BtAyEtG0C0FtBtAtGtCtAyD0DtGtDtAyCtAtD0D0A0CyD0E0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByByEzytA0B0AyDtGtByC0DyBtGyEtAtCtBtG0AzztA0DtGyBtD0F0A0CyD0FyEtDyD0E0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1041564713%26a%3Dwncy_dnldwz_15_25%26os%3DWindows 7 Enterprise
uDefault_Page_URL = hxxp://schools.nyc.gov
uProxyServer = 127.0.0.1:9666
uProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Filter Results: {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [GoogleChromeAutoLaunch_D9394DE6386755479577597100432920] "c:\users\admin\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ALCKRESI.EXE] c:\program files\lenovo\autolock\ALCKRESI.EXE
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = NYCDOE
mPolicies-System: legalnoticetext = This computer system, including all related equipment, is the property of the NYC Department of Education (NYCDoE) and is solely for uses authorized by NYCDoE. You have no right to privacy on the system, and all information and activity on the system may be monitored. Any unauthorized use of the system may result in disciplinary action, civil or criminal penalties.
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
Trusted Zone: cybershift.net
Trusted Zone: mathxlforschool.com
Trusted Zone: nycboe.net
Trusted Zone: nycenet.edu
Trusted Zone: thelearningodyssey.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D0591289-51FA-447C-B958-897928C40F79} : DHCPNameServer = 10.251.38.21 10.251.38.22
TCP: Interfaces\{EC29A048-EEFD-40B3-A64B-5B7B829FF00B} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EC29A048-EEFD-40B3-A64B-5B7B829FF00B}\3557C6C6966716E60275966496027457563747 : DHCPNameServer = 10.128.128.128
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.7.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-14 25968]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-7-22 95112]
R1 PHCORE;PHCORE;c:\program files\lenovo\rapidboot\PHCORE.sys [2010-12-3 33640]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec endpoint protection\Rtvscan.exe [2010-12-21 1832072]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-2-14 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-10-2 7522304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-7-22 49776]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-7-22 208664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-7-22 788784]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-7-22 433264]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-5-19 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 22134214;SuperOptimizer Stats;c:\windows\system32\rundll32.exe [2009-7-13 44544]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2015-3-3 84376]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-7-22 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-7-22 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-7-22 113592]
S2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-7-22 146600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EDPA;EDPA;c:\program files\manufacturer\endpoint agent\edpa.exe [2011-3-14 255672]
S2 HyperW7Svc;HyperW7 Service;c:\program files\lenovo\rapidboot\HyperW7Svc.exe [2010-12-3 107880]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-14 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-4-11 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-14 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-4-11 93032]
S2 MediaDevSrv;MediaDevSrv;c:\programdata\mediadev\1404154465\mediadev.exe [2014-6-30 366952]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-14 143360]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [2012-4-25 17920]
S2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2012-2-14 141928]
S2 Service Mgr FilterResults;Service Mgr FilterResults;c:\programdata\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\PluginContainer.exe [2015-6-20 652520]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\lenovo\screen reading optimizer\SROSVC.exe [2012-2-14 443240]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-4-11 99328]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-4-11 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-2-14 2655768]
S2 Update Mgr FilterResults;Update Mgr FilterResults;c:\program files\common files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\Updater.exe [2015-6-20 574696]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-7-22 220752]
S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.7.0\ToolbarUpdater.exe [2015-7-17 1842576]
S2 WDP;WDP;c:\program files\manufacturer\endpoint agent\wdp.exe [2011-3-14 232120]
S2 WinDevSrv;WinDevSrv;"c:\programdata\online\sv.exe" --> c:\programdata\online\sv.exe [?]
S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2012-2-14 130944]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-7-22 3218624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2014-6-23 266240]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-2-14 367656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-14 33832]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-14 292200]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2015-6-20 30504]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-10 261800]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-3 111408]
S3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2011-5-16 40848]
S3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2011-5-16 38288]
S3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2011-5-16 47496]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-2-14 269824]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-12-17 227600]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-17 6758912]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-14 83304]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-2-14 246888]
S3 SFsCtrx111;SFsCtrx111;c:\windows\system32\drivers\SFsCtrx111.sys [2012-2-14 48824]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 tdifd111;tdifd111;c:\windows\system32\drivers\tdifd111.sys [2012-2-14 45624]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 vfsmfd;vfsmfd;c:\windows\system32\drivers\vfsmfd.sys [2012-2-14 48824]
S3 vrtam;vrtam;c:\windows\system32\drivers\vrtam.sys [2012-2-14 19256]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-16 1343400]
.
=============== Created Last 30 ================
.
2015-07-24 04:36:30 -------- d-----w- c:\program files\GUM9685.tmp
2015-07-24 00:01:57 -------- d-----w- C:\SUPERDelete
2015-07-24 00:00:38 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2015-07-24 00:00:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-07-24 00:00:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-07-23 23:38:15 -------- d-----w- c:\program files\CCleaner
2015-07-23 18:33:31 -------- d-----w- C:\AdwCleaner
2015-07-23 17:58:01 -------- d-----w- c:\users\admin\appdata\roaming\AVAST Software
2015-07-22 15:56:01 -------- d-----w- c:\windows\system32\vbox
2015-07-22 15:53:50 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-22 15:53:50 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-22 15:53:48 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-22 15:53:47 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-22 15:53:46 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-22 15:53:46 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-22 15:53:44 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-22 15:53:42 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-22 15:53:10 43112 ----a-w- c:\windows\avastSS.scr
2015-07-22 15:49:38 -------- d-----w- c:\program files\AVAST Software
2015-07-22 15:48:00 -------- d-----w- c:\programdata\AVAST Software
.
==================== Find3M ====================
.
2015-07-30 18:04:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2015-07-30 17:58:49 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2015-07-30 17:58:46 78032 ----a-w- c:\windows\system32\rpcnet.dll
2015-07-09 18:43:12 48496 ----a-w- c:\windows\system32\identprv.dll
.
============= FINISH: 21:24:22.93 ===============

Hey all,

Working on my father's computer here. He seems to have acquired a virus that seems to have locked down his account. Most software cannot be run, with the message that a "System administrator has blocked this program".

However, he is the sole user of the computer, and his account was previously an administrator. dds.scr was blocked, as was Adwcleaner. CKScanner and Addition.txt from Farbar are attached, and here is the results from Farbar scan:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by j (ATTENTION: The logged in user is not administrator) on OFFICE (31-07-2015 20:33:35)
Running from C:\Users\j\Downloads
Loaded Profiles: j (Available Profiles: j & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\j\Downloads\CKScanner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1069008 2015-04-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5214632 2015-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [66592 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2087968 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [cdloader] => C:\Users\j\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [GoogleChromeAutoLaunch_C0A832FBA3DE88C6BCC073377A7A221F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [IDriveE Startup] => C:\Program Files (x86)\IDriveWindows\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [EZBack-it-up Tray Scheduler] => C:\Program Files (x86)\EZBackitup\EZBkuptray.exe [631808 2004-06-03] (Rob Decker)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\RunOnce: [731_20217191549542] => C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat [315 2015-07-31] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-04-23] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk [2015-07-10]
ShortcutTarget: IDrive Tray.lnk -> C:\Program Files (x86)\IDriveWindows\IDriveEReg2ini.exe (Pro Softnet Corp.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2014-06-07]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2014-06-17]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo
SearchScopes: HKLM -> DefaultScope {FBA36C0E-C9FF-4FD4-8CAA-B9AA29E57530} URL =
SearchScopes: HKU\S-1-5-21-632300625-746590880-1275724836-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={7467A24A-5B2C-4180-8D92-E720EAD0F19B}&mid=1bdba7c42b7f47d29d3fa56eac2caf71-ebf86914f6fb165e48b0cd37ac6633f0732966a8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-15 07:27:40&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2679E3FB-136B-48B7-B542-56F601391BA8}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default
FF SelectedSearchEngine: Taplika
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-06-16] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll [2014-02-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-06-16] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-632300625-746590880-1275724836-1001: electronicarts.com/GameFacePlugin -> C:\Users\j\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: LastPass - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default\Extensions\support@lastpass.com [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Google Search) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (Gmail) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 BlueIris; C:\Program Files\Blue Iris 4\BlueIrisService.exe [59776 2014-09-03] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 IDriveE Service; C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe [158264 2013-05-20] (Pro Softnet Corporation)
S2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [95776 2014-06-18] (Prosoftnet)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5808432 2015-06-24] (MediaMall Technologies, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\j\AppData\Local\Temp\7zS51F9\hpslpsvc64.dll [X]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
S3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:33 - 2015-07-31 20:34 - 00023841 _____ C:\Users\j\Downloads\FRST.txt
2015-07-31 20:33 - 2015-07-31 20:33 - 02168832 _____ (Farbar) C:\Users\j\Downloads\FRST64.exe
2015-07-31 20:33 - 2015-07-31 20:33 - 00000000 ____D C:\FRST
2015-07-31 20:32 - 2015-07-31 20:32 - 02248704 _____ C:\Users\j\Downloads\AdwCleaner.exe
2015-07-31 20:32 - 2015-07-31 20:32 - 00468480 _____ () C:\Users\j\Downloads\CKScanner.exe
2015-07-31 20:30 - 2015-07-31 20:30 - 00688992 _____ (Swearware) C:\Users\j\Downloads\dds.scr
2015-07-31 20:15 - 2015-07-31 20:15 - 00000315 _____ C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2015-07-31 20:02 - 2015-07-31 20:02 - 01615168 _____ (LogMeIn, Inc.) C:\Users\j\Downloads\Support-LogMeInRescue.exe
2015-07-31 19:50 - 2015-07-31 19:51 - 183711512 _____ (Microsoft Corporation) C:\Users\j\Downloads\msert.exe
2015-07-31 19:49 - 2015-07-31 19:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\j\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-31 19:42 - 2015-07-31 19:42 - 02248704 _____ C:\Users\j\Downloads\adwcleaner_4.208.exe
2015-07-31 19:41 - 2015-07-31 19:41 - 00000262 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8CB6995E-A826-42E6-B9D7-94360B684D0B}.job
2015-07-31 19:10 - 2015-07-31 19:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\j\Downloads\tdsskiller.exe
2015-07-31 19:07 - 2015-07-31 19:07 - 00380416 _____ C:\Users\j\Downloads\8zgxuf83.exe
2015-07-31 06:58 - 2015-07-31 06:58 - 08376008 _____ (Auslogics Labs Pty Ltd ) C:\Users\j\Downloads\fix-my-pc-setup.exe
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-29 21:55 - 2015-07-29 21:55 - 00003094 _____ C:\WINDOWS\PFRO.log
2015-07-29 20:50 - 2015-07-29 20:50 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-29 20:50 - 2015-07-29 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-29 20:49 - 2015-07-29 20:50 - 00000000 ____D C:\Program Files\iTunes
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files\iPod
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-28 18:21 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-28 18:20 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 18:20 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-28 18:20 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-28 18:20 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-26 10:41 - 2015-07-26 10:41 - 03288464 _____ C:\Users\j\Downloads\tenorshare-card-data-recovery-trial345.exe
2015-07-26 08:44 - 2015-07-26 08:44 - 00000000 ____D C:\Users\j\AppData\Roaming\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00001233 _____ C:\Users\Public\Desktop\LG PC Suite.lnk
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\Users\j\AppData\Local\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2015-07-26 08:39 - 2015-07-26 08:40 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2015-07-26 08:36 - 2015-07-26 08:39 - 235018224 _____ (LG Electronics) C:\Users\j\Downloads\LGPCSuite_Setup.exe
2015-07-20 15:42 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 15:42 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 15:02 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 15:02 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 15:02 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 15:02 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 15:02 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 15:02 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 15:02 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 15:02 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-14 15:02 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-14 15:02 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-14 15:02 - 2014-10-28 22:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EventAggregation.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2015-07-14 15:02 - 2014-10-28 21:12 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-07-14 08:45 - 2015-07-31 08:02 - 00017916 _____ C:\WINDOWS\setupact.log
2015-07-14 08:45 - 2015-07-14 08:45 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-10 06:30 - 2015-07-10 06:30 - 09875096 _____ (ProSoftnet Corp ) C:\Users\j\Downloads\IDriveSetup.exe
2015-07-10 06:30 - 2015-07-10 06:30 - 00001995 _____ C:\Users\j\Desktop\IDrive.lnk
2015-07-10 06:30 - 2014-11-19 11:17 - 00000095 _____ C:\WINDOWS\SysWOW64\RegisterIDriveEDll.bat
2015-07-10 06:30 - 2014-11-19 11:16 - 00569368 _____ C:\WINDOWS\SysWOW64\olelib.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00232960 _____ (Pro-SoftNet Corporation, USA) C:\WINDOWS\SysWOW64\IDrLocale.dll
2015-07-10 06:30 - 2014-11-19 11:16 - 00147130 _____ C:\WINDOWS\SysWOW64\CRYPT32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00117982 _____ C:\WINDOWS\SysWOW64\ADVAPI32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00026032 _____ C:\WINDOWS\SysWOW64\IDriveEXceedCryReg.exe
2015-07-10 06:30 - 2014-11-19 11:16 - 00022212 _____ C:\WINDOWS\SysWOW64\olelib2.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00003841 _____ C:\WINDOWS\SysWOW64\server.pem
2015-07-10 06:30 - 2013-05-20 11:32 - 01342008 _____ (Pro Soft Net Corporation) C:\WINDOWS\SysWOW64\IDriveEService.dll
2015-07-07 13:15 - 2015-07-07 13:15 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-07-04 15:52 - 2015-07-04 15:52 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg (1).torrent
2015-07-04 15:50 - 2015-07-04 15:50 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg.torrent
2015-07-04 15:48 - 2015-07-04 15:48 - 00015633 _____ C:\Users\j\Downloads\[kat.cr]the.loft.torrent
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (5).exe
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (4).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (3).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (2).exe
2015-07-03 17:17 - 2015-07-03 17:17 - 01114376 _____ C:\Users\j\Downloads\FoscamWebComponents.zip
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foscam Web Components Test
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\Program Files (x86)\Foscam Web Components Test
2015-07-03 17:16 - 2015-07-03 17:16 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (4).exe
2015-07-03 17:14 - 2015-07-03 17:14 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (1).exe
2015-07-03 14:02 - 2015-07-31 19:17 - 01674579 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 08:01 - 2015-07-01 08:01 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (3).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:04 - 2014-06-05 21:21 - 00000000 ____D C:\Users\j\Documents\Outlook Files
2015-07-31 19:28 - 2013-12-17 11:35 - 00000000 ____D C:\Users\j\Documents\My Docs
2015-07-31 19:27 - 2014-03-18 06:03 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 19:17 - 2014-12-14 10:19 - 00000000 ____D C:\ProgramData\MediaMall
2015-07-31 19:17 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 19:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-31 18:50 - 2015-06-30 20:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 18:50 - 2015-06-30 20:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-31 18:19 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\MFAData
2015-07-31 14:52 - 2015-06-28 14:52 - 00000408 _____ C:\WINDOWS\Tasks\MrFixer.job
2015-07-31 13:18 - 2015-06-25 07:18 - 00000370 _____ C:\WINDOWS\Tasks\ClickIt.job
2015-07-31 11:39 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 96a11946-01fc-4223-9194-ea5968ca930d.job
2015-07-31 10:42 - 2014-12-03 11:42 - 00000270 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-07-31 07:53 - 2015-01-19 16:11 - 00001035 _____ C:\Users\j\Desktop\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00001021 _____ C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00000000 ____D C:\Users\j\AppData\Roaming\mjusbsp
2015-07-31 07:53 - 2014-06-19 20:50 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2015-07-31 07:53 - 2014-06-05 22:11 - 00000000 ___DO C:\Users\j\OneDrive
2015-07-31 07:52 - 2015-06-30 19:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-31 07:20 - 2014-06-09 12:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-31 07:10 - 2014-06-05 21:58 - 00000000 ____D C:\Users\j
2015-07-31 02:00 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 088fb7b2-ad56-4284-bde7-c19b34bf0f48.job
2015-07-31 00:12 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 21:55 - 2015-06-28 15:07 - 00000000 ____D C:\Program Files\Blue Iris 4
2015-07-30 21:54 - 2013-08-22 10:44 - 00502280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-30 21:51 - 2014-06-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-30 21:50 - 2014-06-05 19:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-30 21:43 - 2015-01-03 13:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-30 21:43 - 2014-08-14 07:39 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-30 21:17 - 2015-06-30 19:38 - 00000998 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 10:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-30 07:55 - 2014-07-02 20:57 - 00232523 _____ C:\Users\j\Desktop\Bills.xlsx
2015-07-29 21:53 - 2015-01-01 20:20 - 00000000 ____D C:\Users\j\AppData\Roaming\Azureus
2015-07-29 21:02 - 2014-06-06 20:45 - 00000000 ____D C:\Users\j\AppData\Roaming\Apple Computer
2015-07-29 20:49 - 2015-05-01 20:24 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-29 20:49 - 2014-06-13 16:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 22:52 - 2014-10-16 08:45 - 00612352 ___SH C:\Users\j\Downloads\Thumbs.db
2015-07-25 08:57 - 2014-06-05 20:33 - 01657344 ___SH C:\Users\j\Desktop\Thumbs.db
2015-07-17 14:49 - 2014-06-05 18:58 - 00000000 ____D C:\Users\j\AppData\Local\Lenovo
2015-07-17 08:20 - 2014-06-05 19:02 - 00000000 ____D C:\Users\j\AppData\Roaming\LSC
2015-07-17 08:19 - 2013-09-12 14:00 - 00000000 ____D C:\Program Files\Lenovo
2015-07-17 08:19 - 2013-09-12 13:59 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-17 08:18 - 2013-09-12 14:00 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-07-14 06:47 - 2015-01-01 20:20 - 00001871 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-14 06:47 - 2015-01-01 20:20 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-07-10 06:31 - 2014-06-18 18:03 - 00000000 _____ C:\WINDOWS\SysWOW64\idrivee.txt
2015-07-10 06:30 - 2014-06-19 20:50 - 00000000 ____D C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDrive
2015-07-09 08:16 - 2014-06-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-07 13:15 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-07-03 08:43 - 2014-06-05 19:42 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 07:56 - 2014-06-13 17:37 - 00000285 _____ C:\WINDOWS\wininit.ini
2015-07-01 04:02 - 2014-12-14 10:20 - 00000000 ____D C:\Program Files (x86)\MediaMall

==================== Files in the root of some directories =======

2014-06-07 12:02 - 2014-06-16 10:04 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 0000315 _____ () C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2014-12-10 22:48 - 2014-12-10 22:48 - 0000017 _____ () C:\Users\j\AppData\Local\resmon.resmoncfg
2014-06-07 01:11 - 2014-06-07 01:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-12 13:50 - 2013-09-12 13:50 - 0000198 ____H () C:\ProgramData\Lenovo-20051.vbs
2015-02-06 21:07 - 2015-02-06 21:07 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\Lenovo-20051.vbs


Some files in TEMP:
====================
C:\Users\j\AppData\Local\Temp\vcredist9_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================

Attached Files

	ckfiles.txt (197 Bytes)
	Addition.txt (40.3 KB)

Greetings,

My friend borrowed my laptop computer and I know he downloaded software that messed my browser up. I use Chrome and it seems that every page has an ad that pops up automatically and it makes browsing very difficult. The computer now takes longer than normal to boot up and shut down. I would greatly appreciate any help to correct the annoying pop-ups and marked delay.

Here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.31.2
Run by New User at 22:08:49 on 2015-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2379 [GMT -10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\CxAudMsg64.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\System32\alg.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\System32\hkcmd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\New User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\New User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\4\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\plugin.exe
C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\plugin.exe
C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\plugin.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Express Find: {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} - C:\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [3EEACF25A3A34117C559996B7D8760AD66AA92BB._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Spotify Web Helper] "C:\Users\New User\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Zoom] <no file>
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: dell.com
Trusted Zone: unicoldcorp.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
TCP: NameServer = 24.25.227.55 209.18.47.61
TCP: Interfaces\{4D212A25-9A31-4C6E-B8D6-229B29B2CBB6} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC} : DHCPNameServer = 24.25.227.55 209.18.47.61
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}\352474635383034344 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}\A65627963716D616 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}\A656279637A656279637 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}\A656279637A65627963716 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}\F42716E676564596765627D27657563747 : DHCPNameServer = 24.25.227.55 209.18.47.61
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} - "C:\Program Files (x86)\speed browser\Application\40.0.2214.45\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-8-6 173192]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-7 47032]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-9-16 205560]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2011-11-2 27648]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2013-1-11 213440]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-7-17 124568]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-3-1 126392]
R2 Service Mgr ExpressFind;Service Mgr ExpressFind;C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe [2015-3-23 1138960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-1 2595824]
R2 Update Mgr ExpressFind;Update Mgr ExpressFind;C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe [2015-3-23 1073424]
R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2013-2-10 12288]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-4-12 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-1 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 HP8207_8307;HP-HP8207_8307;C:\windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-7-22 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2013-1-16 11776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-1 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-3-1 307304]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-3-1 1109096]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-1 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-01 05:38:52 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB3EBAB3-E234-40D0-A341-156AC9849BC1}\gapaengine.dll
2015-08-01 05:21:56 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F03B73E4-28DA-42D3-B26B-DD8F0873E26B}\mpengine.dll
2015-07-26 04:08:49 0 ----a-w- C:\windows\SysWow64\sho14A8.tmp
2015-07-26 03:34:39 -------- d-----w- C:\windows\System32\appraiser
2015-07-24 01:58:04 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-24 01:58:04 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-23 07:36:26 5569984 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-07-23 07:35:59 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2015-07-23 07:35:59 6656 ----a-w- C:\windows\System32\apisetschema.dll
2015-07-23 07:35:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-07-23 07:35:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-23 07:35:59 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-07-23 07:35:59 4096 ---ha-w- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-07-23 07:35:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-23 07:35:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-07-23 07:35:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-07-23 07:35:59 3072 ---ha-w- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-23 07:35:59 3072 ---ha-w- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-07-23 07:35:59 3072 ---ha-w- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-07-23 07:35:59 2048 ----a-w- C:\windows\SysWow64\user.exe
2015-07-23 07:32:59 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-23 07:30:17 633856 ----a-w- C:\windows\System32\comctl32.dll
2015-07-23 07:30:16 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2015-07-23 07:30:14 2087424 ----a-w- C:\windows\System32\ole32.dll
2015-07-23 07:30:14 1414656 ----a-w- C:\windows\SysWow64\ole32.dll
2015-07-23 07:30:09 188416 ----a-w- C:\windows\System32\cryptsvc.dll
2015-07-23 07:30:09 143872 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2015-07-23 07:30:08 1480192 ----a-w- C:\windows\System32\crypt32.dll
2015-07-23 07:30:08 1174528 ----a-w- C:\windows\SysWow64\crypt32.dll
2015-07-23 07:30:07 229376 ----a-w- C:\windows\System32\wintrust.dll
2015-07-23 07:30:07 179200 ----a-w- C:\windows\SysWow64\wintrust.dll
2015-07-23 07:30:07 140288 ----a-w- C:\windows\System32\cryptnet.dll
2015-07-23 07:30:07 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2015-07-23 07:28:50 1882624 ----a-w- C:\windows\System32\msxml3.dll
2015-07-23 07:28:49 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2015-07-23 07:28:49 2048 ----a-w- C:\windows\System32\msxml3r.dll
2015-07-23 07:28:49 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2015-07-23 07:26:11 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-23 07:25:34 72192 ----a-w- C:\windows\System32\aelupsvc.dll
2015-07-23 07:25:34 342016 ----a-w- C:\windows\System32\apphelp.dll
2015-07-23 07:25:34 295936 ----a-w- C:\windows\SysWow64\apphelp.dll
2015-07-23 07:25:34 23552 ----a-w- C:\windows\System32\sdbinst.exe
2015-07-23 07:25:33 6656 ----a-w- C:\windows\System32\shimeng.dll
2015-07-23 07:25:33 5120 ----a-w- C:\windows\SysWow64\shimeng.dll
2015-07-23 07:25:33 20992 ----a-w- C:\windows\SysWow64\sdbinst.exe
2015-07-23 07:24:04 79360 ----a-w- C:\windows\System32\clfsw32.dll
2015-07-23 07:24:04 58880 ----a-w- C:\windows\SysWow64\clfsw32.dll
2015-07-23 07:24:04 367552 ----a-w- C:\windows\System32\clfs.sys
2015-07-23 06:39:06 0 ---ha-w- C:\Users\New User\AppData\Local\BIT425.tmp
2015-07-20 21:18:22 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7133028-A446-4B95-A697-F6C5E5C9BC94}\gapaengine.dll
2015-07-14 09:06:35 6420480 ----a-w- C:\Program Files (x86)\GUT6991.tmp
2015-07-14 09:06:35 -------- d-----w- C:\Program Files (x86)\GUM6990.tmp
.
==================== Find3M ====================
.
2015-07-23 07:11:33 778416 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-07-23 07:11:33 142512 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 03:19:54 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-15 03:19:50 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-15 03:19:46 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-15 03:19:45 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-15 02:55:37 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-15 02:55:35 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-15 02:55:32 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-15 02:54:33 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-15 01:59:42 372224 ----a-w- C:\windows\System32\atmfd.dll
2015-07-15 01:52:35 299008 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-09 17:59:59 17856 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-09 17:58:31 765440 ----a-w- C:\windows\System32\invagent.dll
2015-07-09 17:58:26 433664 ----a-w- C:\windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-05 10:08:23 300704 ------w- C:\windows\System32\MpSigStub.exe
2015-07-02 21:08:53 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\windows\System32\win32k.sys
2015-06-20 20:06:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:39:13 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 112064 ----a-w- C:\windows\System32\consent.exe
.
============= FINISH: 22:09:55.41 ===============

Attached Files

attach.txt (10.5 KB)

Hii Everyone,

I have a problem in my laptop, whenever I insert a pendrive in my lappy it creates a shortcut of that USB and the files don't open.
If I open the shortcut and then put my file in it , the file opens, It is affecting my lappy as well as other's. Some of my friends laptop has got affected because of this issue and some pendrive have stopped working. It gets write protected and also got .dll error.
Please suggest me something as soon as possible. I would be greatful to you people.

Hi Tech Support

I have followed the instructions and then got to the section where I down load DDS and run the scan. I downloaded DDS but when I try to run it there is a box that appears, please refer to the image attached. As I cant even run the scan I'm really not sure what to do next. Ill wait to hear back from you regarding this issues.

Many Thanks
Cheers
Lindsay

Attached Thumbnails

 

I am working on botnet detection and IDS.I need to understand the control flow of zeus botnet by running it in Visual studio .

I am successfully able to build zeus in visual studio.Next ,I set the breakpoints in source code and press start running the project button in visual studio .Next, i get error saying "Visual studio cannot find the builder program in the Releases folder".

I wish to know why this error is coming when i have successfully built the project and how to solve it.

This is for educational need and no private use.

I let my daughter use my laptop for a few weeks. She claims she only wanted to watch netflix on it. However, shortly after she started using it she complained about the computer not working. It was extremely infected. I had trouble running anything. I finally was able to run Avast and then Malwarebytes and cleaned up a ton of trojans and maleware. However, this computer still acts funny, runs super slow, and sometimes doesn't want to even boot up. I would love some help cleaning it up. I was hoping to give this to my son to use for college in a few weeks. Thank you in advance for your help.

Attached Files

	dds.txt (20.7 KB)
	attach.txt (11.1 KB)

Hi,
My name is Kelly. I was given a laptop and it hasn't worked right since I got it. It's a Lenovo T520 ThinkPad. I've never been able to update anything, but lately it's been acting crazy. I'm not able to turn any antivirus programs off or delete them because when I try to do anything in the add or remove programs, it gives me the error "Please wait until the current program is finished uninstalling or being changed". I tried to access the "Turn Windows Features on or off" feature, but the box is empty. I also realized that no matter how many times I set permissions on a folder or file, they always change back. They always show inherited permissions and have read only checked. I'm also afraid that whatever is in this computer has also affected my phone (Galaxy s5). I don't have a boot cd. I downloaded Process Explorer, but am not able to change anything. When I try to check the permissions for System, it comes up "System:4 Properties" and gives me an Access is Denied error. I've tried to run sfc /scannow, but I get "Windows Resource Protection cannot perform the requested operation." Some of the other errors I've had are: "An internal error occurred (rpnp2:no-svr(00000001provmgrserver)), 'There are no more endpoints available from the endpoint mapper", "Folder access denied", etc. The list is endless. I can't access my printer or do anything meaningful on this computer. Can you please help me? Here is the DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.51.2
Run by KELLYLOU at 17:29:46 on 2015-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3979.1765 [GMT -4:00]
.
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\KELLYLOU\Downloads\autoruns.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: AviraBrowserSafety.BrowserSafety: {c3c77255-42c0-499f-b664-6e981a0b1647} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: DontDisplayLockedUserId = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620}\5436F6E6F6C4F6467656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620}\D41647865677370254C6563647279636 : DHCPNameServer = 108.92.249.217
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-10-26 29512]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-15 23664]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2015-7-29 127752]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2015-7-20 59240]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-7-28 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-28 1133880]
R2 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-10-26 1669976]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-26 2656280]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-26 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-7-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-7-28 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-28 63704]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2014-6-11 101888]
S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-10-26 166016]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-26 425000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-26 39464]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-26 320560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-25 114688]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-6-11 1664856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-4-14 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-4-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-17 50464]
S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [?]
S4 Avira.ServiceHost;Avira Service Host;"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" --> C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [?]
S4 C771BUS;CASIO C771 USB Composite Device Driver;C:\Windows\System32\drivers\C771BUS.sys [2014-5-16 71752]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2015-7-20 40808]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-7-7 1738168]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-7-7 2088408]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-7-7 171928]
.
=============== Created Last 30 ================
.
2015-08-02 20:10:57 -------- d-----w- C:\Users\KELLYLOU\AppData\Roaming\Runscanner.net
2015-08-02 19:17:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5510A2FB-BD1F-46F3-8212-6D8172CC051F}\offreg.dll
2015-08-01 02:54:34 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\CEF
2015-08-01 02:54:28 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Adobe
2015-07-31 17:55:06 509264 ----a-w- C:\Program Files\winsdk_web.exe
2015-07-31 15:31:31 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\gtk-2.0
2015-07-31 15:31:20 -------- d-----w- C:\Users\KELLYLOU\.thumbnails
2015-07-31 15:29:05 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\fontconfig
2015-07-31 15:29:02 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\gegl-0.2
2015-07-31 15:29:02 -------- d-----w- C:\Users\KELLYLOU\.gimp-2.8
2015-07-31 01:04:32 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\HP
2015-07-30 23:07:54 -------- d-sh--w- C:\$RECYCLE.BIN
2015-07-30 02:22:46 -------- d-----w- C:\EEK
2015-07-30 01:43:47 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-07-30 01:43:43 -------- d-----w- C:\ProgramData\RogueKiller
2015-07-30 01:29:12 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\GWX
2015-07-30 01:17:23 -------- d-----w- C:\Program Files\HitmanPro
2015-07-30 01:14:44 -------- d-----w- C:\ProgramData\HitmanPro
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\REPORTS
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\LOGFILES
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\INFECTED
2015-07-28 23:56:11 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-07-28 23:25:28 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-28 23:24:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-07-28 23:24:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-07-28 23:24:09 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-07-28 23:24:09 -------- d-----w- C:\ProgramData\Malwarebytes
2015-07-28 23:24:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 23:20:20 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Programs
2015-07-27 22:06:56 -------- d--h--w- C:\Windows\System32\GroupPolicy
2015-07-27 20:41:12 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\VirtualStore
2015-07-27 18:11:36 -------- d-----w- C:\Windows\System32\catroot2
2015-07-27 17:57:10 -------- d---a-w- C:\Users\KELLYLOU\AppData\Local\ElevatedDiagnostics
2015-07-27 17:56:35 -------- d---a-w- C:\Windows\softwaredistribution.old
2015-07-26 14:23:43 -------- d-----w- C:\ProgramData\Package Cache
2015-07-26 01:01:18 -------- d-----w- C:\Users\KELLYLOU\FAKE COMPUTER
2015-07-25 23:56:21 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Apps
2015-07-25 23:53:35 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\CrashDumps
2015-07-25 01:11:30 -------- d-----w- C:\Users\KELLYLOU\AppData\Roaming\PwrMgr
2015-07-23 01:56:52 -------- d-sh--w- C:\Windows\Installer
2015-07-20 23:28:35 -------- d-s-a-w- C:\Windows\SysWow64\Microsoft
2015-07-19 16:44:43 18009776 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-07-08 13:55:53 -------- d---a-w- C:\Windows\SysWow64\FxsTmp
2015-07-08 13:55:53 -------- d-----w- C:\Windows\addins
2015-07-08 13:55:53 -------- d-----w- C:\Program Files\Microsoft Games
2015-07-08 13:55:51 -------- d-----w- C:\Windows\System32\FxsTmp
2015-07-08 01:32:02 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-07-08 01:31:58 -------- d---a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-04 21:17:46 -------- d-----w- C:\ProgramData\Corel
2015-07-04 03:33:03 -------- d---a-w- C:\AdwCleaner
.
==================== Find3M ====================
.
2015-07-30 18:45:47 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-19 16:44:53 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-19 16:44:53 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-16 13:36:26 44088 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-06-16 13:36:23 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2015-06-16 13:36:20 153256 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-09 18:26:06 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
.
============= FINISH: 17:30:18.64 ===============

i have this file i try to acvtivate that alredt being identefied as malicious

and the cloud scanner alaways stop's it

good to know its working properly

except that i alredy sandboxed the file so i can activate it safely.

how do i disable this feaking cloud scan!

it will be great thank you very much!

I have a Dell XPS 8700 running WIN 7 professional with Service Pack 1.

About two weeks ago I started having problems with more than one window open or running more than one program at a time. It was sporadic. This morning it is all the time.

Very slow accessing Internet Explorer or Chrome. Hangs trying to move from site to site. Can't access e-mail while accessing internet.

I run Panda antivirus and have it scanning every day. I use Malware Bytes once a week. Today I used online Trend Micro and nothing showed up. However I wonder if I picked up a virus or malware.

Any ideas? I really need my computer today! :smile:

Thanks for any help!

Sue

Client's PC
Acer Aspire E1 series Notebook Win 8.1/64

Popup onscreen along with a very annoying audio message warning of virus/spyware contamination and telling user to contact a 1-800 number for removal assistance. Several (30+) duplicate tabs (of homepage) open and cannot be closed.
Popup has links to to a 'computersecuritysupport.com' page.

After killing the process (using Task Manager) the PC may be used as normal with no popups. Does not reappear on restart. Happened several days ago. We killed it, scanned with ADW and MWB. PC seemed fine so put it back in service. Symptoms reappeared today.

Ran ADW (log attached). MalwareBytes finds only a few PUP.Optionals (found in Temporary Internet files)

Other than a few tracking cookies, Windows Defender and HitmanPro show clear.

Cannot get dds.scr to run in Win 8.1; errors out with: "DDS is not meant to run in Compatibility Mode"

Putting the PC back in service though I suspect the popup will come back

My computer has been running very slowly. I do not usually login as an administrator but when I did today I discovered that the homepage for that account has been captured by Vosteran.
The Internet connection symbol had disappeared from its bar only in that account.
I do not have a Windows install or boot disc..
Help please.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.40.2
Run by Mia at 10:03:43 on 2015-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.448 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Cyberlink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\joal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\CompatTelRunner.exe
C:\Users\joal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vosteran.com/?f=1&a=vst_dnldstr_15_03_ch&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyD0Bzy0FyC0FtDtBtA0FtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FyD0FzytBtAtAtGzztA0BzztGzz0FtDyDtG0FtCyBzztGyB0AtA0FyByEtDzztD0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0EyEyBzyyB0AtGtC0ByD0EtGyEyEtByDtG0AtAtA0EtG0DyE0DzztD0FyC0BtC0EtAyE2Q&cr=1445048292&ir=
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z3101&r=17360312a107pe408y105w48m1v83p
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\16C67656272797 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\2656C6B696E6E2666603 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\3796D6D6F6E637 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-6-10 226784]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-14 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-2-20 376184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-23 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 172344]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-7-7 314304]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-5 1871160]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-10-15 243232]
R2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [2015-7-20 1842576]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-30 25816]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-5 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-3 327296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-21 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-5 136408]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-5 63704]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-28 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-28 1255736]
.
=============== Created Last 30 ================
.
2015-08-04 17:04:23 -------- d--h--w- C:\$Windows.~BT
2015-08-04 09:19:16 -------- d-----w- C:\Users\Mia\AppData\Local\Skype
2015-07-28 11:38:18 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 11:38:17 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 11:38:17 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 11:38:17 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 11:38:17 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 11:38:17 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 11:38:16 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 11:38:16 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-21 16:29:26 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-21 16:28:44 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-21 16:28:44 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-21 16:28:44 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-21 16:28:43 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-21 16:28:43 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-21 16:28:43 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-21 16:28:43 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-21 16:28:43 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-21 16:28:42 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-21 16:28:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-21 16:28:42 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-21 16:28:42 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-21 16:28:00 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-07-21 10:15:22 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-20 10:07:47 6420480 ----a-w- C:\Program Files (x86)\GUT2BA2.tmp
2015-07-20 10:07:47 -------- d-----w- C:\Program Files (x86)\GUM2BA1.tmp
.
==================== Find3M ====================
.
2015-08-04 09:38:21 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-20 10:06:03 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-20 10:06:02 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 03:19:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-15 03:19:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-15 03:19:46 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-15 03:19:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-15 02:55:37 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-15 02:55:35 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-15 02:55:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-15 02:54:33 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-15 01:59:42 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-15 01:52:35 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-26 08:49:10 293296 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-24 00:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-16 14:55:04 259040 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-06-10 15:38:48 226784 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-06-02 17:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
.
============= FINISH: 10:05:53.09 ===============

Attached Files

Attach.text.txt (8.3 KB)

Today my laptop became infected with a load of malware, I have tried all the online programs to remove them, although the programs detect them they seem to be unable to remove them,

I appear to have Offers4U and Great Find, to say it is doing my head in is putting it mildly :angry: looks like Ad Choices is there as well

I have attached the two files as per your instructions, I hope I did that part right.

I hope someone can help as I do not really want to format and reload windows

Thanking you in advance

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16384
Run by Niki at 23:49:24 on 2015-08-05
Microsoft Windows 10 Home 10.0.10240.0.1252.44.2057.18.6034.3150 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\Hpservice.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Niki\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Users\Niki\AppData\Local\Temp\ocr3A16.tmp\bin\rubyw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\Niki\AppData\Local\Temp\ocr652A.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Niki\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [OneDrive] "C:\Users\Niki\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Private Internet Access] "C:\Program Files\pia_manager\pia_manager.exe" --startup
uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6c56b12a-c2a3-4c45-98ee-460bf74c5baa} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DF6DF812-8E09-46B5-8A17-6908E0623FFA} : DHCPNameServer = 209.222.18.222 209.222.18.218
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2015-2-13 65224]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2015-2-13 274808]
R0 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-7-10 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2015-2-13 1048856]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2015-2-13 447944]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2015-2-13 28656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2015-2-13 90968]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2015-2-13 150672]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-1 146600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2015-8-5 127752]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2012-8-23 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-2 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-11-2 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-2 165760]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-8-5 1026944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-7-17 246472]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-2 364416]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2015-8-5 15920]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-5-3 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-7-17 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 RapportHades64;RapportHades64;C:\WINDOWS\System32\drivers\RapportHades64.sys [2015-2-23 121432]
S0 RapportKE64;RapportKE64;C:\WINDOWS\System32\drivers\RapportKE64.sys [2015-2-23 376184]
S1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-7-12 917112]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-2 14904]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-5-3 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 EraserUtilDrv11411;EraserUtilDrv11411;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [2015-2-13 142640]
S3 EsgScanner;EsgScanner;C:\WINDOWS\System32\drivers\EsgScanner.sys [2015-8-5 22704]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-9-28 650808]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-5-3 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2015-2-23 266328]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-30 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-30 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-8-25 41272]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-7-10 78688]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-30 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-7-10 685056]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-08-05 21:55:03 16148 ----a-w- C:\WINDOWS\System32\NIKI_Niki_HistoryPrediction.bin
2015-08-05 21:37:15 -------- d-----w- C:\Program Files\HitmanPro
2015-08-05 21:36:09 -------- d-----w- C:\ProgramData\HitmanPro
2015-08-05 20:34:39 -------- d-----w- C:\Users\Niki\AppData\Roaming\Enigma Software Group
2015-08-05 20:34:32 -------- d-----w- C:\sh4ldr
2015-08-05 20:34:06 22704 ----a-w- C:\WINDOWS\System32\drivers\EsgScanner.sys
2015-08-05 20:34:00 -------- d-----w- C:\Program Files\Enigma Software Group
2015-08-05 16:17:06 -------- d-----w- C:\AdwCleaner
2015-08-05 16:15:15 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-08-01 16:29:30 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7527174-960A-4287-870B-9A644D1339B3}\mpengine.dll
2015-08-01 16:13:55 43112 ----a-w- C:\WINDOWS\avastSS.scr
2015-07-31 21:18:40 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2015-07-31 16:53:43 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-07-31 15:15:17 -------- d-----w- C:\Users\Niki\AppData\Roaming\FlashgetSetup
2015-07-31 15:15:17 -------- d-----w- C:\Users\Niki\AppData\Roaming\BITS
2015-07-31 15:15:14 -------- d-----w- C:\Users\Niki\AppData\Roaming\FlashGetBHO
2015-07-31 15:15:10 -------- d-----w- C:\Users\Niki\AppData\Roaming\FlashGet
2015-07-31 15:15:10 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2015-07-31 14:10:39 -------- d-----w- C:\Users\Niki\AppData\Local\JDownloader v2.0
2015-07-30 22:21:28 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B693F6D-218D-4431-9065-68E7D01AE471}\gapaengine.dll
2015-07-30 22:19:26 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-07-30 21:39:35 -------- d-----w- C:\Users\Niki\AppData\Local\MicrosoftEdge
2015-07-30 20:42:29 -------- d-----w- C:\Users\Niki\AppData\Local\NetworkTiles
2015-07-30 20:20:11 -------- d-sh--w- C:\Recovery
2015-07-30 20:20:03 -------- dc----w- C:\WINDOWS\Panther
2015-07-30 20:12:25 -------- d-----w- C:\Windows.old
2015-07-30 20:11:53 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-07-30 20:06:56 -------- d-----w- C:\Users\Niki\AppData\Local\Comms
2015-07-30 20:06:09 -------- d-----w- C:\Users\Niki\AppData\Local\TileDataLayer
2015-07-30 20:01:33 -------- d-----w- C:\inetpub
2015-07-30 20:00:38 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-07-30 20:00:38 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-07-30 20:00:38 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 20:00:34 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-07-30 20:00:34 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 20:00:34 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-07-30 19:52:06 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-07-30 19:48:33 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-07-30 19:32:21 -------- d--h--w- C:\Users\Niki\AppData
2015-07-30 19:32:21 -------- d-----w- C:\Users\Niki\AppData\Local\Temp
2015-07-30 19:32:21 -------- d-----w- C:\Users\Niki\AppData\Local\Microsoft
2015-07-30 19:27:53 -------- d-----w- C:\WINDOWS\SysWow64\sda
2015-07-30 19:27:16 6085632 ----a-w- C:\WINDOWS\System32\stlang64.dll
2015-07-30 19:27:16 426328 ----a-w- C:\WINDOWS\System32\EED64A.dll
2015-07-30 19:27:16 3308376 ----a-w- C:\WINDOWS\System32\EEP64A.dll
2015-07-30 19:27:16 1821184 ----a-w- C:\WINDOWS\System32\IDTNC64.cpl
2015-07-30 19:27:16 1664000 ----a-w- C:\WINDOWS\sttray64.exe
2015-07-30 19:27:16 136024 ----a-w- C:\WINDOWS\System32\EEL64A.dll
2015-07-30 19:27:16 118104 ----a-w- C:\WINDOWS\System32\EEA64A.dll
2015-07-30 19:27:14 -------- d-----w- C:\WINDOWS\System32\SRSLabs
2015-07-30 19:27:00 -------- d-----w- C:\Program Files\IDT
2015-07-30 19:26:32 -------- d-----w- C:\Program Files\Synaptics
2015-07-26 12:47:08 -------- d-----w- C:\Users\Niki\AppData\Local\Diagnostics
2015-07-21 17:36:01 -------- d-----w- C:\Users\Niki\AppData\Local\CEF
2015-07-17 06:51:48 1804696 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01011.dll
2015-07-17 06:51:46 764616 ----a-w- C:\WINDOWS\System32\SynCOM.dll
2015-07-17 06:51:46 614088 ----a-w- C:\WINDOWS\System32\drivers\SynTP.sys
2015-07-17 06:51:46 42696 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel_Aux.sys
2015-07-17 06:51:46 42696 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
2015-07-17 06:51:46 42184 ----a-w- C:\WINDOWS\System32\drivers\Smb_driver_AMDASF_Aux.sys
2015-07-17 06:51:46 419528 ----a-w- C:\WINDOWS\SysWow64\SynCom.dll
2015-07-17 06:51:46 269000 ----a-w- C:\WINDOWS\System32\SynTPAPI.dll
2015-07-17 06:51:46 255688 ----a-w- C:\WINDOWS\System32\SynTPCo31.dll
2015-07-10 16:49:51 -------- d--h--w- C:\$Windows.~BT
2015-07-10 16:29:07 -------- d-----w- C:\WINDOWS\ShellNew
2015-07-10 16:29:07 -------- d-----w- C:\Program Files\Windows Journal
2015-07-10 16:26:36 -------- d-----w- C:\WINDOWS\OCR
2015-07-10 16:26:16 -------- d-----w- C:\WINDOWS\SKB
2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\en-US
2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\DigitalLocker
2015-07-10 12:22:52 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin
2015-07-10 12:22:45 -------- d-----w- C:\ProgramData\USOShared
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2015-07-10 12:21:38 -------- d-sh--we C:\ProgramData\Documents
2015-07-10 12:21:38 -------- d-sh--we C:\Documents and Settings
2015-07-10 12:20:42 -------- d-----w- C:\WINDOWS\ServiceProfiles
2015-07-10 12:20:38 -------- d-s---w- C:\WINDOWS\System32\Microsoft
2015-07-10 11:06:25 -------- d-----w- C:\WINDOWS\Setup
2015-07-10 11:06:01 792568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-07-10 11:06:01 178168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-07-10 11:03:58 -------- d-----w- C:\WINDOWS\System32\drivers
2015-07-10 11:02:54 -------- d-----w- C:\WINDOWS\INF
2015-07-10 11:00:42 567296 ----a-w- C:\WINDOWS\System32\msTextPrediction.dll
2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\RpcNs4.dll
2015-07-10 10:55:34 -------- d-----w- C:\WINDOWS\CbsTemp
.
==================== Find3M ====================
.
2015-08-05 19:49:30 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-08-01 16:14:04 150672 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2015-08-01 16:14:03 90968 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2015-08-01 16:14:03 65224 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2015-08-01 16:14:03 28656 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2015-08-01 16:14:03 274808 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2015-08-01 16:14:02 93528 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2015-08-01 16:13:36 1048856 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2015-07-30 20:01:26 55808 ----a-w- C:\WINDOWS\System32\admwprox.dll
2015-07-30 20:01:26 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2015-07-30 20:01:26 202240 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2015-07-30 20:01:26 18432 ----a-w- C:\WINDOWS\System32\iisreset.exe
2015-07-30 20:01:26 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2015-07-30 20:01:26 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2015-07-30 20:01:24 50688 ----a-w- C:\WINDOWS\SysWow64\admwprox.dll
2015-07-30 20:01:24 26112 ----a-w- C:\WINDOWS\SysWow64\ahadmin.dll
2015-07-30 20:01:24 168960 ----a-w- C:\WINDOWS\SysWow64\iisRtl.dll
2015-07-30 20:01:24 16896 ----a-w- C:\WINDOWS\SysWow64\iisreset.exe
2015-07-30 20:01:24 11264 ----a-w- C:\WINDOWS\SysWow64\wamregps.dll
2015-07-30 20:01:24 10240 ----a-w- C:\WINDOWS\SysWow64\iisrstap.dll
2015-07-10 16:29:02 800256 ----a-w- C:\WINDOWS\System32\mblctr.exe
2015-07-10 16:29:02 276992 ----a-w- C:\WINDOWS\System32\umrdp.dll
2015-07-10 16:29:02 26112 ----a-w- C:\WINDOWS\System32\drivers\rdpbus.sys
2015-07-10 16:29:02 2533888 ----a-w- C:\WINDOWS\SysWow64\InkAnalysis.dll
2015-07-10 16:29:01 48640 ----a-w- C:\WINDOWS\System32\RotMgr.dll
2015-07-10 16:29:01 48128 ----a-w- C:\WINDOWS\System32\hwrcomp.exe
2015-07-10 16:29:01 38752 ----a-w- C:\WINDOWS\System32\drivers\terminpt.sys
2015-07-10 16:29:01 1949696 ----a-w- C:\WINDOWS\System32\SensorsCpl.dll
2015-07-10 16:29:01 184832 ----a-w- C:\WINDOWS\System32\hwrreg.exe
2015-07-10 16:29:00 274224 ----a-w- C:\WINDOWS\SysWow64\rdpendp.dll
2015-07-10 16:29:00 1949696 ----a-w- C:\WINDOWS\SysWow64\SensorsCpl.dll
2015-07-10 16:26:15 2629632 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2015-07-10 16:26:14 6358016 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2015-07-10 16:26:14 5739520 ----a-w- C:\WINDOWS\System32\prm0009.dll
2015-07-10 16:26:14 4847104 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2015-07-10 16:26:14 2629632 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2015-07-10 16:25:21 12288 ----a-w- C:\WINDOWS\SysWow64\drivers\en-GB\NdisImPlatform.sys.mui
2015-07-10 16:25:20 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2015-07-10 16:25:20 7168 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2015-07-10 16:25:20 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2015-07-10 16:25:20 3072 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-GB\SensorsCx.dll.mui
2015-07-10 11:02:43 208384 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2015-07-10 11:02:41 229888 ----a-w- C:\WINDOWS\System32\msclmd.dll
2015-07-10 11:00:41 394240 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\mtxex.dll
2015-07-10 09:07:55 141824 ----a-w- C:\WINDOWS\System32\poqexec.exe
2015-07-10 09:07:53 118272 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2015-07-10 09:05:37 897024 ----a-w- C:\WINDOWS\System32\SmiEngine.dll
2015-07-10 09:05:37 618272 ----a-w- C:\WINDOWS\System32\sxs.dll
2015-07-10 09:05:37 36864 ----a-w- C:\WINDOWS\System32\sxstrace.exe
2015-07-10 09:05:37 254816 ----a-w- C:\WINDOWS\System32\wdscore.dll
2015-07-10 09:05:37 243040 ----a-w- C:\WINDOWS\System32\cmipnpinstall.dll
2015-07-10 09:05:37 202240 ----a-w- C:\WINDOWS\System32\PkgMgr.exe
2015-07-10 09:05:37 135520 ----a-w- C:\WINDOWS\System32\SSShim.dll
2015-07-10 09:05:33 207200 ----a-w- C:\WINDOWS\SysWow64\wdscore.dll
2015-07-10 09:05:33 199168 ----a-w- C:\WINDOWS\SysWow64\PkgMgr.exe
2015-07-10 09:05:33 111456 ----a-w- C:\WINDOWS\SysWow64\SSShim.dll
2015-07-10 09:05:30 191840 ----a-w- C:\WINDOWS\SysWow64\cmipnpinstall.dll
2015-07-05 10:08:23 300704 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-06-18 07:42:02 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-06-18 07:41:44 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-06-18 07:41:40 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-06-05 01:13:02 9898752 ----a-w- C:\WINDOWS\SysWow64\RsCRIcon.dll
2015-06-05 01:12:54 91904 ----a-w- C:\WINDOWS\System32\RtCRX64.dll
2015-06-05 01:12:54 310528 ----a-w- C:\WINDOWS\System32\drivers\RtsP2Stor.sys
2015-06-02 17:41:06 376184 ----a-w- C:\WINDOWS\System32\drivers\RapportKE64.sys
2015-06-02 17:41:06 121432 ----a-w- C:\WINDOWS\System32\drivers\RapportHades64.sys
2015-06-01 20:01:16 544552 ----a-w- C:\WINDOWS\System32\iglhsip64.dll
2015-06-01 20:01:16 11223896 ----a-w- C:\WINDOWS\SysWow64\igdumd32.dll
2015-06-01 20:01:14 231312 ----a-w- C:\WINDOWS\System32\iglhcp64.dll
2015-06-01 20:01:14 194880 ----a-w- C:\WINDOWS\SysWow64\iglhcp32.dll
2015-06-01 20:01:14 13059896 ----a-w- C:\WINDOWS\System32\igd10umd64.dll
2015-06-01 20:01:14 12814752 ----a-w- C:\WINDOWS\System32\igdumd64.dll
2015-06-01 20:01:14 11352688 ----a-w- C:\WINDOWS\SysWow64\igd10umd32.dll
2015-06-01 20:01:14 1067696 ----a-w- C:\WINDOWS\System32\igfxcmrt64.dll
2015-06-01 20:01:12 957472 ----a-w- C:\WINDOWS\SysWow64\igfxcmrt32.dll
2015-06-01 20:01:12 539312 ----a-w- C:\WINDOWS\SysWow64\iglhsip32.dll
2015-06-01 20:01:10 41288 ----a-w- C:\WINDOWS\System32\igfxexps.dll
2015-06-01 18:46:58 272928 ----a-w- C:\WINDOWS\SysWow64\igvpkrng600.bin
2015-06-01 18:46:58 272928 ----a-w- C:\WINDOWS\System32\igvpkrng600.bin
2015-06-01 18:45:24 963452 ----a-w- C:\WINDOWS\SysWow64\igcodeckrng600.bin
2015-06-01 18:45:24 963452 ----a-w- C:\WINDOWS\System32\igcodeckrng600.bin
2015-05-25 13:23:31 36864 ----a-w- C:\WINDOWS\System32\UtcResources.dll
.
============= FINISH: 23:53:47.54 ===============

Attached Files

	attach.txt (21.6 KB)
	dds.txt (36.2 KB)