I downloaded a virus I guess and it's taking over my laptop. when I ran the AVG it said it detected a Trojan horse generic and it can't remove it. its called shopperz and I can't uninstall it either. whenever I start up windows it said personalized something and it removed the BG that I had, the internet explorer is not the homepage I want.

I was trying to download a program and apparently it downloaded a virus instead and now its ruining my laptop. when I ran the AVG it said it detected 3 malware called shopperz but it can't remove it.
when I start my computer it will say personalized something and it's as if it changed my settings.

Attached Files

	attach.txt (18.7 KB)
	dds.txt (36.3 KB)

Hi, I'm Steve. I am really hoping someone can help with this problem...

On Wednesday night I logged on to my laptop to be greeted by what seemed to be some kind of malware. I've had malware problems on this machine a couple times in the last 2 years, both were standard police ones that covered the screen and demanded payment of some sort. This time, it was a screen that had a very weird, almost fractal-like design, taking up my whole screen. In the bottom left corner was a little box that appeared to show a parson on a webcam wearing a sheep mask. I immediately turned off the laptop and left it until the next day, I was a little freaked out tbh.

Yesterday I didn't log back in to my laptop, but attempted to use my Kaspersky rescue disc that I have used before to detect malware. After a 4 hour scan of all drives/files nothing was found. I then attempted a system restore to a set point a couple of weeks ago but this failed to work.

This morning I have logged back in but the screen that was there before is now gone and I seem to have full access to all my files and programs. I've downloaded Malwarebytes and run a scan, which found about 94 non-malware threats. I have deleted all of these.

I have Windows defender running all the time, and I did not notice anything strange the last time I used my laptop before seeing the weird sheep-screen. So I'm not sure how it would have got on there. Last time I had a malware problem I ended up resetting my entire laptop and losing everything I had on it, which I really don't want to do again. I have a lot of files I want to keep, but am apprehensive about copying them to a USB in case any viruses or whatever get on it too.

I would reeeeaaally appreciate some help on this. Thanks!

PS I will avoid accessing any sites that require me to enter log in details etc until I know I'm safe :)

PPS The laptop is a Sony Vaio and runs Windows 8.

i use Firefox in Windows7 64bit. i found out about a week ago that my browser was extremely slow, was opening loads of new tabs, was turning text into links, and was continually trying to redirect me. i saw the name 'search.protectio.com' on a tab so i decided that it what i have, though of course that may not be all of it.

i followed these instructions here hxxp://blog.mitechmate.com/how-to-get-rid-of-search-protectedio-co/, but i didn't manage to find the thing, the closest i got was seeing it in the firefox settings as a listed search provider, which i 'removed' (though obviously not). as per the instructions, i changed my DNS, made files visible, disabled some stuff in task manager, went looking for the bad guys in my windows files (no findings) and searched in regedit (no findings) and i reset the browser itself after deleting it and re-installing a fresh copy. then i put the things that i changed back to normal and it's just the same. tried this twice now over a couple of days.

i read the 'NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help' instructions thread at your site, did my backup, removed all but one antivirus (AVG) and downloaded that DDS. i saw this: "Disable any script blocker, and then double click dds.scr to run the tool" but i don't understand the first part so i'm sorry but i didn't do that.

i am posting this from another computer, which is uninfected. i downloaded DDS to this computer, and used a USB stick to move it across, and to move the two text files back.

that's it. below this line i will paste the contents of dds.txt, and i hope i attached the attach.txt properly. i do not have access to a Windows Install disc, or a Boot CD, the laptop came with Windows preloaded when i bought it.
dan the noob
____________________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909
Run by Dan at 21:07:23 on 2015-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4087.1833 [GMT 1:00]
.
AV: AVG Internet Security 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AFC Secure Net\privoxy.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = 127.0.0.1:8118
mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SecureWebBHO Class: {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\AFC Secure Net\itie.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3EB17ACE-113F-43B0-BEFF-21748F613B4F} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\357796C6C616E64602D496C6C60275966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\35B4954433345333 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\4516C6B64516C6B6532303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4465BD2E-0C80-4343-AEA8-9676E1A8AFE2}\E4544574541425 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\y8pxjsa7.default-1438951276976\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-7-28 245680]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-7 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2015-6-7 376184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2015-7-9 77760]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-7-28 312752]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-26 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-2-8 35104]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-4 352144]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-21 140712]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 Bootloader;Driver for WisAir Bootloader Device;C:\Windows\System32\drivers\Bootloader.sys [2009-7-21 45056]
S3 DLCopyFilter;DLCopyFilter;C:\Windows\System32\drivers\WSR_TBF.sys [2010-11-5 38912]
S3 DWA;Wireless USB Device Adapter;C:\Windows\System32\drivers\WSR_DWA.SYS [2009-12-22 531456]
S3 hwa;Wireless USB Host Adapter;C:\Windows\System32\drivers\WSR_HWA.SYS [2009-12-22 891904]
S3 HWARadio;Wireless USB Host Radio;C:\Windows\System32\drivers\WSR_RCI.SYS [2009-12-22 155648]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
.
=============== Created Last 30 ================
.
2015-08-07 13:02:18 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
2015-08-06 19:01:57 -------- d-----w- C:\temp
2015-08-06 18:47:34 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-03 17:20:42 -------- d-----w- C:\Intel
2015-08-02 17:09:17 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-02 07:24:06 -------- d-sh--w- C:\found.000
2015-08-01 16:28:40 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2015
2015-08-01 16:25:24 -------- d--h--w- C:\$AVG
2015-08-01 16:25:24 -------- d-----w- C:\ProgramData\AVG2015
2015-08-01 16:16:41 -------- d-----w- C:\Users\Dan\AppData\Local\Avg2015
2015-07-31 14:19:22 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-28 10:02:14 312752 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-07-28 10:01:38 245680 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-07-28 09:53:43 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 09:53:41 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 09:53:41 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 09:53:40 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 09:53:40 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 09:53:39 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 09:53:33 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 09:53:33 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-23 09:21:01 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-23 09:21:00 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-23 09:21:00 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-23 09:20:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-23 09:20:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-23 09:20:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-23 09:20:58 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-23 09:20:58 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-23 09:20:58 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-23 09:20:57 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-19 08:46:34 -------- d-----w- C:\Users\Dan\AppData\Local\CEF
2015-07-15 07:55:12 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-07-15 07:55:11 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-07-15 07:54:21 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-15 07:54:20 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-15 07:54:11 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-07-15 07:54:04 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-07-15 07:54:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-07-15 07:51:25 -------- d-----w- C:\Program Files\iPod
2015-07-15 07:50:57 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-07-15 07:47:05 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-07-15 07:47:03 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-15 07:44:37 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-15 07:44:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-15 07:44:33 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-15 07:44:31 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-15 07:44:29 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-15 07:44:29 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-15 07:44:26 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-15 07:44:26 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-15 07:44:25 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 07:44:24 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 07:44:24 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-15 07:44:23 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 07:43:04 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-15 07:43:04 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-15 07:43:03 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-15 07:43:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-15 07:43:00 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-10 13:39:22 -------- d--h--w- C:\$Windows.~BT
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-07-10 08:11:53 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-07-09 06:11:56 77760 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
.
==================== Find3M ====================
.
2015-08-07 09:04:57 73728 ----a-w- C:\Windows\SysWow64\tasks.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-15 09:44:27 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 09:44:27 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 00:01:52 1202856 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-16 23:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-16 23:23:50 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2015-06-16 14:55:04 259040 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-06-11 17:57:36 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-06-11 17:57:35 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-06-11 17:57:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-11 17:56:55 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-06-11 17:56:55 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-06-02 17:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2015-06-02 17:41:06 121432 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-05-25 18:19:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-05-25 18:19:13 1255424 ----a-w- C:\Windows\System32\diagtrack.dll
2015-05-25 18:19:10 879104 ----a-w- C:\Windows\System32\tdh.dll
2015-05-25 18:19:09 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-05-25 18:19:09 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-05-25 18:19:09 113664 ----a-w- C:\Windows\System32\sechost.dll
2015-05-25 18:19:04 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-05-25 18:19:02 424960 ----a-w- C:\Windows\System32\KernelBase.dll
.
============= FINISH: 21:14:50.72 ===============

Attached Files

Attach.txt (12.5 KB)

Hi!

i just downloaded and ran the DDS application but don't see a DDS Log on my desktop, only the attach file.

Where else can I look for it?

The issue started yesterday after i received a bluescreen, not IE isn't working nor is avast, I can use firefox.

Please advise on how I can find the DDS log to post here.

Thanks in advance for any help you can provide! :)

Attached Files

attach.txt (1.8 KB)

I first noticed my laptop slowing down - taking forever to start up, taking forever to load Outlook, etc. I have Vipre Antivirus which has not picked up any problems. Then I noticed that it is attempting to install updates that are consistently failing. Now in the last few days it's either hanging up as I type, types very slowly after I have finished typing, or the cursor is jumping around on the line as I type. I have also noticed that a number of words on a website will have a blue double underline that opens up some type of ad window. Something, or a number of somethings, appears to have gotten in here but it's nothing that Vipre is picking up - HELP! and thank you in advance :)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 10.25.2
Run by Lisa at 13:52:38 on 2015-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1299 [GMT -4:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxedserv.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\AOL\1341944380\ee\aolsoftware.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mail.cbpp.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.cbpp.com%2fowa%2f
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSG.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2AJ230G705RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [cdloader] "C:\Users\Lisa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Akamai NetSession Interface] "C:\Users\Lisa\AppData\Local\Akamai\netsession_win.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1341944380\ee\AOLSoftware.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [(default)] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Lisa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\Lisa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Lisa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{2796DD5C-2AB6-466C-8462-0D8ADA400634} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{2796DD5C-2AB6-466C-8462-0D8ADA400634}\2656C6B696E6E2531363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2796DD5C-2AB6-466C-8462-0D8ADA400634}\84F6D656F575966496 : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{2796DD5C-2AB6-466C-8462-0D8ADA400634}\E4544574541425137373D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2796DD5C-2AB6-466C-8462-0D8ADA400634}\E45445745414256353 : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{5C62C3BE-40A8-4D4A-9410-FB30FF40F3BE} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{ED2A24F0-C6B3-43D4-89F9-5E3385B0F001} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [lxedmon.exe] "C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\vww5ykk9.default-1430087528542\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1211151.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-14 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-22 98208]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1414128]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-6-9 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 lxed_device;lxed_device;C:\Windows\System32\lxedcoms.exe -service --> C:\Windows\System32\lxedcoms.exe -service [?]
R2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxedserv.exe [2013-7-17 45736]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-5 3937472]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-18 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-5 176016]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-14 1692480]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-6-11 20648]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-5-28 5491984]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-12-19 93040]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-14 2320920]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-14 172704]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-22 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-22 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-22 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-18 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-22 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-28 136048]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-18 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-3 327296]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-28 136048]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-6-25 349728]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-6-25 209952]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-11-9 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-7-24 31264]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2013-2-16 40320]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-18 63704]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
S3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0;PCDSRVC{3B54B31B-D06B6431-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell\SupportAssist\pcdsrvc_x64.pkms [2015-5-19 25584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-8-5 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 220672]
S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-8-5 56832]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-08 16:27:34 298664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\rep6650.tmp
2015-08-06 15:38:28 -------- d-----w- C:\Windows\CheckSur
2015-08-06 15:20:17 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-08-06 15:20:16 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-08-06 15:20:16 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-08-06 15:20:01 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-08-06 15:20:01 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-08-06 15:20:00 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-08-06 15:20:00 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-06 15:20:00 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-08-06 15:20:00 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-08-06 15:20:00 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-08-06 15:19:40 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-08-05 16:00:04 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-08-05 16:00:04 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-08-05 16:00:03 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-08-05 16:00:03 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-08-05 16:00:03 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-08-05 16:00:03 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-08-05 16:00:03 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-08-05 16:00:03 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-08-05 16:00:03 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-08-05 16:00:03 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-08-05 16:00:03 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-08-05 15:59:18 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-08-05 15:59:17 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-08-05 15:59:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-08-05 15:55:56 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-05 15:36:29 -------- d-----w- C:\Windows\pss
2015-07-28 16:32:02 -------- d-----r- C:\Users\Lisa\Dropbox
2015-07-28 16:21:21 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-07-26 12:56:34 -------- d-----w- C:\Program Files (x86)\Dell Update
2015-07-22 19:03:47 -------- d-----w- C:\Users\Lisa\AppData\Local\tjnet
2015-07-22 12:55:00 -------- d-----w- C:\Users\Lisa\AppData\Local\magicJack
2015-07-21 13:29:16 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-21 13:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-21 13:29:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-21 13:29:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-21 13:29:15 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-21 13:29:15 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-21 13:29:15 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-21 13:29:15 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-21 13:29:15 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-21 13:29:15 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-16 01:43:36 -------- d-----w- C:\Program Files\iPod
2015-07-16 01:43:36 -------- d-----w- C:\Program Files (x86)\iTunes
2015-07-16 01:43:35 -------- d-----w- C:\Program Files\iTunes
2015-07-15 16:12:52 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-15 03:47:40 -------- d-----w- C:\defd56a777ede66028b682788cf966
2015-07-15 02:08:12 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-07-15 02:08:00 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-15 02:08:00 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-15 02:07:59 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-15 02:07:59 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-15 01:41:58 814280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-07-15 01:40:53 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-11 23:43:18 -------- d-----w- C:\Users\Lisa\Tracing
.
==================== Find3M ====================
.
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-15 02:23:36 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 02:23:36 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-26 20:39:01 659440 ----a-w- C:\Windows\couponprinter_x64.ocx
2015-06-26 20:39:01 444912 ----a-w- C:\Windows\CouponPrinter.ocx
2015-06-24 05:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-17 04:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-17 04:23:50 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2015-06-15 21:50:42 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-15 21:45:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-06-15 21:45:42 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-06-15 21:45:34 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-06-15 21:45:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-06-15 21:44:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-06-15 21:43:35 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-06-15 21:42:49 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
.
============= FINISH: 13:55:17.82 ===============

Attached Files

attach.txt (13.8 KB)

Hey there,

I ran a "quick scan" with Microsoft Security Essentials, and it found a trojan (Win32/Kovter.C!reg). It removes it apparently successfully, but upon scanning again it will find exactly the same trojan. I ran dds, what should I do now?¨

MSE screencap:



DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.31.2
Run by Mom at 21:10:07 on 2015-08-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3894.2105 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Mom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{394329BF-2D3B-4468-A7DD-AF1FAB398EDA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\463766D25313430353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\6796277696E6D65646961613239333931373 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\E474237657563747 : DHCPNameServer = 10.64.8.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\csjr5mn3.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R1 MpKsl958ccaaf;MpKsl958ccaaf;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys [2015-8-8 44928]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-6-20 1225832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124568]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-1 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-1 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-1-27 14464]
S4 LULU Software CrashHandler;LULU Software CrashHandler;"C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe" --> C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [?]
S4 Soda PDF 6;Soda PDF 6;"C:\Program Files (x86)\Soda PDF 6\ws.exe" --> C:\Program Files (x86)\Soda PDF 6\ws.exe [?]
.
=============== Created Last 30 ================
.
2015-08-08 19:30:33 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\offreg.836.dll
2015-08-08 19:30:31 44928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys
2015-08-08 06:02:58 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E39BF95-F2CC-4DA7-9A64-2CE1E2E3F167}\gapaengine.dll
2015-08-08 06:00:48 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\mpengine.dll
2015-08-07 06:13:17 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-28 07:46:34 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 07:46:33 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 07:46:33 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 07:46:33 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 07:46:33 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 07:46:33 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 07:46:30 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 07:46:30 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-21 15:53:31 -------- d-----r- C:\Program Files (x86)\Skype
2015-07-21 06:48:26 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-21 06:48:26 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-21 06:48:26 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-21 06:48:25 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-21 06:48:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-21 06:48:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-21 06:48:25 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-21 06:48:25 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-21 06:48:25 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-21 06:48:25 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-15 08:22:56 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-07-15 08:21:54 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-15 08:21:54 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-15 08:21:53 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-15 08:21:53 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-15 08:21:53 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-15 08:21:53 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-15 08:21:53 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-15 08:21:52 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 08:21:52 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 08:21:52 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-15 08:21:52 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 08:21:52 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-10 13:39:12 -------- d--h--w- C:\$Windows.~BT
.
==================== Find3M ====================
.
2015-07-15 17:41:49 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 17:41:48 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-05 10:08:23 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-24 00:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-11 17:57:36 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-06-11 17:57:35 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-06-11 17:57:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-11 17:56:55 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-06-11 17:56:55 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-06-11 17:56:55 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-06-11 13:15:53 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-06-02 00:07:15 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-06-01 23:47:09 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
.
============= FINISH: 21:11:53.43 ===============

Attached Files

attach.txt (12.3 KB)

Hey all,

Working on my father's computer here. He seems to have acquired a virus that seems to have locked down his account. Most software cannot be run, with the message that a "System administrator has blocked this program".

However, he is the sole user of the computer, and his account was previously an administrator. dds.scr was blocked, as was Adwcleaner. CKScanner and Addition.txt from Farbar are attached, and here is the results from Farbar scan:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by j (ATTENTION: The logged in user is not administrator) on OFFICE (31-07-2015 20:33:35)
Running from C:\Users\j\Downloads
Loaded Profiles: j (Available Profiles: j & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\j\Downloads\CKScanner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1069008 2015-04-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5214632 2015-07-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [66592 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2087968 2014-06-18] (Prosoftnet)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [cdloader] => C:\Users\j\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [GoogleChromeAutoLaunch_C0A832FBA3DE88C6BCC073377A7A221F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [IDriveE Startup] => C:\Program Files (x86)\IDriveWindows\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\Run: [EZBack-it-up Tray Scheduler] => C:\Program Files (x86)\EZBackitup\EZBkuptray.exe [631808 2004-06-03] (Rob Decker)
HKU\S-1-5-21-632300625-746590880-1275724836-1001\...\RunOnce: [731_20217191549542] => C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat [315 2015-07-31] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-04-23] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk [2015-07-10]
ShortcutTarget: IDrive Tray.lnk -> C:\Program Files (x86)\IDriveWindows\IDriveEReg2ini.exe (Pro Softnet Corp.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2014-06-07]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2014-06-17]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2014-06-04] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-632300625-746590880-1275724836-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo
SearchScopes: HKLM -> DefaultScope {FBA36C0E-C9FF-4FD4-8CAA-B9AA29E57530} URL =
SearchScopes: HKU\S-1-5-21-632300625-746590880-1275724836-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={7467A24A-5B2C-4180-8D92-E720EAD0F19B}&mid=1bdba7c42b7f47d29d3fa56eac2caf71-ebf86914f6fb165e48b0cd37ac6633f0732966a8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-15 07:27:40&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-10] (LastPass)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2679E3FB-136B-48B7-B542-56F601391BA8}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default
FF SelectedSearchEngine: Taplika
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-06-16] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components Test\npIPcam.dll [2014-02-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-06-16] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-632300625-746590880-1275724836-1001: electronicarts.com/GameFacePlugin -> C:\Users\j\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: LastPass - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\awp1ujr3.default\Extensions\support@lastpass.com [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\j\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Google Search) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (Gmail) - C:\Users\j\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [955856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-03] (AVG Technologies CZ, s.r.o.)
S2 BlueIris; C:\Program Files\Blue Iris 4\BlueIrisService.exe [59776 2014-09-03] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 IDriveE Service; C:\Program Files (x86)\IDriveWindows\IDriveE Service.exe [158264 2013-05-20] (Pro Softnet Corporation)
S2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [95776 2014-06-18] (Prosoftnet)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5808432 2015-06-24] (MediaMall Technologies, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\j\AppData\Local\Temp\7zS51F9\hpslpsvc64.dll [X]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
S3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:33 - 2015-07-31 20:34 - 00023841 _____ C:\Users\j\Downloads\FRST.txt
2015-07-31 20:33 - 2015-07-31 20:33 - 02168832 _____ (Farbar) C:\Users\j\Downloads\FRST64.exe
2015-07-31 20:33 - 2015-07-31 20:33 - 00000000 ____D C:\FRST
2015-07-31 20:32 - 2015-07-31 20:32 - 02248704 _____ C:\Users\j\Downloads\AdwCleaner.exe
2015-07-31 20:32 - 2015-07-31 20:32 - 00468480 _____ () C:\Users\j\Downloads\CKScanner.exe
2015-07-31 20:30 - 2015-07-31 20:30 - 00688992 _____ (Swearware) C:\Users\j\Downloads\dds.scr
2015-07-31 20:15 - 2015-07-31 20:15 - 00000315 _____ C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2015-07-31 20:02 - 2015-07-31 20:02 - 01615168 _____ (LogMeIn, Inc.) C:\Users\j\Downloads\Support-LogMeInRescue.exe
2015-07-31 19:50 - 2015-07-31 19:51 - 183711512 _____ (Microsoft Corporation) C:\Users\j\Downloads\msert.exe
2015-07-31 19:49 - 2015-07-31 19:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\j\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-31 19:42 - 2015-07-31 19:42 - 02248704 _____ C:\Users\j\Downloads\adwcleaner_4.208.exe
2015-07-31 19:41 - 2015-07-31 19:41 - 00000262 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8CB6995E-A826-42E6-B9D7-94360B684D0B}.job
2015-07-31 19:10 - 2015-07-31 19:11 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\j\Downloads\tdsskiller.exe
2015-07-31 19:07 - 2015-07-31 19:07 - 00380416 _____ C:\Users\j\Downloads\8zgxuf83.exe
2015-07-31 06:58 - 2015-07-31 06:58 - 08376008 _____ (Auslogics Labs Pty Ltd ) C:\Users\j\Downloads\fix-my-pc-setup.exe
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-30 21:44 - 2015-07-30 21:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-29 21:55 - 2015-07-29 21:55 - 00003094 _____ C:\WINDOWS\PFRO.log
2015-07-29 20:50 - 2015-07-29 20:50 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-29 20:50 - 2015-07-29 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-29 20:49 - 2015-07-29 20:50 - 00000000 ____D C:\Program Files\iTunes
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files\iPod
2015-07-29 20:49 - 2015-07-29 20:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-28 18:21 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-28 18:20 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-28 18:20 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-28 18:20 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-28 18:20 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-28 18:20 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-26 10:41 - 2015-07-26 10:41 - 03288464 _____ C:\Users\j\Downloads\tenorshare-card-data-recovery-trial345.exe
2015-07-26 08:44 - 2015-07-26 08:44 - 00000000 ____D C:\Users\j\AppData\Roaming\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00001233 _____ C:\Users\Public\Desktop\LG PC Suite.lnk
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\Users\j\AppData\Local\LG Electronics
2015-07-26 08:41 - 2015-07-26 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
2015-07-26 08:39 - 2015-07-26 08:40 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2015-07-26 08:36 - 2015-07-26 08:39 - 235018224 _____ (LG Electronics) C:\Users\j\Downloads\LGPCSuite_Setup.exe
2015-07-20 15:42 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 15:42 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 15:42 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 09:16 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 15:02 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 15:02 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 15:02 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 15:02 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 15:02 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 15:02 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 15:02 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 15:02 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 15:02 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 15:02 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-14 15:02 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-14 15:02 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-14 15:02 - 2014-10-28 22:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2015-07-14 15:02 - 2014-10-28 22:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EventAggregation.dll
2015-07-14 15:02 - 2014-10-28 21:27 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2015-07-14 15:02 - 2014-10-28 21:12 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-07-14 08:45 - 2015-07-31 08:02 - 00017916 _____ C:\WINDOWS\setupact.log
2015-07-14 08:45 - 2015-07-14 08:45 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-10 06:30 - 2015-07-10 06:30 - 09875096 _____ (ProSoftnet Corp ) C:\Users\j\Downloads\IDriveSetup.exe
2015-07-10 06:30 - 2015-07-10 06:30 - 00001995 _____ C:\Users\j\Desktop\IDrive.lnk
2015-07-10 06:30 - 2014-11-19 11:17 - 00000095 _____ C:\WINDOWS\SysWOW64\RegisterIDriveEDll.bat
2015-07-10 06:30 - 2014-11-19 11:16 - 00569368 _____ C:\WINDOWS\SysWOW64\olelib.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00232960 _____ (Pro-SoftNet Corporation, USA) C:\WINDOWS\SysWOW64\IDrLocale.dll
2015-07-10 06:30 - 2014-11-19 11:16 - 00147130 _____ C:\WINDOWS\SysWOW64\CRYPT32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00117982 _____ C:\WINDOWS\SysWOW64\ADVAPI32.LIB
2015-07-10 06:30 - 2014-11-19 11:16 - 00026032 _____ C:\WINDOWS\SysWOW64\IDriveEXceedCryReg.exe
2015-07-10 06:30 - 2014-11-19 11:16 - 00022212 _____ C:\WINDOWS\SysWOW64\olelib2.tlb
2015-07-10 06:30 - 2014-11-19 11:16 - 00003841 _____ C:\WINDOWS\SysWOW64\server.pem
2015-07-10 06:30 - 2013-05-20 11:32 - 01342008 _____ (Pro Soft Net Corporation) C:\WINDOWS\SysWOW64\IDriveEService.dll
2015-07-07 13:15 - 2015-07-07 13:15 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-07-04 15:52 - 2015-07-04 15:52 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg (1).torrent
2015-07-04 15:50 - 2015-07-04 15:50 - 00095087 _____ C:\Users\j\Downloads\[kat.cr]the.loft.2015.720p.hdrip.x264.cam.audio.cpg.torrent
2015-07-04 15:48 - 2015-07-04 15:48 - 00015633 _____ C:\Users\j\Downloads\[kat.cr]the.loft.torrent
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (5).exe
2015-07-03 17:38 - 2015-07-03 17:38 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (4).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (3).exe
2015-07-03 17:37 - 2015-07-03 17:37 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (2).exe
2015-07-03 17:17 - 2015-07-03 17:17 - 01114376 _____ C:\Users\j\Downloads\FoscamWebComponents.zip
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foscam Web Components Test
2015-07-03 17:17 - 2015-07-03 17:17 - 00000000 ____D C:\Program Files (x86)\Foscam Web Components Test
2015-07-03 17:16 - 2015-07-03 17:16 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (4).exe
2015-07-03 17:14 - 2015-07-03 17:14 - 03498400 _____ (TeamViewer GmbH) C:\Users\j\Downloads\TeamViewerQS (1).exe
2015-07-03 14:02 - 2015-07-31 19:17 - 01674579 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 08:01 - 2015-07-01 08:01 - 01482168 _____ ( ) C:\Users\j\Downloads\IPCWebComponents (3).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 20:04 - 2014-06-05 21:21 - 00000000 ____D C:\Users\j\Documents\Outlook Files
2015-07-31 19:28 - 2013-12-17 11:35 - 00000000 ____D C:\Users\j\Documents\My Docs
2015-07-31 19:27 - 2014-03-18 06:03 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 19:17 - 2014-12-14 10:19 - 00000000 ____D C:\ProgramData\MediaMall
2015-07-31 19:17 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 19:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-31 18:50 - 2015-06-30 20:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 18:50 - 2015-06-30 20:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-31 18:19 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\MFAData
2015-07-31 14:52 - 2015-06-28 14:52 - 00000408 _____ C:\WINDOWS\Tasks\MrFixer.job
2015-07-31 13:18 - 2015-06-25 07:18 - 00000370 _____ C:\WINDOWS\Tasks\ClickIt.job
2015-07-31 11:39 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 96a11946-01fc-4223-9194-ea5968ca930d.job
2015-07-31 10:42 - 2014-12-03 11:42 - 00000270 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-07-31 07:53 - 2015-01-19 16:11 - 00001035 _____ C:\Users\j\Desktop\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00001021 _____ C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-07-31 07:53 - 2015-01-19 16:11 - 00000000 ____D C:\Users\j\AppData\Roaming\mjusbsp
2015-07-31 07:53 - 2014-06-19 20:50 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2015-07-31 07:53 - 2014-06-05 22:11 - 00000000 ___DO C:\Users\j\OneDrive
2015-07-31 07:52 - 2015-06-30 19:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-31 07:20 - 2014-06-09 12:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-31 07:10 - 2014-06-05 21:58 - 00000000 ____D C:\Users\j
2015-07-31 02:00 - 2015-06-30 19:39 - 00000516 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 088fb7b2-ad56-4284-bde7-c19b34bf0f48.job
2015-07-31 00:12 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 21:55 - 2015-06-28 15:07 - 00000000 ____D C:\Program Files\Blue Iris 4
2015-07-30 21:54 - 2013-08-22 10:44 - 00502280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-30 21:51 - 2014-06-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-30 21:50 - 2014-06-05 19:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-30 21:43 - 2015-01-03 13:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-30 21:43 - 2014-08-14 07:39 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-30 21:17 - 2015-06-30 19:38 - 00000998 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 10:37 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-30 07:55 - 2014-07-02 20:57 - 00232523 _____ C:\Users\j\Desktop\Bills.xlsx
2015-07-29 21:53 - 2015-01-01 20:20 - 00000000 ____D C:\Users\j\AppData\Roaming\Azureus
2015-07-29 21:02 - 2014-06-06 20:45 - 00000000 ____D C:\Users\j\AppData\Roaming\Apple Computer
2015-07-29 20:49 - 2015-05-01 20:24 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-29 20:49 - 2014-06-13 16:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 22:52 - 2014-10-16 08:45 - 00612352 ___SH C:\Users\j\Downloads\Thumbs.db
2015-07-25 08:57 - 2014-06-05 20:33 - 01657344 ___SH C:\Users\j\Desktop\Thumbs.db
2015-07-17 14:49 - 2014-06-05 18:58 - 00000000 ____D C:\Users\j\AppData\Local\Lenovo
2015-07-17 08:20 - 2014-06-05 19:02 - 00000000 ____D C:\Users\j\AppData\Roaming\LSC
2015-07-17 08:19 - 2013-09-12 14:00 - 00000000 ____D C:\Program Files\Lenovo
2015-07-17 08:19 - 2013-09-12 13:59 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-17 08:18 - 2013-09-12 14:00 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-07-14 06:47 - 2015-01-01 20:20 - 00001871 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-14 06:47 - 2015-01-01 20:20 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-07-10 06:31 - 2014-06-18 18:03 - 00000000 _____ C:\WINDOWS\SysWOW64\idrivee.txt
2015-07-10 06:30 - 2014-06-19 20:50 - 00000000 ____D C:\Users\j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDrive
2015-07-09 08:16 - 2014-06-16 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-07 13:15 - 2014-06-16 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-07-03 08:43 - 2014-06-05 19:42 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 07:56 - 2014-06-13 17:37 - 00000285 _____ C:\WINDOWS\wininit.ini
2015-07-01 04:02 - 2014-12-14 10:20 - 00000000 ____D C:\Program Files (x86)\MediaMall

==================== Files in the root of some directories =======

2014-06-07 12:02 - 2014-06-16 10:04 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-31 20:15 - 2015-07-31 20:15 - 0000315 _____ () C:\Users\j\AppData\Local\LMIR0001.tmp_r.bat
2014-12-10 22:48 - 2014-12-10 22:48 - 0000017 _____ () C:\Users\j\AppData\Local\resmon.resmoncfg
2014-06-07 01:11 - 2014-06-07 01:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-12 13:50 - 2013-09-12 13:50 - 0000198 ____H () C:\ProgramData\Lenovo-20051.vbs
2015-02-06 21:07 - 2015-02-06 21:07 - 0000106 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\Lenovo-20051.vbs


Some files in TEMP:
====================
C:\Users\j\AppData\Local\Temp\vcredist9_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================

Attached Files

	ckfiles.txt (197 Bytes)
	Addition.txt (40.3 KB)

I can only get into a browser when I am in safe mode. How do I fix (I have tried installing new drivers; nothing changed)? I am running Windows 7 on a Lenovo ThinkPad. I have tried disabling add-ons, updated browsers, tried to revert to last known working timestamp, and hard reset. I do not currently have access to an install disc or boot CD, and I am unable to include the attach doc.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.7601.18715 BrowserJavaVersion: 10.21.2
Run by admin at 21:23:19 on 2015-07-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3176.2166 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dnldwz_15_25&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtD0DzztCzy0A0D0DyByC0B0AtB0FyBtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyB0E0FtCtB0EtB0EtGyD0BtAyEtG0C0FtBtAtGtCtAyD0DtGtDtAyCtAtD0D0A0CyD0E0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByByEzytA0B0AyDtGtByC0DyBtGyEtAtCtBtG0AzztA0DtGyBtD0F0A0CyD0FyEtDyD0E0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztDtD%26cr%3D1041564713%26a%3Dwncy_dnldwz_15_25%26os%3DWindows 7 Enterprise
uDefault_Page_URL = hxxp://schools.nyc.gov
uProxyServer = 127.0.0.1:9666
uProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Filter Results: {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [GoogleChromeAutoLaunch_D9394DE6386755479577597100432920] "c:\users\admin\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ALCKRESI.EXE] c:\program files\lenovo\autolock\ALCKRESI.EXE
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = NYCDOE
mPolicies-System: legalnoticetext = This computer system, including all related equipment, is the property of the NYC Department of Education (NYCDoE) and is solely for uses authorized by NYCDoE. You have no right to privacy on the system, and all information and activity on the system may be monitored. Any unauthorized use of the system may result in disciplinary action, civil or criminal penalties.
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
Trusted Zone: cybershift.net
Trusted Zone: mathxlforschool.com
Trusted Zone: nycboe.net
Trusted Zone: nycenet.edu
Trusted Zone: thelearningodyssey.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D0591289-51FA-447C-B958-897928C40F79} : DHCPNameServer = 10.251.38.21 10.251.38.22
TCP: Interfaces\{EC29A048-EEFD-40B3-A64B-5B7B829FF00B} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EC29A048-EEFD-40B3-A64B-5B7B829FF00B}\3557C6C6966716E60275966496027457563747 : DHCPNameServer = 10.128.128.128
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.7.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-14 25968]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-7-22 95112]
R1 PHCORE;PHCORE;c:\program files\lenovo\rapidboot\PHCORE.sys [2010-12-3 33640]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec endpoint protection\Rtvscan.exe [2010-12-21 1832072]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-2-14 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-10-2 7522304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-7-22 49776]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-7-22 208664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-7-22 788784]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-7-22 433264]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-5-19 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 22134214;SuperOptimizer Stats;c:\windows\system32\rundll32.exe [2009-7-13 44544]
S2 AbtSvcHost;AbtSvcHost;c:\windows\system32\AbtSvcHost_.exe [2015-3-3 84376]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-7-22 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-7-22 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-7-22 113592]
S2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-7-22 146600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EDPA;EDPA;c:\program files\manufacturer\endpoint agent\edpa.exe [2011-3-14 255672]
S2 HyperW7Svc;HyperW7 Service;c:\program files\lenovo\rapidboot\HyperW7Svc.exe [2010-12-3 107880]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-14 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-4-11 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-14 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-4-11 93032]
S2 MediaDevSrv;MediaDevSrv;c:\programdata\mediadev\1404154465\mediadev.exe [2014-6-30 366952]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-14 143360]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [2012-4-25 17920]
S2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2012-2-14 141928]
S2 Service Mgr FilterResults;Service Mgr FilterResults;c:\programdata\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\PluginContainer.exe [2015-6-20 652520]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\lenovo\screen reading optimizer\SROSVC.exe [2012-2-14 443240]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-4-11 99328]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-4-11 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-2-14 2655768]
S2 Update Mgr FilterResults;Update Mgr FilterResults;c:\program files\common files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\Updater.exe [2015-6-20 574696]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-7-22 220752]
S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.7.0\ToolbarUpdater.exe [2015-7-17 1842576]
S2 WDP;WDP;c:\program files\manufacturer\endpoint agent\wdp.exe [2011-3-14 232120]
S2 WinDevSrv;WinDevSrv;"c:\programdata\online\sv.exe" --> c:\programdata\online\sv.exe [?]
S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2012-2-14 130944]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-7-22 3218624]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2014-6-23 266240]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-2-14 367656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-14 33832]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-14 292200]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2015-6-20 30504]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-10 261800]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-3 111408]
S3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2011-5-16 40848]
S3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2011-5-16 38288]
S3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2011-5-16 47496]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-2-14 269824]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-12-17 227600]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-17 6758912]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-14 83304]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-2-14 246888]
S3 SFsCtrx111;SFsCtrx111;c:\windows\system32\drivers\SFsCtrx111.sys [2012-2-14 48824]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 tdifd111;tdifd111;c:\windows\system32\drivers\tdifd111.sys [2012-2-14 45624]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 vfsmfd;vfsmfd;c:\windows\system32\drivers\vfsmfd.sys [2012-2-14 48824]
S3 vrtam;vrtam;c:\windows\system32\drivers\vrtam.sys [2012-2-14 19256]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-16 1343400]
.
=============== Created Last 30 ================
.
2015-07-24 04:36:30 -------- d-----w- c:\program files\GUM9685.tmp
2015-07-24 00:01:57 -------- d-----w- C:\SUPERDelete
2015-07-24 00:00:38 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2015-07-24 00:00:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-07-24 00:00:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-07-23 23:38:15 -------- d-----w- c:\program files\CCleaner
2015-07-23 18:33:31 -------- d-----w- C:\AdwCleaner
2015-07-23 17:58:01 -------- d-----w- c:\users\admin\appdata\roaming\AVAST Software
2015-07-22 15:56:01 -------- d-----w- c:\windows\system32\vbox
2015-07-22 15:53:50 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-22 15:53:50 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-22 15:53:48 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-22 15:53:47 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-22 15:53:46 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-22 15:53:46 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-22 15:53:44 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-22 15:53:42 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-22 15:53:10 43112 ----a-w- c:\windows\avastSS.scr
2015-07-22 15:49:38 -------- d-----w- c:\program files\AVAST Software
2015-07-22 15:48:00 -------- d-----w- c:\programdata\AVAST Software
.
==================== Find3M ====================
.
2015-07-30 18:04:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2015-07-30 17:58:49 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2015-07-30 17:58:46 78032 ----a-w- c:\windows\system32\rpcnet.dll
2015-07-09 18:43:12 48496 ----a-w- c:\windows\system32\identprv.dll
.
============= FINISH: 21:24:22.93 ===============

My computer has been running very slowly. I do not usually login as an administrator but when I did today I discovered that the homepage for that account has been captured by Vosteran.
The Internet connection symbol had disappeared from its bar only in that account.
I do not have a Windows install or boot disc.
I posted this previously but due to a mix up I did not get the info back intim
Help please.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.40.2
Run by Mia at 10:12:57 on 2015-08-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.212 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Cyberlink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\joal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vosteran.com/?f=1&a=vst_dnldstr_15_03_ch&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DyD0Bzy0FyC0FtDtBtA0FtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FyD0FzytBtAtAtGzztA0BzztGzz0FtDyDtG0FtCyBzztGyB0AtA0FyByEtDzztD0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0EyEyBzyyB0AtGtC0ByD0EtGyEyEtByDtG0AtAtA0EtG0DyE0DzztD0FyC0BtC0EtAyE2Q&cr=1445048292&ir=
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_z3101&r=17360312a107pe408y105w48m1v83p
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.7.0.147\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\16C67656272797 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\2656C6B696E6E2666603 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1A69F9EB-65C6-412E-9973-6D6B25E189CA}\3796D6D6F6E637 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-12 253408]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-6-10 226784]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-14 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-2-20 376184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-6-16 259040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-12 281568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-23 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 172344]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-7-7 314304]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-5 1871160]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-10-15 243232]
R2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [2015-7-20 1842576]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-30 25816]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-5 1080120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-3 327296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-21 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-5 136408]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-5 63704]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-28 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-28 1255736]
.
=============== Created Last 30 ================
.
2015-08-04 09:19:16 -------- d-----w- C:\Users\Mia\AppData\Local\Skype
2015-07-28 11:38:18 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 11:38:17 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 11:38:17 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 11:38:17 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 11:38:17 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 11:38:17 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 11:38:16 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 11:38:16 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-21 16:29:26 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-21 16:28:44 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-21 16:28:44 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-21 16:28:44 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-21 16:28:43 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-21 16:28:43 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-21 16:28:43 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-21 16:28:43 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-21 16:28:43 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-21 16:28:42 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-21 16:28:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-21 16:28:42 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-21 16:28:42 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-21 16:28:00 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-07-21 10:15:22 -------- d-----w- C:\Program Files\Common Files\AV
2015-07-20 10:07:47 6420480 ----a-w- C:\Program Files (x86)\GUT2BA2.tmp
2015-07-20 10:07:47 -------- d-----w- C:\Program Files (x86)\GUM2BA1.tmp
.
==================== Find3M ====================
.
2015-08-12 08:36:24 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 08:36:24 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-04 09:38:21 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-15 03:19:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-15 03:19:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-15 03:19:46 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-15 03:19:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-15 02:55:37 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-15 02:55:35 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-15 02:55:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-15 02:54:33 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-15 01:59:42 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-15 01:52:35 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-26 08:49:10 293296 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-24 00:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-16 14:55:04 259040 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-06-10 15:38:48 226784 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-06-02 17:41:06 376184 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
.
============= FINISH: 10:18:06.50 ===============

Attached Files

attach2.txt (8.2 KB)

Hello:

So this is probably going to be one of the more bizarre posts you've ever seen. I'm going to try to cut out the more eery details and stick to the facts asthey relate to my question with respect to computer security, trojans, etc. To nip the major issue in the butt, I'm cleary under investigation though I've never been formally introduced to an agent. They suspect I belong to a kiddie porn ring, I believe, presumably due to the fact I have a flamboyant personality, a large mouth, and a twisted sense of humor. I've suspected and then known that the investigation has been going on for about six months, but his past weekend it go far more real.

As it relates to my question for you all, I (was) the proud owner of a macbook air, 2013 model. (Presumably) the FBI had been trying to lure me into a controlled sale situation on zoom, where a group of people who were obbiously law enforcement kept doing what they could to get me into a room full of people who were obviously law enforcecment. Just prior, I had noticed that my empty trash can was actually full of invisible folders cakked "Recovered 1," ... 2, 3, etc. I don't mean invisible like hidden, there was no "." before the filenames. They were just invisible.

They were trying to get me to go meet some young Mexican kid on the south side of town, until I pointed out to them that the person I was skyping with was pre-recored. When the kid insisted he wasn't, I asked him to hold up four fingers. He couldn't without them having to stop the tape to rerecord the finger acion. Long story short, they then replaced him with a different Mexican altogether, and then their video accidentally got paused. This was all on Skype. They were enraged, I then caught the entire room with their pants down, literally, when I turned off my camera on zoom and they couldn't tell whether I was still in the room. They started banging pots and pans really loud, coincidentally from the apartment next door.

What ensued was remarkable. They had connected to my Macbook via bluetooth, again from the next door, and were using a strange process to transfer the freespace from the Mac to a server they were operating on the other side of the wall. They had not, as they still have not, knocked at the door, shaken my hand, handed my a search warrant, asked me to voluntarily give up my computer and hard drives, and tell me when, where, an how I can get them back. So, I was going to fight them.

First, I wiped my iPhone. The iPhone got about 1/2 way through the reset proess befoe the screen flashed. It then sped through the other half. When the iPhone 'came to.' nothing had changed. I went to do it again, and as soon as I got to the reset section of settings, the screen turned an eerie shade. I knew it was recording my attempts to clear the phone. I ran it again, the same thing happened. This time, the phone was clear but it took me to a wrong version of iOS. It was a smoke screen.

I then went to wipe the drive of the Macbook, and long story short, they weren't happy. They actuslly locked me out of my own computer, so I did a where's my mac reset. I was then able to unlock it with my own key. I tried to put a firmware password on it, but that didn't work. They got through, but I had logged into single-user mode. They had the HDD in read only mode, so I was trying to remount it as writable. They actually had my Macbook set up so it thought its HDD was on a bluetooth-accessed server, so right before I could wipe th thing, the command prompt entereda command, on its on, disabling bluetooth on the device. It then could no longer locate the HDD.

I was able to log back into the Macbook in normal mode a little while later. I turned back on 'see all files and folders' and was able to spot their work. I deleted it. That pissed them off. They then did a timed shut down, which kicked me out. When it re-awoke, it had another firmware pasword on it that I did not set. I was able to but into recovery mode, and without them realizing it, I was able to remount the HDDs, and al their work, at which point I deleted everything, includiong the boot sector. The macbook still has steam rising from it. It's completely inoperable. Finito. Blinking folder, and when I try to go ito recovery mode, it's blocked by a firmware password. It's an air so you cant remove and add RAM to reset it. I'll get to it soon enough.

I needed a computer with iTunes, because I was also locked out of my iPhone. I went to Best Buy and bought a cheap HP laptop. I was able to reset the phone, and I could suffer with Windows until I got my macbook fixed. I'm relatively certain there's something physical inside thm both right now, so just going to a genius bar isn't going to hack it.

Anyway, I bought the windows box on the day before yesterday. I've watched the processes pretty closely, etc. But this morning I decided to inspect to see whether there was something going on beneith the hood. What I found is very bizarre. I changed the ettings to see invisible files and folders and I found an invisible folder called "System.SAV". It's full of various log files, command files, scripts, etc., and while working through them found them to be increasingly strange. In particular, I found the attached file called "CIA.cdc".

To be clear, I'm not in a child porn ring. I want to see whether you can help me identify possible trojans on my computer and, later, on my Macbook.

First, the required log:


(IT WOULDNT LET ME PASTE, SO THEYRE ALL ATTACHED.)

Attached Files

	dds.txt (37.5 KB)
	attach.txt (11.6 KB)
	CIA.txt (97.0 KB)
	HideCMD.txt (381 Bytes)
	Lhidecmd.txt (495 Bytes)
	hideUsbDev.txt (2.0 KB)

i have hp pavilion laptop with windows 8.1.
whenever i connect to internet avast keeps giving notification that it blocked a virus.
infection details are

url - hxxp://differentia.ru/diff.php
infection - url:mal
process - C:\WINDOWS\SysWOW64\msiexec.exe

url - hxxp://disorderstatus.ru/order.php
infection - url:mal
process - C:\WINDOWS\SysWOW64\msiexec.exe

no apparent changes while using the computer.


from FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015
Ran by bibeksujita (administrator) on BIBEK (13-08-2015 11:37:29)
Running from C:\Users\bibeksujita\Desktop
Loaded Profiles: bibeksujita (Available Profiles: bibeksujita)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
() C:\ProgramData\DatacardService\DCService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Somoto) C:\Users\bibeksujita\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\bibeksujita\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
() C:\Users\bibeksujita\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(CANON INC.) C:\Windows\System32\CNAB5RPD.EXE
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Dropbox, Inc.) C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-10] (IDT, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6109776 2015-08-13] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743136 2013-05-29] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1962896 2013-12-19] ()
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [Advanced SystemCare 5] => C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [Google Update] => C:\Users\bibeksujita\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-31] (Google Inc.)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-05-28] (Tonec Inc.)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [FLV Player] => C:\Users\bibeksujita\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [Dropbox Update] => C:\Users\bibeksujita\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [AppsHat] => C:\Users\bibeksujita\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Run: [GoogleChromeAutoLaunch_D6EBCAA31125C79C9AF7C27C47CA8B0A] => C:\Users\bibeksujita\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-08-08] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2014-08-24]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3300 Status Window.lnk [2015-02-16]
ShortcutTarget: Canon LBP3300 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB5LAD.EXE (CANON INC.)
Startup: C:\Users\bibeksujita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibeksujita\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-08-13] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-11-29] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-08-13] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-05-02] (Orbitdownloader.com)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-11-29] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2013-12-19] (Wondershare Software Co., Ltd.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-08-13] (AVAST Software)
BHO-x32: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files (x86)\Minibar\Minibar.dll [2013-09-19] (KangoExtensions)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-05-02] ()
Toolbar: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKU\S-1-5-21-1476312255-3866232785-3835862293-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{12AB8B55-C5E3-479D-9E26-67733A9B0DAC}: [NameServer] 116.68.209.16 116.68.213.14
Tcpip\..\Interfaces\{18CDEEB9-AF2F-47B7-8DC5-6EA3333E35EF}: [NameServer] 116.68.209.16 116.68.213.14
Tcpip\..\Interfaces\{4043E7E1-5004-4A69-B2C5-903B9A73FFB9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AC5F13DC-A531-4747-87CE-21B5FF86DBC3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{BD814FAA-4217-46C0-B993-C33CC1D055AC}: [NameServer] 116.68.209.16 116.68.213.14

FireFox:
========
FF ProfilePath: C:\Users\bibeksujita\AppData\Roaming\Mozilla\Firefox\Profiles\moclw1el.default-1417698431251
FF NetworkProxy: "type",
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-06-01] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-06-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2013-10-18] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-31] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1476312255-3866232785-3835862293-1002: @tools.google.com/Google Update;version=3 -> C:\Users\bibeksujita\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1476312255-3866232785-3835862293-1002: @tools.google.com/Google Update;version=9 -> C:\Users\bibeksujita\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2014-09-16]
FF HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\bibeksujita\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\bibeksujita\AppData\Roaming\IDM\idmmzcc5 [2014-05-28]
FF HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF HKU\S-1-5-21-1476312255-3866232785-3835862293-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\bibeksujita\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Freemake Video Downloader) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-05-31]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2014-09-16]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-05-31]
CHR Extension: (Pin It Button) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-03-11]
CHR Extension: (IDM Integration Module) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-05-28]
CHR Extension: (My Browser Page) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2014-07-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (MyWebFace) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\njienacjggibaeolcbbjfnigbojkcggj [2015-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bibeksujita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-12]
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-08-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2013-03-22] (Connectify) [File not signed]
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-04-15] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-04-15] (Ellora Assets Corp.) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-11] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2013-10-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-22] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe" [X]
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-13] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 cmshusbser; C:\Windows\system32\DRIVERS\cmshusbser.sys [127232 2011-11-30] (QUALCOMM Incorporated)
S1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [34840 2013-10-18] (Connectify)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\system32\DRIVERS\Accelerometer.sys 899B7E724BF19F17978B6A37B864A277
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\system32\DRIVERS\atikmdag.sys F931C2ED6C8294909C10657DCB9A9A4E
C:\Windows\system32\DRIVERS\atikmpag.sys 0D481A7FE3A66724DC11AD8A4E417A9A
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\System32\drivers\amd_sata.sys A2EFE3869B976296E097DEF368280F95
C:\Windows\System32\drivers\amd_xata.sys 625396421C29FB305C6C6235D01130B8
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\system32\DRIVERS\appexDrv.sys 44695679881DEB85CAD7C249B151066E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\system32\drivers\aswHwid.sys 525F5989C095F5757414E1F4B39175B2
C:\Windows\system32\drivers\aswMonFlt.sys 76D585093398DB973470BB83FCF0CE52
C:\Windows\system32\drivers\aswRdr2.sys 719FF5568B5E71832541636E2A7DFE27
C:\Windows\System32\Drivers\aswRvrt.sys 21C13E3C9B801C8AE172FABBD235221E
C:\Windows\system32\drivers\aswSnx.sys 5B6A864A2CE292992040CEBAFC8F746A
C:\Windows\system32\drivers\aswSP.sys C43A0929DE32035499D6BB39A7F44439
C:\Windows\system32\drivers\aswStm.sys 763C27EA21875F54615A0174EEC78FC4
C:\Windows\System32\Drivers\aswVmm.sys C85B35201A253B99199C0A9F5B98FC18
C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\athwbx.sys 509AE5E446B2171D03401F3DD3C2E682
C:\Windows\system32\drivers\AtihdW86.sys 506907D2E7F3A5B67DBD39C00A788B7C
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\bthhfenum.sys 746B9F94214915AECDE4B7FEA5FF9664
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\bthmodem.sys 66B791F6B11DC4303DD18A224A501542
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 075CCE75090786F124573A788C8656E6
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\system32\DRIVERS\cmshusbser.sys 55D0611746F05C708F445E574182236F
C:\Windows\System32\Drivers\cng.sys 1CD3A907D64D08F49208DA00B69BF35E
C:\Windows\system32\DRIVERS\cnnctfy3.sys 99DA8A69284811F7B227D013B41C12FB
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys DDC11A202207C0400CBE07315B8FDE5E
C:\Windows\System32\drivers\dxgkrnl.sys C7D252742946DD395670649742FBD73D
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\system32\DRIVERS\ewusbnet.sys DA7CEF9FFBBD6498DF106BCAB84EB10A
C:\Windows\system32\DRIVERS\ew_hwusbdev.sys E2CBB821C7CAE0EF8B56DE28ED85C740
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 6592D192E2823C043EDBC010E7774053
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys EF3AE7773394DF49CE74AF78A1C8D23D
C:\Windows\System32\drivers\HDAudBus.sys 498288DD5CA42C2D36D125893E968C53
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\DRIVERS\hpdskflt.sys D104FF402FC3DDB686E6DEF00334DB26
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\ew_jubusenum.sys 6DBD08BC1331C78548298E82C4B667C5
C:\Windows\system32\DRIVERS\ewusbmdm.sys 6E5CD3984742A922D0C183C7E82C3C94
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorA.sys 050F2539E14F9D5E90A4B61738EC29BD
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\DRIVERS\idmwfp.sys 929DF302F15BFE24AC66EF45D858C413
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 139CFCDCD36B1B1782FD8C0014AC9B0E
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys FD9C9E9E3F0ED51502C7E8C066BE26B9
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys F88CC88F4A6D8476F1664E805CA18CC2
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\system32\DRIVERS\mcvidrv_x64.sys DE585D1D266805E5EEDAE911FDD16F38
C:\Windows\system32\drivers\mcaudrv_x64.sys 2E7FFDEF8BAFD04CBB517507B821E878
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\system32\drivers\mrxdav.sys 1D55DADC22D21883A2F80297F5A5AE48
C:\Windows\System32\DRIVERS\mrxsmb.sys 0696F66E4D423793951A60562F794D14
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys DBA635C6398782C549E3BE45CF1D0411
C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 375E44168F2DFB91A68B8A3F619C5A7C
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 78514B073CC5775800A65BFB82A0D66B
C:\Windows\System32\drivers\ndis.sys F21B77B4D74092A543807D3CEB711A88
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\drivers\Ndu.sys 5A072F0B90C29C5233D78BE33EF5ED78
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 1C80517BE6836A812F6A9B99B8321351
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 275AFE3FA35E8D78BE97695DF49817C6
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\qwavedrv.sys 3FB466684609A4329858CF2EBD62E0FD
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\AgileVpn.sys 55FE43112F61836D0581D615C72AA113
C:\Windows\system32\DRIVERS\rasl2tp.sys BBB6272B7F46C4640A8CDB8A70C3450F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 2B0F1677CDD08967005F34488559BC6F
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 0DE22421179D5A8440B68517DDF2B051
C:\Windows\System32\Drivers\RootMdm.sys A0AF9EBF560FDD0E044E04C0AF9FF9E6
C:\Windows\system32\DRIVERS\RtsP2Stor.sys D38250F459BF60D6F4B69B79DCD948CC
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\system32\DRIVERS\Rt630x64.sys 34DA0D14F5C3F1883A331AFB975AB434
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys FDEC5799BA499D18AFA3A540538866E7
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\Smb_driver_AMDASF.sys AF5CC3F9B88F140D78FC967ABF0F4EC7
C:\Windows\System32\drivers\Smb_driver_Intel.sys 19555D03CB179BED8B8AAA239A36BDA4
C:\Windows\System32\drivers\spaceport.sys 33977549C2CED09936E05BEE7659EAFF
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02
C:\Windows\System32\DRIVERS\srv2.sys FD163F487CBA9C98AFFEB546C80F49A2
C:\Windows\System32\DRIVERS\srvnet.sys 716059F37BCCB1ABEDE99EBE82E8E362
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\system32\DRIVERS\stwrt64.sys 32BE0B7CCA47A5BE30E7E43DC54B54F3
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\system32\DRIVERS\SynTP.sys 0F34FE968C91D02CE30D76C257F2BDA0
C:\Windows\system32\DRIVERS\taphss6.sys DA0780D55E8CF724CF3EF7CCF0F0DB67
C:\Windows\System32\drivers\tcpip.sys 25AC0B50A71938890970E1508F107196
C:\Windows\system32\DRIVERS\tcpip.sys 25AC0B50A71938890970E1508F107196
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70
C:\Windows\System32\drivers\usbcir.sys B3D6457D841A0CAEF4C52D88621715F2
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\system32\DRIVERS\usbfilter.sys 4875DC63E548812C75D4FDEF84970C89
C:\Windows\System32\drivers\usbhub.sys 93435654DCA210298BA0F986EB51C679
C:\Windows\System32\drivers\UsbHub3.sys 83C9C45D59C72FEFDAE9A5686BE31FEA
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\system32\DRIVERS\usbscan.sys F04D164C4168701A4E7835607722E5F1
C:\Windows\System32\drivers\USBSTOR.SYS EA23453240137F6773174E0D93F61A69
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\Drivers\usbvideo.sys 18F744E8CCEB2670040EBAF7AD77B8C6
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\system32\DRIVERS\usb8023x.sys 3CAAB947B1F247A570DE15983BEDEBCF
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 4BB9BC49DEE1A319EC58274A7BBED663
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 6B26AD573CCDD5209DF4397438B76354
C:\Windows\system32\DRIVERS\vwifimp.sys 0B48E0DFB44EE475F4FD8A8EE599AF30
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\system32\DRIVERS\wanarp.sys AFCD4054D61BD708B82991348ED1C763
C:\Windows\system32\drivers\WdBoot.sys F5D4FA3E1F4879C361FFF3855259D2C2
C:\Windows\System32\drivers\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys 019CC610AD95FF47EAD7C08B7A683B96
C:\Windows\System32\Drivers\WdNisDrv.sys 6CC1BB8F6851A262E2E824F0E92D5EEF
C:\Windows\System32\DRIVERS\wfplwfs.sys BFBE1C5F57FE7A885673A1962D5532B7
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Program Files (x86)\BatteryCare\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\system32\DRIVERS\WinUSB.sys AC263C2F66405589528995AA41040599
C:\Windows\System32\drivers\WirelessButtonDriver64.sys 4F2A80D65AE6F845776E2F06AE6782ED
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys 182561A14F2E93E81E66FE3700D17A5A
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\system32\drivers\VirtualAudio.sys ADD2FE1A9F4EE41A6D724819550D4E1F
C:\Windows\System32\drivers\WudfPf.sys D537815E450A149752C15868392AD1F3
C:\Windows\System32\drivers\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 11:34 - 2015-08-13 11:37 - 00055790 _____ C:\Users\bibeksujita\Desktop\FRST.txt
2015-08-13 11:33 - 2015-08-13 11:37 - 00000000 ____D C:\FRST
2015-08-13 11:33 - 2015-08-13 11:33 - 02173952 _____ (Farbar) C:\Users\bibeksujita\Desktop\FRST64.exe
2015-08-13 11:23 - 2015-08-13 11:23 - 00688992 _____ (Swearware) C:\Users\bibeksujita\Desktop\dds.scr
2015-08-13 11:05 - 2015-08-13 11:05 - 00006664 _____ C:\WINDOWS\PFRO.log
2015-08-13 10:08 - 2015-08-13 10:08 - 00003184 _____ C:\WINDOWS\System32\Tasks\ASC5_AutoClean
2015-08-13 09:41 - 2015-08-13 09:40 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-13 09:40 - 2015-08-13 09:40 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-12 18:47 - 2015-08-12 18:47 - 00000020 ___SH C:\Users\fbwuserE2CD.bibek.000\ntuser.ini
2015-08-12 18:47 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-12 18:47 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-12 18:44 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-12 18:44 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 18:44 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\TuneUp Software
2015-08-12 18:44 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Macromedia
2015-08-12 18:44 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\IObit
2015-08-12 18:44 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\AppData\Local\Google
2015-08-12 18:44 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 18:44 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-12 18:43 - 2015-08-12 18:47 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000
2015-08-12 18:43 - 2015-08-12 18:43 - 00000020 ___SH C:\Users\fbwuserC16F.bibek.000\ntuser.ini
2015-08-12 18:43 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek.000\Documents\hp.system.package.metadata
2015-08-12 18:43 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-12 18:43 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-12 18:40 - 2015-08-12 18:43 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000
2015-08-12 18:40 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-12 18:40 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 18:40 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\Documents\hp.system.package.metadata
2015-08-12 18:40 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\TuneUp Software
2015-08-12 18:40 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Macromedia
2015-08-12 18:40 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\IObit
2015-08-12 18:40 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\AppData\Local\Google
2015-08-12 18:40 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 18:40 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserC16F.bibek.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-12 14:34 - 2015-08-12 14:35 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-11 15:21 - 2015-08-11 15:21 - 00000020 ___SH C:\Users\fbwuserE2CD.bibek\ntuser.ini
2015-08-11 15:21 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-11 15:21 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-11 15:19 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-11 15:19 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-11 15:19 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\AppData\Roaming\TuneUp Software
2015-08-11 15:19 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Macromedia
2015-08-11 15:19 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\AppData\Roaming\IObit
2015-08-11 15:19 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\AppData\Local\Google
2015-08-11 15:19 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 15:19 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-11 15:18 - 2015-08-11 15:21 - 00000000 ____D C:\Users\fbwuserE2CD.bibek
2015-08-11 15:18 - 2015-08-11 15:18 - 00000020 ___SH C:\Users\fbwuserC16F.bibek\ntuser.ini
2015-08-11 15:18 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD.bibek\Documents\hp.system.package.metadata
2015-08-11 15:18 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-11 15:18 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-11 15:16 - 2015-08-11 15:18 - 00000000 ____D C:\Users\fbwuserC16F.bibek
2015-08-11 15:16 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-11 15:16 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-11 15:16 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek\Documents\hp.system.package.metadata
2015-08-11 15:16 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek\AppData\Roaming\TuneUp Software
2015-08-11 15:16 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek\AppData\Roaming\Macromedia
2015-08-11 15:16 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek\AppData\Roaming\IObit
2015-08-11 15:16 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F.bibek\AppData\Local\Google
2015-08-11 15:16 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 15:16 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserC16F.bibek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-10 14:33 - 2015-08-10 14:33 - 00000020 ___SH C:\Users\fbwuserE2CD\ntuser.ini
2015-08-10 14:33 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-10 14:33 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-10 14:31 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-10 14:31 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-10 14:31 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD\AppData\Roaming\TuneUp Software
2015-08-10 14:31 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD\AppData\Roaming\Macromedia
2015-08-10 14:31 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD\AppData\Roaming\IObit
2015-08-10 14:31 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD\AppData\Local\Google
2015-08-10 14:31 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-10 14:31 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserE2CD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-10 14:30 - 2015-08-10 14:33 - 00000000 ____D C:\Users\fbwuserE2CD
2015-08-10 14:30 - 2015-08-10 14:30 - 00000020 ___SH C:\Users\fbwuserC16F\ntuser.ini
2015-08-10 14:30 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserE2CD\Documents\hp.system.package.metadata
2015-08-10 14:30 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-10 14:30 - 2014-03-18 15:58 - 00000369 _____ C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-10 14:28 - 2015-08-10 14:30 - 00000000 ____D C:\Users\fbwuserC16F
2015-08-10 14:28 - 2014-07-22 03:30 - 00000000 ___RD C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-10 14:28 - 2014-07-22 03:27 - 00000000 ___RD C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-10 14:28 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F\Documents\hp.system.package.metadata
2015-08-10 14:28 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F\AppData\Roaming\TuneUp Software
2015-08-10 14:28 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F\AppData\Roaming\Macromedia
2015-08-10 14:28 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F\AppData\Roaming\IObit
2015-08-10 14:28 - 2014-07-21 14:30 - 00000000 ____D C:\Users\fbwuserC16F\AppData\Local\Google
2015-08-10 14:28 - 2013-08-22 21:21 - 00000000 ___RD C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-10 14:28 - 2013-08-22 21:21 - 00000000 ____D C:\Users\fbwuserC16F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-03 15:44 - 2015-08-03 15:44 - 00002216 _____ C:\Users\bibeksujita\Desktop\FLV Player.lnk
2015-07-30 18:03 - 2015-07-30 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-26 18:11 - 2015-08-09 18:11 - 00003194 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbibeksujita
2015-07-26 18:11 - 2015-08-09 18:11 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbibeksujita.job
2015-07-24 11:32 - 2015-07-29 11:55 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\FlickrUploadrWindows
2015-07-24 11:32 - 2015-07-24 11:32 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\SquirrelTemp
2015-07-24 11:32 - 2015-07-24 11:32 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\IsolatedStorage
2015-07-24 11:32 - 2015-07-24 11:32 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Flickr
2015-07-24 08:05 - 2015-07-24 08:05 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2015-07-13 11:41 - 2015-07-13 11:41 - 00002187 _____ C:\Users\bibeksujita\Desktop\AppsHat.lnk
2015-07-13 11:41 - 2015-07-13 11:41 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2015-07-13 11:40 - 2015-07-13 11:40 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Minibar
2015-07-13 11:40 - 2015-07-13 11:40 - 00000000 ____D C:\Program Files (x86)\Minibar
2015-07-08 15:26 - 2015-07-08 20:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-19 09:37 - 2015-08-13 10:48 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002UA.job
2015-06-19 09:37 - 2015-08-12 14:48 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002Core.job
2015-06-19 09:37 - 2015-07-20 14:43 - 00003912 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002UA
2015-06-19 09:37 - 2015-07-20 14:43 - 00003532 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002Core
2015-06-19 09:37 - 2015-06-19 09:37 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Dropbox
2015-06-19 09:37 - 2015-06-19 09:37 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-04 10:37 - 2015-06-04 10:37 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\{80C89AE0-887B-443F-9A67-B29A3F8B881B}
2015-05-26 08:36 - 2015-05-26 08:36 - 00000000 ____D C:\Program Files\avast software
2015-05-22 22:42 - 2015-07-30 18:07 - 00000000 ____D C:\Users\bibeksujita\Downloads\Shareit
2015-05-22 22:35 - 2015-05-25 09:56 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Lenovo
2015-05-22 22:34 - 2015-07-30 18:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-05-22 22:34 - 2015-07-30 18:03 - 00001220 _____ C:\Users\Public\Desktop\SHAREit.lnk
2015-05-22 22:34 - 2015-07-30 18:03 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-05-22 22:34 - 2015-05-22 22:34 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-05-22 22:27 - 2015-05-22 22:27 - 00000000 ____D C:\SWTOOLS
2015-05-22 13:25 - 2015-05-22 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
2015-05-22 13:25 - 2015-05-22 13:25 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 11:34 - 2013-08-24 09:51 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Skype
2015-08-13 11:31 - 2013-05-31 02:43 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1476312255-3866232785-3835862293-1002
2015-08-13 11:21 - 2013-07-25 22:55 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Media Player Classic
2015-08-13 11:20 - 2014-07-21 14:53 - 01763144 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-13 11:15 - 2013-10-02 12:04 - 00000000 ___RD C:\Users\bibeksujita\Dropbox
2015-08-13 11:15 - 2013-10-02 12:01 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\Dropbox
2015-08-13 11:06 - 2013-08-22 20:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-13 11:04 - 2013-08-22 19:10 - 06815744 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 10:59 - 2013-05-31 18:08 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002UA.job
2015-08-13 10:56 - 2013-08-17 13:45 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-13 10:47 - 2013-08-22 21:21 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-13 10:42 - 2014-05-28 11:46 - 00000000 ____D C:\Users\bibeksujita\Downloads\Video
2015-08-13 10:35 - 2014-05-28 11:45 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\DMCache
2015-08-13 09:59 - 2013-05-31 18:08 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002Core.job
2015-08-13 09:42 - 2013-07-25 20:21 - 00003926 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-13 09:40 - 2014-05-08 13:33 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-13 09:40 - 2014-05-08 13:33 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-13 09:40 - 2013-07-25 20:22 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-13 09:40 - 2013-07-25 20:21 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-13 09:40 - 2013-07-25 20:21 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-13 09:40 - 2013-07-25 20:21 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-13 09:40 - 2013-07-25 19:55 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-13 09:40 - 2013-07-25 19:55 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-13 09:35 - 2013-05-31 18:57 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Adobe
2015-08-12 19:34 - 2014-03-18 15:48 - 00956412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-12 18:07 - 2013-05-31 02:37 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D65D3F1-3CDF-4F80-B0B6-AD329DB0689C}
2015-08-12 15:57 - 2013-08-22 21:21 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-12 13:02 - 2014-05-28 11:46 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\IDM
2015-08-11 15:41 - 2013-05-31 02:34 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Packages
2015-08-10 20:49 - 2013-12-24 22:50 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\vlc
2015-08-04 16:33 - 2013-10-18 19:05 - 00000000 ____D C:\Users\bibeksujita\AppData\Roaming\BatteryCare
2015-08-03 15:44 - 2014-11-23 14:25 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\WebPlayer
2015-07-30 17:41 - 2014-07-21 14:18 - 00000000 ____D C:\Users\bibeksujita
2015-07-28 19:05 - 2014-09-16 17:55 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2015-07-24 20:59 - 2013-07-25 19:13 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-24 08:00 - 2013-05-31 01:09 - 00000000 ____D C:\Users\bibeksujita\AppData\Local\Google
2015-07-16 09:54 - 2013-05-31 18:08 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002UA
2015-07-16 09:54 - 2013-05-31 18:08 - 00003522 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1476312255-3866232785-3835862293-1002Core
2015-07-16 09:50 - 2013-08-17 13:45 - 00003890 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:50 - 2013-08-17 13:45 - 00003654 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 09:50 - 2013-08-17 13:45 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2014-08-20 22:00 - 2014-08-20 22:00 - 0000132 _____ () C:\Users\bibeksujita\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-08-20 15:11 - 2014-08-20 22:49 - 0000132 _____ () C:\Users\bibeksujita\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-04 00:42 - 2015-05-13 17:55 - 0013312 _____ () C:\Users\bibeksujita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-31 18:56 - 2014-07-11 20:32 - 0007598 _____ () C:\Users\bibeksujita\AppData\Local\Resmon.ResmonCfg
2015-02-04 20:55 - 2015-02-04 20:55 - 0000461 _____ () C:\ProgramData\EDITING (F) - Shortcut.lnk
2013-08-24 09:54 - 2013-08-24 09:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-08-22 09:41 - 2013-08-22 09:41 - 89562112 ___SH () C:\ProgramData\msdgchj.exe
2013-08-22 09:41 - 2013-08-22 09:41 - 90973312 ___SH () C:\ProgramData\msvbdd.exe

Files to move or delete:
====================
C:\ProgramData\msdgchj.exe
C:\ProgramData\msvbdd.exe


Some files in TEMP:
====================
C:\Users\bibeksujita\AppData\Local\Temp\cdo1570824543.dll
C:\Users\bibeksujita\AppData\Local\Temp\cdo3418664131.dll
C:\Users\bibeksujita\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxup5nu.dll
C:\Users\bibeksujita\AppData\Local\Temp\HssInstaller.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {c4c81405-10ae-11e4-824f-806e6f6e6963}
{3c2b7739-cadd-11e3-becb-806e6f6e6963}
{3c2b773a-cadd-11e3-becb-806e6f6e6963}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {5f20d818-1cd0-11e2-be71-8434977dbdc2}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {3c2b7739-cadd-11e3-becb-806e6f6e6963}
description USB Drive (UEFI)

Firmware Application (101fffff)
-------------------------------
identifier {3c2b773a-cadd-11e3-becb-806e6f6e6963}
description Internal CD/DVD ROM Drive (UEFI)

Firmware Application (101fffff)
-------------------------------
identifier {c4c81405-10ae-11e4-824f-806e6f6e6963}
description Internal Hard Disk or Solid State Disk

Windows Boot Loader
-------------------
identifier {5f20d815-1cd0-11e2-be71-8434977dbdc2}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5f20d816-1cd0-11e2-be71-8434977dbdc2}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5f20d816-1cd0-11e2-be71-8434977dbdc2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {5f20d81a-1cd0-11e2-be71-8434977dbdc2}
integrityservices Enable
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {5f20d818-1cd0-11e2-be71-8434977dbdc2}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {5f20d81a-1cd0-11e2-be71-8434977dbdc2}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5f20d81b-1cd0-11e2-be71-8434977dbdc2}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5f20d81b-1cd0-11e2-be71-8434977dbdc2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {5f20d818-1cd0-11e2-be71-8434977dbdc2}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5f20d81a-1cd0-11e2-be71-8434977dbdc2}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {82af29ed-1cc5-11e2-83c2-9556a012f1b8}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5f20d815-1cd0-11e2-be71-8434977dbdc2}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {5f20d816-1cd0-11e2-be71-8434977dbdc2}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {5f20d817-1cd0-11e2-be71-8434977dbdc2}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {5f20d81b-1cd0-11e2-be71-8434977dbdc2}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-07-28 16:48

==================== End of log ============================

Attached Files

Addition.txt (55.9 KB)

Hi I have been having popups from time to time. I used to have bit torrent but it has been removed. I think this was the source of the popups, but they still remain. I do not have a windows install disc or boot cd.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6001.18639
Run by Marcia at 17:18:03 on 2015-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4030.1870 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files (x86)\Novatel Wireless\Mobilink\Lite.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Marcia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~2\NOVATE~1\Mobilink\Phoenix.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobiLink Lite] C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NvCplDaemonTool] rundll32.exe C:\Users\Marcia\PULOAD~1.DLL,_IWMPEvents
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\Users\Marcia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marcia\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5DA4CD3F-24F6-4150-8AD2-4A19A15C3D57} : DHCPNameServer = 10.188.15.20
TCP: Interfaces\{A331FBF1-C3EE-490C-A964-899C051D395E} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [NvSvc] RUNDLL32.EXE C:\Windows\System32\nvsvc64.dll,nvsvcStart
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-12 312160]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-22 50976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-11-30 28762]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-12-22 1820184]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 117328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-8-6 292864]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-5-29 41280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-27 93184]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 17:19:48.34 ===============

Attached Files

attach.txt (10.5 KB)

Hi all,

My laptop is a couple of years old but hardly has any use. I basically transferred my files across from my old laptop (which was clean and quick) onto this one. Barring occasional web use it isnt often used. But something has happened. It can take 20 mins for a window to open (be it Chrome, IE, Excel, Word, Adobe).

Ive checked with various AV programs (norton, mcafee, avg) and malwarebytes but nothing is picked up. Running Windows 8.1 with 6gb Ram.

Any help will be greatly appreciated. Boot disc available (just have to dig it out). Many thanks in advance!

Peeta

DDS log below.
==================================================================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.25.2
Run by Jatinder at 16:03:40 on 2015-08-14
Microsoft Windows 8.1 6.3.9600.0.1252.44.2057.18.5722.3631 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\skydrive.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\Jatinder\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Dropbox Update] "C:\Users\Jatinder\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_A0FEADF121BEC6A62AB1212C34D96072] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\Jatinder\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jatinder\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\$MCREB~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{20745EA2-FD18-4F8E-A663-F970727190D5} : DHCPNameServer = 40.22.1.201 40.22.1.202
TCP: Interfaces\{60792DD8-E4F1-4EC5-9F6D-79CF4CE1B845} : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-1-8 39744]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2013-12-5 786304]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2014-1-27 348560]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-5-27 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-5-18 80384]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-12-13 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-22 2753720]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-3-18 38792]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-10 335064]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2012-8-10 29600]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-30 2451456]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-3-10 562200]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [2014-11-21 422632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-10 335064]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-10 335064]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-10 335064]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-10 335064]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-3-10 1050952]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-3-10 221832]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2014-3-10 189920]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdW86.sys [2012-7-17 98472]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-1-27 72136]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-3-17 313680]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-1-27 526360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2014-9-19 447440]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-3-18 38792]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2012-8-30 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2012-8-30 690832]
R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\drivers\usbfilter.sys [2012-8-30 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2013-7-22 20800]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-1-27 70608]
S2 0087001439552115mcinstcleanup;McAfee Application Installer Cleanup (0087001439552115);C:\WINDOWS\TEMP\008700~1.EXE -cleanup -nolog --> C:\WINDOWS\TEMP\008700~1.EXE -cleanup -nolog [?]
S2 APXACC;AppEx Networks Accelerator LWF;C:\WINDOWS\System32\drivers\appexDrv.sys [2012-8-30 199008]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2012-7-23 79528]
S3 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2012-7-23 26280]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-3-18 38792]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-3-18 38792]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-3-18 38792]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-3-18 197704]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-7-31 645952]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-11-19 114688]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-3-18 38792]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2014-9-19 96600]
S3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-8-14 37960]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2015-3-18 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2015-3-18 921920]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-3-18 38792]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-3-18 146776]
S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-8-30 41272]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2012-8-30 43832]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-3-18 38792]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2014-3-18 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-3-18 38792]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-3-18 38792]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-4-24 114496]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-4-24 366520]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-3-18 38792]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-3-18 38792]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-3-18 226304]
.
=============== Created Last 30 ================
.
2015-08-14 11:24:52 792568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-08-14 11:24:52 178168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-07-23 20:31:02 911360 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-07-23 20:31:02 230400 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2015-07-23 20:31:01 37888 ----a-w- C:\WINDOWS\System32\werdiagcontroller.dll
2015-07-23 20:27:10 2427392 ----a-w- C:\WINDOWS\System32\wininet.dll
2015-07-23 20:27:08 2880000 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2015-07-23 20:27:02 1951232 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2015-07-23 20:25:59 628736 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll
2015-07-23 20:22:40 1380600 ----a-w- C:\WINDOWS\System32\gdi32.dll
2015-07-23 20:22:35 1097216 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2015-07-23 20:22:30 1661576 ----a-w- C:\WINDOWS\System32\ole32.dll
2015-07-23 20:22:27 1212248 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2015-07-23 20:13:06 358912 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-07-23 20:13:06 301056 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-07-23 20:13:05 44032 ----a-w- C:\WINDOWS\System32\atmlib.dll
2015-07-23 20:13:05 35840 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2015-07-23 20:12:58 5923840 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-07-23 20:12:50 4520448 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-07-23 20:09:54 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-07-23 20:09:54 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-07-23 19:14:09 653824 ----a-w- C:\WINDOWS\System32\comctl32.dll
2015-07-23 19:14:09 549888 ----a-w- C:\WINDOWS\SysWow64\comctl32.dll
2015-07-23 18:52:23 -------- d-----w- C:\Users\Jatinder\AppData\Local\Dropbox
2015-07-23 18:52:23 -------- d-----w- C:\ProgramData\Dropbox
.
==================== Find3M ====================
.
2015-06-28 05:07:11 442712 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2015-06-28 05:07:11 178008 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys
2015-06-28 05:06:58 1311960 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2015-06-28 05:06:50 332120 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2015-06-27 16:42:34 747520 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2015-06-27 03:13:13 202240 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2015-06-27 03:12:25 401408 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2015-06-27 03:12:07 284672 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb10.sys
2015-06-27 02:40:09 445440 ----a-w- C:\WINDOWS\System32\certcli.dll
2015-06-27 02:05:14 1441792 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2015-06-27 02:00:06 989184 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-06-27 01:53:22 324096 ----a-w- C:\WINDOWS\SysWow64\certcli.dll
2015-06-27 01:26:31 802816 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-06-25 02:31:32 4177920 ----a-w- C:\WINDOWS\System32\win32k.sys
2015-06-15 22:41:04 65024 ----a-w- C:\WINDOWS\System32\msiexec.exe
2015-06-15 22:39:09 584192 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-06-15 22:38:29 88064 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
2015-06-15 22:24:36 3320320 ----a-w- C:\WINDOWS\System32\msi.dll
2015-06-15 22:02:47 87552 ----a-w- C:\WINDOWS\System32\tdc.ocx
2015-06-15 21:49:03 1032704 ----a-w- C:\WINDOWS\System32\inetcomm.dll
2015-06-15 21:36:31 2125824 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2015-06-15 21:16:41 59904 ----a-w- C:\WINDOWS\SysWow64\msiexec.exe
2015-06-15 21:15:56 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-06-15 21:13:40 64000 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
2015-06-15 21:09:15 3607552 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2015-06-15 20:50:38 2774528 ----a-w- C:\WINDOWS\System32\authui.dll
2015-06-15 20:47:41 73216 ----a-w- C:\WINDOWS\SysWow64\tdc.ocx
2015-06-15 20:37:27 880128 ----a-w- C:\WINDOWS\SysWow64\inetcomm.dll
2015-06-15 20:30:46 2052608 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2015-06-15 20:17:31 1048576 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2015-06-15 19:57:02 2460160 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2015-05-23 03:14:51 341504 ----a-w- C:\WINDOWS\SysWow64\html.iec
2015-05-23 03:04:50 620032 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2015-05-22 19:00:47 417792 ----a-w- C:\WINDOWS\System32\html.iec
2015-05-22 18:47:03 814080 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
.
============= FINISH: 16:08:16.02 ===============

Attached Files

attach.txt (5.3 KB)

Hi all,
My laptop has started to run very slowly, with the processor running at 100% nearly all the time. I've looked at the Spyware 1st Steps page and downloaded DDS. I ran DDS but it didn't produce the required logs. I've tried it several times with the same result. Any ideas what I could next?

Hi all. My Toshiba Satellite C650D laptop has started to run slowly. I've downloaded and run the DDS tool and produced the two logs required. Any help would be much appreciated.

DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17909
Run by tos at 11:50:33 on 2015-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1605 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall *Disabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe
\\localhost\C$\@GMT-2015.08.14-22.11.07\Users\Martin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_18_0_0_194_ActiveX.exe -update activex
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{50E49BE1-3E32-481F-B8CD-1736CCB99F5A} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{50E49BE1-3E32-481F-B8CD-1736CCB99F5A} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.155\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-7 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-7 208664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-7-24 95112]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-7 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-8-7 433264]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2014-6-26 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2014-4-16 17064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2014-4-16 626776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2014-4-16 41736]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2014-6-26 15400]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-7 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-7 76000]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-8-7 146600]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2014-7-25 70864]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2014-7-25 2327248]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 95408]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\samsung\usb drivers\25_escape\conn\ss_conn_service.exe [2015-2-17 743688]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-7-24 220752]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-7-24 3218624]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-4-19 69232]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-10-11 34432]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-10-11 25088]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-8-7 113592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2014-3-25 1664704]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2015-2-17 89856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-7-14 102912]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2015-2-17 184192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-8-5 1343400]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
.
=============== Created Last 30 ================
.
2015-08-15 10:49:46 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47cd8cbe-646c-49fe-9022-08e037879769}\offreg.1064.dll
2015-08-14 22:11:38 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 21:35:03 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-14 21:35:01 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-08-14 21:35:00 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-14 21:29:03 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-08-14 21:29:03 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-14 21:29:03 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-08-14 21:29:01 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-08-14 21:29:00 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-08-14 21:29:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-14 21:29:00 26624 ----a-w- c:\windows\system32\lpk.dll
2015-08-14 21:29:00 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-14 21:29:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-08-14 21:17:21 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-14 21:17:21 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-14 21:17:20 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-14 21:17:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-14 21:14:41 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47cd8cbe-646c-49fe-9022-08e037879769}\offreg.1072.dll
2015-08-09 10:14:49 9252608 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{47cd8cbe-646c-49fe-9022-08e037879769}\mpengine.dll
2015-08-07 18:27:08 9252608 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-08-07 18:15:52 43112 ----a-w- c:\windows\avastSS.scr
2015-08-06 10:11:07 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d6cefc38-d248-4f52-a294-42837f432ae8}\gapaengine.dll
2015-07-31 11:34:13 -------- d--h--w- C:\$Windows.~BT
2015-07-31 11:13:24 924160 ----a-w- c:\windows\system32\appraiser.dll
2015-07-31 11:13:24 628736 ----a-w- c:\windows\system32\invagent.dll
2015-07-31 11:13:24 58880 ----a-w- c:\windows\system32\acmigration.dll
2015-07-31 11:13:24 587264 ----a-w- c:\windows\system32\generaltel.dll
2015-07-31 11:13:24 342016 ----a-w- c:\windows\system32\devinv.dll
2015-07-31 11:13:23 932864 ----a-w- c:\windows\system32\aeinv.dll
2015-07-31 11:13:21 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-31 11:13:21 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-24 10:36:04 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-22 12:04:34 17318592 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2015-07-21 19:57:48 1375896 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
.
==================== Find3M ====================
.
2015-08-14 21:35:06 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-08-14 21:35:05 43008 ----a-w- c:\windows\system32\srclient.dll
2015-08-14 21:35:03 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-08-14 21:35:03 22016 ----a-w- c:\windows\system32\secur32.dll
2015-08-14 21:35:02 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-08-14 21:35:02 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-14 21:35:01 2560 ----a-w- c:\windows\system32\drivers\en-us\mountmgr.sys.mui
2015-08-14 21:35:01 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-08-14 21:35:01 17408 ----a-w- c:\windows\system32\credssp.dll
2015-08-14 21:35:01 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-08-14 21:35:00 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-08-14 21:35:00 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-08-14 21:34:59 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-08-14 21:34:59 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-08-14 21:34:58 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-08-12 08:34:24 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 08:34:23 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-07 18:16:14 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-07 18:16:13 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-07 18:16:10 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-07 18:16:10 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-07 18:16:10 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-07 18:16:09 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-07 18:14:46 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-05 00:31:12 41736 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-08-05 00:31:09 626776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2015-08-05 00:31:06 17064 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-08-05 00:29:53 33496 ----a-w- c:\windows\system32\cmdcsr.dll
2015-08-05 00:29:50 445472 ----a-w- c:\windows\system32\guard32.dll
2015-08-05 00:27:20 288448 ----a-w- c:\windows\system32\cmdvrt32.dll
2015-08-05 00:26:53 40640 ----a-w- c:\windows\system32\cmdkbd32.dll
2015-07-15 17:59:44 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59:44 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59:44 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:55:07 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55:03 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55:02 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55:00 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:54:59 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54:55 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54:50 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54:49 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54:43 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54:24 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54:19 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54:08 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53:53 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-14 22:00:47 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-07-14 22:00:47 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-07-14 22:00:27 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-14 20:54:22 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-07-14 20:54:21 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-07-14 20:54:07 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-14 20:44:53 4520448 ----a-w- c:\windows\system32\jscript9.dll
2015-07-14 20:44:51 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-09 17:43:25 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-09 17:43:24 2943488 ----a-w- c:\windows\system32\wucltux.dll
2015-07-09 17:42:52 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-09 17:42:47 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-07-09 09:23:39 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 17:48:36 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-06-19 18:40:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-06-19 18:25:35 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- c:\windows\system32\html.iec
2015-06-19 18:13:19 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-06-19 18:13:10 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-06-19 18:06:05 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-06-19 17:57:45 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-06-19 17:15:43 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-06-17 17:39:13 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 00:01:52 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-15 21:47:30 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43:35 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43:23 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37:15 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-11 10:58:02 163840 ----a-w- c:\windows\system32\aepic.dll
2015-06-11 10:21:46 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-06-11 10:21:32 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-06-11 10:18:36 54656 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-11 10:07:08 530432 ----a-w- c:\windows\system32\comctl32.dll
2015-06-01 23:47:09 210432 ----a-w- c:\windows\system32\cewmdm.dll
2015-05-25 18:01:45 853504 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:01:42 635392 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:01:39 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01:17 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:00:44 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:00:25 37888 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:00:17 82944 ----a-w- c:\windows\system32\logman.exe
.
============= FINISH: 11:53:19.25 ===============

Attached Files

Attach.txt (16.1 KB)

Hi,
My name is Kelly. I was given a laptop and it hasn't worked right since I got it. It's a Lenovo T520 ThinkPad. I've never been able to update anything, but lately it's been acting crazy. I'm not able to turn any antivirus programs off or delete them because when I try to do anything in the add or remove programs, it gives me the error "Please wait until the current program is finished uninstalling or being changed". I tried to access the "Turn Windows Features on or off" feature, but the box is empty. I also realized that no matter how many times I set permissions on a folder or file, they always change back. They always show inherited permissions and have read only checked. I'm also afraid that whatever is in this computer has also affected my phone (Galaxy s5). I don't have a boot cd. I downloaded Process Explorer, but am not able to change anything. When I try to check the permissions for System, it comes up "System:4 Properties" and gives me an Access is Denied error. I've tried to run sfc /scannow, but I get "Windows Resource Protection cannot perform the requested operation." Some of the other errors I've had are: "An internal error occurred (rpnp2:no-svr(00000001provmgrserver)), 'There are no more endpoints available from the endpoint mapper", "Folder access denied", etc. The list is endless. I can't access my printer or do anything meaningful on this computer. Can you please help me? Here is the DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.51.2
Run by KELLYLOU at 17:29:46 on 2015-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3979.1765 [GMT -4:00]
.
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\KELLYLOU\Downloads\autoruns.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: AviraBrowserSafety.BrowserSafety: {c3c77255-42c0-499f-b664-6e981a0b1647} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: DontDisplayLockedUserId = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620}\5436F6E6F6C4F6467656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E99DCA36-A5BE-4DC3-8CBF-9324CA2D5620}\D41647865677370254C6563647279636 : DHCPNameServer = 108.92.249.217
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-10-26 29512]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-15 23664]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2015-7-29 127752]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2015-7-20 59240]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-7-28 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-28 1133880]
R2 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-10-26 1669976]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-26 2656280]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-26 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-7-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-7-28 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-28 63704]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2014-6-11 101888]
S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-10-26 166016]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-10-26 425000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-26 39464]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-26 320560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-25 114688]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-6-11 1664856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-4-14 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-4-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-17 50464]
S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [?]
S4 Avira.ServiceHost;Avira Service Host;"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" --> C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [?]
S4 C771BUS;CASIO C771 USB Composite Device Driver;C:\Windows\System32\drivers\C771BUS.sys [2014-5-16 71752]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2015-7-20 40808]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-7-7 1738168]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-7-7 2088408]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-7-7 171928]
.
=============== Created Last 30 ================
.
2015-08-02 20:10:57 -------- d-----w- C:\Users\KELLYLOU\AppData\Roaming\Runscanner.net
2015-08-02 19:17:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5510A2FB-BD1F-46F3-8212-6D8172CC051F}\offreg.dll
2015-08-01 02:54:34 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\CEF
2015-08-01 02:54:28 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Adobe
2015-07-31 17:55:06 509264 ----a-w- C:\Program Files\winsdk_web.exe
2015-07-31 15:31:31 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\gtk-2.0
2015-07-31 15:31:20 -------- d-----w- C:\Users\KELLYLOU\.thumbnails
2015-07-31 15:29:05 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\fontconfig
2015-07-31 15:29:02 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\gegl-0.2
2015-07-31 15:29:02 -------- d-----w- C:\Users\KELLYLOU\.gimp-2.8
2015-07-31 01:04:32 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\HP
2015-07-30 23:07:54 -------- d-sh--w- C:\$RECYCLE.BIN
2015-07-30 02:22:46 -------- d-----w- C:\EEK
2015-07-30 01:43:47 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-07-30 01:43:43 -------- d-----w- C:\ProgramData\RogueKiller
2015-07-30 01:29:12 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\GWX
2015-07-30 01:17:23 -------- d-----w- C:\Program Files\HitmanPro
2015-07-30 01:14:44 -------- d-----w- C:\ProgramData\HitmanPro
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\REPORTS
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\LOGFILES
2015-07-29 18:25:09 -------- d-----w- C:\ProgramData\INFECTED
2015-07-28 23:56:11 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-07-28 23:25:28 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-28 23:24:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-07-28 23:24:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-07-28 23:24:09 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-07-28 23:24:09 -------- d-----w- C:\ProgramData\Malwarebytes
2015-07-28 23:24:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 23:20:20 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Programs
2015-07-27 22:06:56 -------- d--h--w- C:\Windows\System32\GroupPolicy
2015-07-27 20:41:12 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\VirtualStore
2015-07-27 18:11:36 -------- d-----w- C:\Windows\System32\catroot2
2015-07-27 17:57:10 -------- d---a-w- C:\Users\KELLYLOU\AppData\Local\ElevatedDiagnostics
2015-07-27 17:56:35 -------- d---a-w- C:\Windows\softwaredistribution.old
2015-07-26 14:23:43 -------- d-----w- C:\ProgramData\Package Cache
2015-07-26 01:01:18 -------- d-----w- C:\Users\KELLYLOU\FAKE COMPUTER
2015-07-25 23:56:21 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\Apps
2015-07-25 23:53:35 -------- d-----w- C:\Users\KELLYLOU\AppData\Local\CrashDumps
2015-07-25 01:11:30 -------- d-----w- C:\Users\KELLYLOU\AppData\Roaming\PwrMgr
2015-07-23 01:56:52 -------- d-sh--w- C:\Windows\Installer
2015-07-20 23:28:35 -------- d-s-a-w- C:\Windows\SysWow64\Microsoft
2015-07-19 16:44:43 18009776 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-07-08 13:55:53 -------- d---a-w- C:\Windows\SysWow64\FxsTmp
2015-07-08 13:55:53 -------- d-----w- C:\Windows\addins
2015-07-08 13:55:53 -------- d-----w- C:\Program Files\Microsoft Games
2015-07-08 13:55:51 -------- d-----w- C:\Windows\System32\FxsTmp
2015-07-08 01:32:02 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-07-08 01:31:58 -------- d---a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-04 21:17:46 -------- d-----w- C:\ProgramData\Corel
2015-07-04 03:33:03 -------- d---a-w- C:\AdwCleaner
.
==================== Find3M ====================
.
2015-07-30 18:45:47 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-19 16:44:53 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-19 16:44:53 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-16 13:36:26 44088 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-06-16 13:36:23 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2015-06-16 13:36:20 153256 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-09 18:26:06 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
.
============= FINISH: 17:30:18.64 ===============

We are consistently encountering either "stop script" for long running scripts on webpages or "not responding" for webpages. The webpage will freeze up and consistently display either of these and then require a close program and then refresh the page. It will work for a little while and then do it again. Often times it will just keep doing it and then finally work again. Additionally, I've noticed the mouse freezing up/hesitating or acting lethargic.

Here is the DDS file result:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.45.2
Run by John at 12:54:45 on 2015-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5619.3669 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\hp\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\hp\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
mStart Page = about:blank
uProxyOverride = <-loopback>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\hp\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28D170VJ05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E0CFC77-09F4-430D-A558-710C1914C493} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = about:blank
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-4-3 875928]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 344704]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-10 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-19 204288]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-8-5 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-6-22 782608]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-7-23 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-8-6 76064]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-4-1 373704]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-22 254792]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-19 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 77536]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-17 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 412440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 347800]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-6-22 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 496888]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-6-28 529080]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-8-5 37960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-19 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-19 47232]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-17 1133880]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-6-24 207208]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-17 63704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-6-2 225216]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-6-28 109728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-2 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-13 08:24:12 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:24:12 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:24:30 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-08-12 14:18:36 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-08-12 14:17:48 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-06 16:30:49 76064 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2015-07-22 23:37:12 2689680 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL
2015-07-18 02:32:28 -------- d-----w- C:\Program Files\iPod
2015-07-18 02:32:28 -------- d-----w- C:\Program Files (x86)\iTunes
2015-07-18 02:32:27 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2015-08-11 19:24:45 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-11 19:24:45 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-09 14:34:18 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-15 16:46:17 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-15 16:46:13 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-07-15 16:37:02 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-07-15 16:37:00 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-07-15 16:34:10 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-07-15 16:34:10 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
.
============= FINISH: 12:57:27.04 ===============

Attached Files

attach.txt (16.7 KB)

I am trying to get my blizzard downloader program to connect me online so I went to Blizard Tech support and they told me that a certain aspect of my motherboard wasn't loading. I wonder how I can fix this issue?
The part is called ROOT\LEGACY_QKNFD\0000


.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.40.2
Run by Rokchant at 14:47:30 on 2015-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4947 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Saved Downloads\MotioninJoy\ds3\DS3_Tool.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\GWX\GWX.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [DS3 Tool] C:\Saved Downloads\MotioninJoy\ds3\DS3_Tool.exe -mini
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\Users\Rokchant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDMan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{28029FB1-FACA-4BBE-8B83-EF92691AB131} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{555F69DA-7BE8-418E-907D-A3DE30011361} : DHCPNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{6C620493-AEAF-47AF-9FB4-CF6863393501} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6C620493-AEAF-47AF-9FB4-CF6863393501}\26F6F6A75647F607D2237484A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6C620493-AEAF-47AF-9FB4-CF6863393501}\3557275675563747D28343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6C620493-AEAF-47AF-9FB4-CF6863393501}\3557275675563747D28373 : DHCPNameServer = 192.168.1.1
x64-mStart Page = hxxp://www.google.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Hosts: 12.120.152.128 us.depot.battle.net
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rokchant\AppData\Roaming\Mozilla\Firefox\Profiles\ujm5hh7z.default-1354904374352\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Rokchant\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Rokchant\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\Rokchant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 124568]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-4-12 27136]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-4-12 19464]
R3 Edge7x64;Killer Xeno Gaming Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2010-4-12 27168]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-7-24 47976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-12 239616]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2012-3-12 29952]
R3 Xeno7x64;Killer Xeno Gaming Adapter Service;C:\Windows\System32\drivers\Xeno7x64.sys [2009-11-1 120864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-6-19 104120]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-6-19 124088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-15 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-4 63704]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-4-11 115272]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-4-28 19600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-8-4 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-4-12 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-4-12 24064]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-4-12 43008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-8-4 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-15 1255736]
S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-1-20 14648]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-12 202752]
S4 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-12 79360]
S4 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-4-28 1155216]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-12 13336]
S4 MBAMService;MBAMService;"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" --> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [?]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-4-28 1871504]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-7-24 5544592]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-7-24 410768]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: SC2Editor.exe: open="C:/Vidya Games/Diablo III/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Vidya Games/Diablo III/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-08-16 18:44:50 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DAF2A2C2-E73D-4A6D-9D73-46E6792DA590}\mpengine.dll
2015-08-15 20:54:35 -------- d-----w- C:\Program Files\iPod
2015-08-15 20:54:33 -------- d-----w- C:\Program Files\iTunes
2015-08-15 18:45:18 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-13 13:21:45 55296 ----a-w- C:\Windows\System32\admwprox.dll
2015-08-13 13:21:45 192000 ----a-w- C:\Windows\System32\iisRtl.dll
2015-08-13 13:21:45 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll
2015-08-13 13:21:44 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll
2015-08-13 13:21:44 60928 ----a-w- C:\Windows\System32\ahadmin.dll
2015-08-13 13:21:44 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll
2015-08-13 13:21:44 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll
2015-08-13 13:21:44 16896 ----a-w- C:\Windows\System32\iisreset.exe
2015-08-13 13:21:44 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe
2015-08-13 13:21:44 14848 ----a-w- C:\Windows\System32\wamregps.dll
2015-08-13 13:21:44 11264 ----a-w- C:\Windows\System32\iisrstap.dll
2015-08-13 13:21:44 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll
2015-08-12 20:28:21 -------- d-----w- C:\Windows\SysWow64\BestPractices
2015-08-12 20:28:20 -------- d-----w- C:\Windows\System32\BestPractices
2015-08-12 20:28:18 -------- d-----w- C:\inetpub
2015-08-12 07:46:04 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81E348DB-4250-482E-8208-C2BBEA48E29F}\gapaengine.dll
2015-08-12 07:13:26 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:13:26 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:22:25 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-08-11 20:21:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-08-11 20:16:20 260096 ----a-w- C:\Windows\System32\WebClnt.dll
2015-08-11 20:15:56 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-07 20:12:02 36495528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2015-08-07 20:11:59 825512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2015-08-07 16:21:20 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-08-05 07:03:46 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-08-05 07:03:46 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-08-05 07:03:46 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-08-05 07:03:26 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-08-04 19:33:11 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2015-08-04 19:20:21 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-08-04 19:20:19 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-08-04 19:20:18 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-08-04 19:20:18 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-08-04 19:20:18 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-08-04 19:20:16 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-08-04 19:20:16 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-08-04 19:20:16 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-08-04 19:20:16 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-08-04 19:20:16 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-08-04 19:20:16 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-08-04 19:19:32 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-08-04 19:19:30 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-08-04 19:19:29 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-08-04 19:17:49 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-08-04 19:17:49 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-08-04 19:17:49 1632768 ----a-w- C:\Windows\System32\dwmcore.dll
2015-08-04 19:17:49 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-08-04 19:17:01 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-26 00:13:35 -------- d-----w- C:\Users\Rokchant\AppData\Local\Razer
2015-07-25 00:35:44 571024 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-07-25 00:33:06 -------- d-----w- C:\ProgramData\boost_interprocess
2015-07-25 00:33:00 40280 ----a-w- C:\Windows\System32\nvhdap64.dll
2015-07-25 00:33:00 204648 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2015-07-25 00:19:13 47976 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-07-25 00:19:12 65896 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-07-24 00:28:14 -------- d-----w- C:\Users\Rokchant\AppData\Local\CEF
.
==================== Find3M ====================
.
2015-07-31 00:31:40 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-30 20:03:28 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-30 20:03:28 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-24 04:21:23 1423304 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-07-24 04:21:23 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-07-24 04:21:14 1756608 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-07-24 04:21:14 1710568 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:12:29 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-16 19:11:27 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-07-16 19:11:26 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-16 19:11:26 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
.
============= FINISH: 14:48:36.49 ===============

Attached Files

attach.txt (7.9 KB)

Hi Everyone,

I am not looking for advice on a specific virus. Instead I am looking for the best Anti-Virus software package to suit my Domain environment.

My Domain is hosted on a Windows Server 2008 Standard VM, and it sits behind a dedicated (off-site) Proxy Server.

I have attempted to install both ESET Anti-Virus (ESET Australia Official: Antivirus and Internet Security) and Avast! (https://www.avast.com/en-au/lp-ppc-w...FYOWvQodSDAAMA) onto a single client computer. However each of these software packages had installation issues, which I believe were related to the Proxy Server. In both cases during the installation these software packages completely froze the client computer to the point where I had to reset at the power switch. Ironically when the computer booted up in each instance the given software package was installed!

As the anti-virus software package that I decide upon must feature the ability to install (to clients) using Active Directory I must be certain that it behaves well with Proxy Servers. If it doesn't do so 'out of the box' then I will need to be able to configure Ports (through our Service Provider) so that Active Directory installs can take place.

In addition to the above requirement the software package must support the following -

* Automatically scan USB devices (when they are plugged in)
* Automatically scan downloaded files
* Provide web browsing security (with site reputations, etc)

Any suggestions on a good product which will suit my needs will be greatly appreciated.

Thanks in advance for your time and consideration.

Kind Regards,

Davo