Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all 2798 articles
Browse latest View live

BIOS virus

August 18, 2015, 1:16 am
$
0
0
Hello,

This is my first time here, I heard a lot of positive things about this forum, so here I am with my super question

I repair computers in my free time, and I've never seen a thing like that one :

It's a laptop, fujitsu siemens, Amilo Pi 2550, with windows vista installed on.
The screen seems broken, so i used the VGA port to see if it was the graphical card or only the screen of the laptop.
The computer starts, but when he reaches the "windows startup" there is a blue screen (I did not write what he was saying, but I can if needed).
So I've decided to start the bios with F2, and what a surprise, the letters were changing randomly...


I've asked some colleagues, and we think it could be a Low Level Virus, written into the BIOS.

But I'm not sure at all.

What do you think guys?
Thanks in advance !
Search

Entire home network slowed. Virus?

August 18, 2015, 4:03 pm
$
0
0
For the past two days, every device (regardless of platform, form-factor, or begin wired/wireless) on my home network has had a very slow connection to the Internet.

The time of this phenomenon seems to match the point at which I downloaded content from en.savefrom.net and got a virus on my Windows laptop.

On my laptop, both the Internet and the OS itself became increasingly sluggish. I've since restored my laptop (and have not yet connected it to the network). It doesn't seem that any other OS's of devices on the network are sluggish.

Now only is the Internet slow, but I'm getting a lot of error messages upon trying to load some pages. Examples include:
400 Bad Request
ERR_NAME_NOT_RESOLVED
DNS_PROBE_FINISHED_NXDOMAIN
ERR_EMPTY_RESPONSE

These occur from multiple devices.

Here's one of the request headers from a page that gave a "Bad Request" error (using a Window machine):

Code:
HTTP/1.1 400 Bad Request
Date: Tue, 18 Aug 2015 19:51:28 GMT
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.2d
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
Do you think that the virus spread to other devices, or did the router get infected or something? What should I do?

My computer is a mess... Need Help

August 20, 2015, 3:04 pm
$
0
0
No clue what is wrong with my computer... it may have viruses, trojans and who knows what else. It runs slow, it lags alllll the time. My windows security center hasn't worked in years... windows fire wall doesn't work. My windows update doesn't work... and hasn't in years. I've attached the info.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 11.25.2
Run by Charley at 16:49:21 on 2015-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.2016 [GMT -5:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Users\Ladymai Hoff\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Charley\AppData\Roaming\VERIZON\UA_ar\UA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
C:\Program Files (x86)\GlassWire\GlassWire.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.1.14
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.1.14
uProxyOverride = <-loopback>
mURLSearchHooks: {650598e1-b35a-45d3-b607-896d7acb64c3} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Ladymai Hoff\AppData\Local\DownloadTerms\temp.dat
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {650598e1-b35a-45d3-b607-896d7acb64c3} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\Total Security\safemon\safemon.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Hide.me] C:\Program Files (x86)\hide.me VPN\Hide.me.exe
uRun: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
mRun: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
dRun: [AMD] regsvr32.exe /s "C:\Users\Family PC\AppData\Local\RemEngine\AMD\jdjigd.dll"
StartupFolder: C:\Users\Charley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Charley\AppData\Roaming\VERIZON\UA_ar\UA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{74EF684A-2A85-4BEB-A515-F2A213EBAC03} : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{74EF684A-2A85-4BEB-A515-F2A213EBAC03}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7A642EB9-2030-48E5-80B9-684ADD4BC76E} : DHCPNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.1.14
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charley\AppData\Roaming\Mozilla\Firefox\Profiles\i8vlr5bx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cassiopessa.com/?f=1&a=csp_tuto1_15_27&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDyEyDtCyE0DtB0Bzy0ByBtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBzz0FtCyB0DyE0AtGyByEyC0BtG0F0CyB0BtGyEyDyDtCtG0CtBtA0EtCtD0B0DzzzytA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCyCtA0FtDyB0DtGyC0Dzz0AtGyEtByEtAtG0BtC0E0BtGyCyByCtDtD0FtD0B0A0A0Czz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=1768419065&ir=
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Charley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.nspdlgrvrio.aflt - grv_tight3_14_33
FF - user.js: extensions.nspdlgrvrio.instlRef - tight_14_18
FF - user.js: extensions.nspdlgrvrio.cr - 1305704262
FF - user.js: extensions.nspdlgrvrio.cd - 2XzuyEtN2Y1L1QzuyCyEtAtCyDtDyEyDtCyE0DtB0Bzy0ByBtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyEtByBzy0ByC0FyDtG0E0C0C0DtG0D0BtCyCtG0CyEzz0CtGyE0C0BtA0B0A0EtAyEyCtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0AtA0DzyzztD0AtG0DyE0EyDtGyE0E0A0EtGzyzytDtBtG0EyEyCtDzytDtD0FtB0E0Fzz2Q
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-12-11 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-12-11 38016]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2015-8-18 137296]
R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2015-8-18 319568]
R1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360FsFlt.sys [2015-8-18 363088]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2012-1-22 15872]
R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2015-8-18 178768]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [2015-8-11 1650936]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R1 gwdrv;GlassWire Driver;C:\Windows\System32\drivers\gwdrv.sys [2015-8-19 33248]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20150819.001\IDSviA64.sys [2015-8-19 692984]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\symnets.sys [2013-2-5 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-11 203264]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [2015-3-8 53248]
R2 GlassWire;GlassWire Control Service;C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [2015-7-31 7445536]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-9-28 107576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2014-8-21 93184]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-11 1119768]
R2 QHActiveDefense;360 Total Security;C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2015-8-18 858744]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Realtek87B;Realtek87B;C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2015-1-23 40960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-1-18 743688]
R3 360AvFlt;360AvFlt mini-filter driver;C:\Windows\System32\drivers\360AvFlt.sys [2015-8-18 77904]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-2 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-5-2 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-8-2 153936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-7-17 25816]
R3 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-11 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TorchCrashHandler;Torch Crash Handler;C:\Users\Ladymai Hoff\AppData\Local\Torch\Update\TorchCrashHandler.exe [2013-7-30 1207648]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-11 38456]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-17 1133880]
S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-24 1255736]
S3 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2015-8-18 40520]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2015-1-18 110336]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-6-8 153600]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-7-17 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-17 63704]
S3 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-7-15 786256]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8187.sys [2015-1-23 448512]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2015-1-18 206080]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2015-4-14 16056]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-5-16 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]
.
=============== Created Last 30 ================
.
2015-08-20 02:00:50 -------- d-sh--w- C:\$360Section
2015-08-20 01:45:23 -------- d-----w- C:\Users\Charley\AppData\Local\GlassWire
2015-08-20 01:41:42 33248 ----a-w- C:\Windows\System32\drivers\gwdrv.sys
2015-08-20 01:41:37 -------- d-----w- C:\ProgramData\GlassWire
2015-08-20 01:41:33 -------- d-----w- C:\Program Files (x86)\GlassWire
2015-08-20 01:39:48 -------- d-----w- C:\ProgramData\360Quarant
2015-08-20 01:38:54 -------- d-----w- C:\Users\Charley\AppData\Roaming\360safe
2015-08-20 01:26:13 -------- d-----w- C:\Windows\PCHEALTH
2015-08-19 21:51:39 -------- d--h--w- C:\Windows\AxInstSV
2015-08-19 17:31:24 -------- d-----w- C:\Users\Charley\AppData\Roaming\MusicBee
2015-08-19 17:31:09 -------- d-----w- C:\Program Files (x86)\MusicBee
2015-08-18 18:21:21 -------- d-----w- C:\Users\Charley\AppData\Roaming\360TotalSecurity
2015-08-18 18:21:13 -------- d-----w- C:\ProgramData\360TotalSecurity
2015-08-18 18:21:03 363088 ----a-w- C:\Windows\System32\drivers\360FsFlt.sys
2015-08-18 18:21:02 -------- d-----w- C:\ProgramData\360safe
2015-08-18 18:20:11 -------- d-sh--r- C:\360SANDBOX
2015-08-18 18:20:10 319568 ----a-w- C:\Windows\System32\drivers\360Box64.sys
2015-08-18 18:20:07 40520 ----a-w- C:\Windows\System32\drivers\360Camera64.sys
2015-08-18 18:20:06 178768 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS
2015-08-18 18:20:06 137296 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys
2015-08-18 18:19:58 77904 ----a-w- C:\Windows\System32\drivers\360AvFlt.sys
2015-08-18 18:19:53 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2015-08-18 18:19:38 -------- d-----w- C:\Program Files (x86)\360
2015-08-18 18:19:00 -------- d-----w- C:\Users\Charley\AppData\Roaming\Anvsoft
2015-08-18 18:18:56 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-08-18 18:12:57 -------- d-----w- C:\Users\Charley\AppData\Roaming\Media Converter
2015-08-14 08:39:56 3466856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-08-14 08:39:56 283304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2015-08-14 08:39:56 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2015-08-14 08:39:55 55464 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-08-14 08:39:55 20648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2015-08-14 08:39:55 109736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2015-08-10 17:58:21 -------- d-----w- C:\Program Files\Common Files\AV
2015-08-10 01:27:07 -------- d-----w- C:\ProgramData\BlueStacks
2015-08-03 23:53:06 -------- d-----w- C:\Users\Charley\AppData\Local\{8B27ABBB-D16B-43CD-9F9C-4AEA3A1B2DA5}
2015-07-31 14:59:19 -------- d-----w- C:\Users\Charley\AppData\Local\{69834002-930B-4BD8-97F7-5F37D281092A}
2015-07-30 20:37:00 -------- d-----w- C:\Users\Charley\AppData\Local\{051A45E0-D584-4BAC-A101-198D771882A2}
2015-07-30 02:29:57 -------- d-----w- C:\Users\Charley\AppData\Roaming\WildTangentv1001
2015-07-29 00:19:34 -------- d-----w- C:\ProgramData\Wild Tangent
2015-07-29 00:14:39 -------- d-----w- C:\ProgramData\Flood Light Games
.
==================== Find3M ====================
.
2015-07-18 11:29:02 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-18 11:29:02 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-18 11:28:36 18524336 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-07-18 11:21:48 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-18 13:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 13:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 13:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:49:41.23 ===============

Attached Files
File Type: txt Attach2.txt (19.3 KB)

Can't start base filtering service. It ends with access is denied error

August 22, 2015, 11:26 pm
$
0
0
We tried to fix this in this thread, but didn't succeed. jenae believes that my system is infected, so I am here.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.51.2
Run by Faraz at 11:46:15 on 2015-08-23
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2935.1265 [GMT 5.5:30]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: NameServer = 113.193.14.16 113.193.0.148
TCP: Interfaces\{1BF92EC9-E983-40F4-B355-894EEEFED04B} : DHCPNameServer = 113.193.14.16 113.193.0.148
TCP: Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-2-19 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-2-19 274808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-2-19 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-2-19 447944]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-2-19 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-2-19 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-2-19 150672]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2015-3-31 20984]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2015-2-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-2-19 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2015-1-26 180648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-2 146600]
S4 HWDeviceService64.exe;HWDeviceService64.exe;"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S4 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [2015-4-9 24576]
S4 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [?]
S4 wifimansvc;Wifi Man Service;C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe --> C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [?]
.
=============== Created Last 30 ================
.
2015-08-23 06:05:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\offreg.216.dll
2015-08-21 09:43:19 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\offreg.3460.dll
2015-08-21 08:32:02 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\mpengine.dll
2015-08-20 11:04:02 -------- d-----w- C:\ProgramData\Malwarebytes
2015-08-19 14:08:09 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 14:08:09 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-17 10:48:31 42152 ----a-w- C:\Windows\System32\drivers\cnnctfy3.sys
2015-08-17 10:15:35 0 ----a-w- C:\Windows\System32\REN9FEA.tmp
2015-08-13 06:47:49 -------- d-----w- C:\Users\Faraz\Tracing
2015-08-13 06:43:49 -------- d-----w- C:\Users\Faraz\AppData\Local\Skype
2015-08-13 06:43:29 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-12 13:54:34 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54:34 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:48:49 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-12 07:47:59 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-12 07:45:44 260096 ----a-w- C:\Windows\System32\WebClnt.dll
2015-08-12 07:44:59 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-04 10:21:06 -------- d-----w- C:\Users\Faraz\AppData\Local\ElevatedDiagnostics
2015-08-04 09:02:55 -------- d-----w- C:\Windows\pss
2015-08-02 08:15:02 -------- d-----w- C:\Users\Faraz\AppData\Local\CEF
2015-08-02 08:09:39 -------- d-----w- C:\Users\Faraz\AppData\Local\Adobe
2015-08-02 05:43:06 43112 ----a-w- C:\Windows\avastSS.scr
.
==================== Find3M ====================
.
2015-08-17 10:12:01 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-14 06:48:07 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-08-02 05:43:24 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-08-02 05:43:23 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-08-02 05:43:23 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-08-02 05:43:23 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-08-02 05:43:23 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-08-02 05:43:21 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 11:46:56.97 ===============

I don't have a windows install disk or boot cd. installed this copy from a usb.

Attached Files
File Type: txt attach.txt (9.8 KB)

Chinese popups after downloading a programm

August 27, 2015, 3:03 am
$
0
0
I was looking for some soft. I've used the top site in Google to download it from. After installing I've got tons of chinesse popups, weather widgets and so on. The computer died and I had to reinstall windows. Is there a way to fix that without reinstalling?

dds

August 27, 2015, 10:55 am
$
0
0
So I am probably missing something simple but when I try to download dds it says it is not meant to run 'compatibility mode" and is shutting now

How do I fix this so that I can download dds and run?

Thank you

Internet Browser has been hijacked!

August 28, 2015, 11:00 am
$
0
0
I use Chrome as my browser is has been hijacked it redirects to Yahoo Search and ads begin popping up trying to sell all kinds of items




Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Steve (2015-08-28 10:14:15)
Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\INetCache\IE\X8YT4Y5I
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2255500737-2190663751-1543486721-500 - Administrator - Disabled)
Guest (S-1-5-21-2255500737-2190663751-1543486721-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2255500737-2190663751-1543486721-1003 - Limited - Enabled)
Steve (S-1-5-21-2255500737-2190663751-1543486721-1001 - Administrator - Enabled) => C:\Users\Steve
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3202 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Free MKV Player (HKLM-x32\...\{4DABCF47-69BE-42B4-9AAB-486DF64AEF0C}) (Version: 1.00.0000 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{64382EDB-DCC6-4970-BE54-AD7A26AD1E74}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.49 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (Version: 8.00.49 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.49 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
KPG-134D (HKLM-x32\...\{575746CE-FF0A-4BF8-B3FB-05ABABB72426}) (Version: - )
KPG-44D (HKLM-x32\...\{FC348F0A-7C7C-11D6-B34A-0050DA8F8110}) (Version: - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
MakeMKV v1.9.4 (HKLM-x32\...\MakeMKV) (Version: v1.9.4 - GuinpinSoft inc)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrimeTime Draft™ Football 2014 (HKLM-x32\...\PrimeTime Draft Football 2014) (Version: - PrimeTime Draft, LLC)
PrimeTime Draft™ Football 2015 (HKLM-x32\...\PrimeTime Draft Football 2015) (Version: - PrimeTime Draft, LLC)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zebra Font Downloader (HKLM-x32\...\Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation)
ZebraDesigner 2 (HKLM-x32\...\ZebraDesigner 2) (Version: 2.5.0.9325 - Zebra Technologies Corporation)
ZebraDesigner 2 (x32 Version: 2.5.0.9325 - Zebra Technologies Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2255500737-2190663751-1543486721-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
09-08-2015 12:19:35 Windows Update
25-08-2015 20:45:43 Windows Update
27-08-2015 21:40:30 Restore Operation
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {367EF19C-B7F6-45BD-A41E-8DA5577884CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {3BEAB825-C691-4515-B4EA-345A82AF5AC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {7E5A2718-755F-4E69-9A60-B3FD6A56CA6A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {7EC175CD-2D45-45EB-9B24-510D5382BB2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {85C6DF9A-26D6-4871-B761-2CFB011DE684} - System32\Tasks\{57C172E6-67D4-42AC-9309-92ADD96F4FAD} => pcalua.exe -a "C:\Users\Steve\Desktop\Kenwood 44 TK-790\44\KPG-44D version 2.10\Disk1\Setup.exe" -d "C:\Users\Steve\Desktop\Kenwood 44 TK-790\44\KPG-44D version 2.10\Disk1"
Task: {89E655CC-A27B-470A-83C8-B5B59893970C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {B4722F88-A334-47D6-8795-03D9F8E10CCE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {B5F8202F-2E53-4A87-9A6C-305A1F4FB40E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for STEVE-LAPTOP-Steve Steve-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {BBAACE43-48FC-41F3-AF60-4A592CE43E9F} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-07-10] (CyberLink Corp.)
Task: {C0548CF1-97D4-4C69-B629-6D0AE7781164} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {CED9754C-D590-44F6-BFC0-2AC37BE80C1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {D82ED1CC-7663-4AB9-8A5C-C6E4B19C4343} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {E5FA2559-9E75-469E-AB21-016D03078EA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2255500737-2190663751-1543486721-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {FC346F7B-9D30-46B7-A1C4-E1B055FA3795} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {FCCABBAD-2765-4B7C-82B2-AFD6487D3BF8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {FD375B78-5185-4118-A961-8A0CA6499691} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {FE7A27F4-35B1-41F8-8365-EB4A43665AAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-08-23 02:09 - 2013-08-23 02:09 - 02508800 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-08-23 02:07 - 2013-08-23 02:07 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-08-23 02:07 - 2013-08-23 02:07 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-08-23 02:07 - 2013-08-23 02:07 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-08-23 02:20 - 2013-08-23 02:20 - 00304016 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-08-23 02:20 - 2013-08-23 02:20 - 01283472 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-07-02 08:12 - 2015-07-02 08:12 - 01927680 _____ () C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll
2014-02-27 22:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-12 20:06 - 2013-08-12 20:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 20:06 - 2013-08-12 20:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 20:06 - 2013-08-12 20:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-04-07 02:12 - 2015-04-07 02:12 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2013-08-23 02:08 - 2013-08-23 02:08 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-08-23 02:13 - 2013-08-23 02:13 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2015-03-25 21:28 - 2015-03-25 21:28 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-23 02:12 - 2013-08-23 02:12 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2014-02-20 14:43 - 2013-08-09 05:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-23 10:20 - 2014-11-23 10:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-23 10:15 - 2014-11-23 10:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-08-25 20:14 - 2015-08-17 22:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-25 20:14 - 2015-08-17 22:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2014-11-23 10:15 - 2014-11-23 10:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-07 23:12 - 2013-01-24 15:05 - 33739736 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2015-04-07 23:15 - 2013-08-05 00:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Steve\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Steve\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Downloads\noname.eml:OECustomProperty
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2969AC26-6F25-4DE0-BC6D-E4D0AE39849B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2D3EBFD9-9CB4-4998-8D13-0CC2A50E2C71}] => (Allow) LPort=2869
FirewallRules: [{8D3D6F12-83FE-469C-A050-2FDA30CD9F06}] => (Allow) LPort=1900
FirewallRules: [{FEDD8DC4-B8DE-4B4D-8828-1C94147E2D90}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{21739C7F-0B14-4345-A27D-9738EFE309BC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{EF94711E-7DEE-41BE-8F12-9EADC0F02E8E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4CADBE0D-1178-40E6-8936-DCEDD465330E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{0E67471C-C198-441B-AE5E-0D63AAFF9F2C}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{BBBC22AD-1400-46E3-A3D0-0C3BD5D6F6DE}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{2B217277-5F13-4B09-AFAF-E1B22F739A60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A5F50814-649A-487F-8B0B-182B6C5B6D8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3F0C0C37-C346-4052-A3B5-7A015860665C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B053BEF-DA01-4C3B-B829-576141490F02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C99AF04-F857-4C62-B6EE-6685610E8B90}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FEF0DC7C-EF29-43D5-99D6-83D34B6B01A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1D8553C0-3E22-435F-9FFB-F49FDF463526}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{39A5B164-ECE2-42D1-8F91-FCBAB63C3339}] => (Allow) C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2E7B0F79-3893-4B5C-9B74-95D537D71266}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{017957FB-30FD-4952-81B0-B695F1FA31DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{37319F67-BDB6-497A-866D-6EC40D4F2664}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{A5F712A9-CE00-4976-8B8C-30D1C4FC033C}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{05C62033-C459-4DE7-B477-9A3DF86242AB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6A7F1F55-BE50-4183-855C-1E80C23DADC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/28/2015 02:11:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 20a0
Start Time: 01d0e17158ccee19
Termination Time: 4294967295
Application Path: C:\Users\Steve\AppData\Local\Temp\~nsu.tmp\Au_.exe
Report Id: bf0d9eb3-4d64-11e5-8289-a01d48fb1e4b
Faulting package full name:
Faulting package-relative application ID:
Error: (08/28/2015 01:41:45 AM) (Source: CoupoonService64) (EventID: 1) (User: )
Description: CoupoonService64In SvcInstall, CreateService failed (1073)
failed with 1073
Error: (08/28/2015 01:39:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 032281~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x76c
Faulting application start time: 0x032281~1.EXE0
Faulting application path: 032281~1.EXE1
Faulting module path: 032281~1.EXE2
Report Id: 032281~1.EXE3
Faulting package full name: 032281~1.EXE4
Faulting package-relative application ID: 032281~1.EXE5
Error: (08/28/2015 12:41:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 032281~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7d8
Faulting application start time: 0x032281~1.EXE0
Faulting application path: 032281~1.EXE1
Faulting module path: 032281~1.EXE2
Report Id: 032281~1.EXE3
Faulting package full name: 032281~1.EXE4
Faulting package-relative application ID: 032281~1.EXE5
Error: (08/28/2015 12:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 032281~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7b4
Faulting application start time: 0x032281~1.EXE0
Faulting application path: 032281~1.EXE1
Faulting module path: 032281~1.EXE2
Report Id: 032281~1.EXE3
Faulting package full name: 032281~1.EXE4
Faulting package-relative application ID: 032281~1.EXE5
Error: (08/28/2015 12:09:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 032281~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x764
Faulting application start time: 0x032281~1.EXE0
Faulting application path: 032281~1.EXE1
Faulting module path: 032281~1.EXE2
Report Id: 032281~1.EXE3
Faulting package full name: 032281~1.EXE4
Faulting package-relative application ID: 032281~1.EXE5
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64203
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64203
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/27/2015 11:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 032281~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x77c
Faulting application start time: 0x032281~1.EXE0
Faulting application path: 032281~1.EXE1
Faulting module path: 032281~1.EXE2
Report Id: 032281~1.EXE3
Faulting package full name: 032281~1.EXE4
Faulting package-relative application ID: 032281~1.EXE5

System errors:
=============
Error: (08/28/2015 02:06:03 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:06:03 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:06:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:06:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:44 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (08/28/2015 02:05:35 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Microsoft Office:
=========================
Error: (08/28/2015 02:11:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Au_.exe0.0.0.020a001d0e17158ccee194294967295C:\Users\Steve\AppData\Local\Temp\~nsu.tmp\Au_.exebf0d9eb3-4d64-11e5-8289-a01d48fb1e4b
Error: (08/28/2015 01:41:45 AM) (Source: CoupoonService64) (EventID: 1) (User: )
Description: CoupoonService64In SvcInstall, CreateService failed (1073)
failed with 1073
Error: (08/28/2015 01:39:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 032281~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000050000000076c01d0e16d0a2167f8C:\Users\Steve\AppData\Local\Temp\032281~1.EXEunknown53177289-4d60-11e5-8289-a01d48fb1e4b
Error: (08/28/2015 12:41:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 032281~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c0000005000000007d801d0e164fbe5e408C:\Users\Steve\AppData\Local\Temp\032281~1.EXEunknown4356f724-4d58-11e5-8288-a01d48fb1e4b
Error: (08/28/2015 12:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 032281~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c0000005000000007b401d0e161ebcdbec1C:\Users\Steve\AppData\Local\Temp\032281~1.EXEunknown37242ae4-4d55-11e5-8287-a01d48fb1e4b
Error: (08/28/2015 12:09:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 032281~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000050000000076401d0e160785dfc6dC:\Users\Steve\AppData\Local\Temp\032281~1.EXEunknownc17e824c-4d53-11e5-8286-a01d48fb1e4b
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64203
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64203
Error: (08/27/2015 11:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/27/2015 11:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 032281~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c00000050000000077c01d0e1597e5609bfC:\Users\Steve\AppData\Local\Temp\032281~1.EXEunknownc92874f3-4d4c-11e5-8285-a01d48fb1e4b

CodeIntegrity:
===================================
Date: 2015-08-27 22:45:57.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:56.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:56.740
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:54.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:54.292
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:54.114
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:53.958
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:53.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:53.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-27 22:45:53.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16316.02 MB
Available physical RAM: 13637.11 MB
Total Virtual: 18748.02 MB
Available Virtual: 15959.59 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:909.06 GB) (Free:762.86 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.68 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by Steve (administrator) on STEVE-LAPTOP (28-08-2015 10:13:32)
Running from C:\Users\Steve\AppData\Local\Microsoft\Windows\INetCache\IE\X8YT4Y5I
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2249104 2013-09-02] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [151608 2013-08-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [704264 2013-09-24] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-07-02] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\...\Run: [GoogleChromeAutoLaunch_3E7806DA78C4352052F851DEE3FA5D4E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-17] (Google Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-02-20]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2255500737-2190663751-1543486721-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {52FC803C-DC99-4DFE-9FC2-CCED3A8DFFA8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {52FC803C-DC99-4DFE-9FC2-CCED3A8DFFA8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2255500737-2190663751-1543486721-1001 -> {52FC803C-DC99-4DFE-9FC2-CCED3A8DFFA8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2255500737-2190663751-1543486721-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6E6FC5F1-10A2-4ABD-88AF-F22142721D7A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF6B23C8-A0FC-4A4B-A45E-893EC175D4E3}: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-08-28]
Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-27]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-27]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-27]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-27]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/d...appcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/d...appcihfajigkka
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0322811393581895mcinstcleanup; C:\Users\Steve\AppData\Local\Temp\032281~1.EXE [834664 2013-07-13] (McAfee, Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-28] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-08-23] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [247560 2014-07-11] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-08-23] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [25864 2013-09-24] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [379144 2013-09-24] (CyberLink Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [937656 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [78008 2015-06-26] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R4 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 10:13 - 2015-08-28 10:13 - 00000000 ____D C:\FRST
2015-08-28 09:48 - 2015-07-30 07:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 09:48 - 2015-07-30 06:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 02:12 - 2015-08-28 02:12 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-28 01:35 - 2015-08-28 01:35 - 00043490 _____ C:\Users\Steve\Desktop\Kaspersky Virus Removal Tool
2015-08-28 01:34 - 2015-08-28 02:12 - 00000008 _____ C:\END
2015-08-28 01:34 - 2015-08-28 02:12 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-08-28 01:34 - 2015-08-28 02:09 - 00000000 ____D C:\Program Files\13
2015-08-28 01:34 - 2015-08-28 01:34 - 00000000 ____D C:\Program Files\015
2015-08-28 01:24 - 2015-08-28 01:24 - 01559704 _____ (Essentware) C:\Users\Steve\Downloads\PCKeeper Installer.exe
2015-08-28 01:18 - 2015-08-28 01:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Steve\Downloads\tdsskiller.exe
2015-08-28 00:55 - 2015-08-28 01:33 - 00000000 ____D C:\Users\Steve\Downloads\Kaspersky Virus Removal Tool
2015-08-28 00:53 - 2015-08-28 00:53 - 00549799 _____ C:\Users\Steve\Downloads\Kaspersky Virus Removal Tool.zip
2015-08-28 00:20 - 2015-08-28 00:20 - 00002394 _____ C:\Users\Steve\Desktop\Safe Money.lnk
2015-08-28 00:18 - 2015-08-28 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-08-28 00:18 - 2015-08-28 00:15 - 00002134 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-08-28 00:12 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-08-28 00:12 - 2015-06-30 01:05 - 00937656 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-28 00:12 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-27 23:58 - 2015-08-28 00:03 - 173954160 _____ (Kaspersky Lab) C:\Users\Steve\Downloads\kts16.0.0.614en_8243.exe
2015-08-27 22:27 - 2015-08-27 22:27 - 00246078 _____ C:\Users\Steve\AppData\Local\census.cache
2015-08-27 22:27 - 2015-08-27 22:27 - 00083578 _____ C:\Users\Steve\AppData\Local\ars.cache
2015-08-27 22:17 - 2015-07-01 15:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-27 22:17 - 2015-07-01 15:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-27 22:17 - 2015-07-01 14:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-27 22:17 - 2015-07-01 14:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-27 22:14 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-27 22:14 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-27 22:14 - 2015-07-09 09:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-27 22:12 - 2015-07-29 07:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-27 22:12 - 2015-07-29 07:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-27 22:12 - 2015-07-29 07:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-27 22:12 - 2015-07-24 11:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-27 22:12 - 2015-07-24 11:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-27 22:12 - 2015-07-24 11:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-27 22:12 - 2015-07-24 10:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-27 22:12 - 2015-07-24 10:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-27 22:12 - 2015-07-10 11:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-27 22:12 - 2015-07-10 10:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-27 22:12 - 2015-07-10 10:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-27 22:12 - 2015-07-10 09:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-27 21:10 - 2015-08-27 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-27 21:02 - 2015-08-27 21:02 - 00000036 _____ C:\Users\Steve\AppData\Local\housecall.guid.cache
2015-08-27 19:52 - 2015-08-27 21:53 - 00000000 ____D C:\Program Files (x86)\FlexiSIGN-PRO 7.5v4
2015-08-25 20:31 - 2015-08-25 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimeTime Draft Football 2015
2015-08-25 20:30 - 2015-08-25 20:31 - 14389704 _____ (PrimeTime Draft, LLC) C:\Users\Steve\Downloads\PrimeTime Draft Football 2015 Setup-15.08.07.1123.exe
2015-08-25 20:13 - 2015-08-25 20:25 - 00004988 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for STEVE-LAPTOP-Steve Steve-Laptop
2015-08-09 12:16 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-09 12:09 - 2015-08-09 12:09 - 00000258 __RSH C:\ProgramData\ntuser.pol
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 10:10 - 2014-02-28 04:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2255500737-2190663751-1543486721-1001
2015-08-28 10:06 - 2014-02-28 04:44 - 00000000 ____D C:\Users\Steve\Documents\Youcam
2015-08-28 10:05 - 2014-02-28 04:45 - 00000000 __RDO C:\Users\Steve\SkyDrive
2015-08-28 10:05 - 2014-02-28 03:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-28 10:05 - 2014-02-27 21:20 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 10:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-28 09:49 - 2014-02-27 21:20 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 09:48 - 2014-03-06 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-28 09:48 - 2014-03-06 09:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-28 09:48 - 2014-03-06 09:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-28 09:48 - 2014-02-28 04:35 - 01752746 _____ C:\Windows\WindowsUpdate.log
2015-08-28 09:48 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-28 09:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 09:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 01:58 - 2014-02-28 04:42 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F60A0381-474B-43D3-A78E-B136FA413167}
2015-08-28 01:43 - 2014-02-20 14:45 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-28 01:40 - 2013-08-22 07:46 - 00051452 _____ C:\Windows\setupact.log
2015-08-28 01:39 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 01:38 - 2013-08-25 23:01 - 00219054 _____ C:\Windows\PFRO.log
2015-08-28 00:41 - 2013-08-22 07:44 - 00496320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-28 00:19 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-08-28 00:18 - 2014-02-28 03:24 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-28 00:15 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-27 23:32 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-27 21:59 - 2014-02-28 04:41 - 00000000 ____D C:\Users\Steve
2015-08-27 21:54 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-27 21:53 - 2015-04-03 20:56 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-27 21:53 - 2015-02-10 00:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-27 21:53 - 2014-07-08 18:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\WinMetadata
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Macromed
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-27 21:53 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-27 21:53 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-27 21:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\registration
2015-08-27 21:44 - 2014-02-27 21:20 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2015-08-27 20:36 - 2015-04-03 20:29 - 00000000 __SHD C:\Users\Steve\AppData\Local\EmieBrowserModeList
2015-08-27 20:36 - 2014-06-02 23:15 - 00000000 __SHD C:\Users\Steve\AppData\Local\EmieUserList
2015-08-27 20:36 - 2014-06-02 23:15 - 00000000 __SHD C:\Users\Steve\AppData\Local\EmieSiteList
2015-08-27 19:59 - 2014-02-28 04:42 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2015-08-25 20:53 - 2014-03-03 05:32 - 00000000 ____D C:\Windows\system32\MRT
2015-08-25 20:31 - 2014-08-23 08:36 - 00000000 ____D C:\ProgramData\PrimeTime Draft
2015-08-25 20:31 - 2014-08-23 08:36 - 00000000 ____D C:\Program Files (x86)\PrimeTime Draft
2015-08-25 20:25 - 2014-02-27 22:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-25 20:23 - 2014-02-28 04:42 - 00000000 ____D C:\Users\Steve\AppData\Local\Packages
2015-08-25 20:18 - 2015-05-17 10:24 - 00000000 ___RD C:\Users\Steve\OneDrive
2015-08-25 20:18 - 2014-02-27 23:26 - 00003104 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2255500737-2190663751-1543486721-1001
2015-08-25 20:15 - 2014-02-27 21:22 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-08 06:55 - 2014-05-04 11:06 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 06:55 - 2014-05-04 11:06 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-08-27 22:27 - 2015-08-27 22:27 - 0083578 _____ () C:\Users\Steve\AppData\Local\ars.cache
2015-08-27 22:27 - 2015-08-27 22:27 - 0246078 _____ () C:\Users\Steve\AppData\Local\census.cache
2015-08-27 21:02 - 2015-08-27 21:02 - 0000036 _____ () C:\Users\Steve\AppData\Local\housecall.guid.cache
Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\0322811393581895mcinst.exe
C:\Users\Steve\AppData\Local\Temp\nsiAC75.tmp.exe
C:\Users\Steve\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Steve\AppData\Local\Temp\SetupO365HomePremRetail.x86.en-US_O365HomePremRetail_8H86N-KQ39D-GG9D3-GX2FW-TQ4R4_act_1_.exe
C:\Users\Steve\AppData\Local\Temp\supoptsetup.exe
C:\Users\Steve\AppData\Local\Temp\UninstallModule.exe

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-25 20:45
==================== End of FRST.txt ============================

rootkits

August 30, 2015, 1:30 am
$
0
0
can someone help my removing a rootkits


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2015 4:14:58 PM
System Uptime: 8/30/2015 7:11:31 AM (4 hours ago)
.
Motherboard: Acer | | JE41_CP
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 76.961 GiB free.
D: is FIXED (NTFS) - 181 GiB total, 1.086 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 1.703 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 8/27/2015 6:59:07 PM - ComboFix created restore point
RP50: 8/27/2015 8:14:06 PM - Before uninstalling Mozilla Firefox 40.0.2 (x86 en-US)
RP51: 8/28/2015 12:30:15 AM - F-Secure malware removal
RP52: 8/28/2015 1:45:50 AM - JRT Pre-Junkware Removal
RP53: 8/28/2015 1:55:44 AM - F-Secure malware removal
RP54: 8/29/2015 3:20:38 PM - Created By FixIEDef
RP55: 8/30/2015 10:44:00 AM - Windows Update
.
==== Installed Programs ======================
.
9-lab Removal Tool
ACDSee 18
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Apple Application Support
AVS Video Editor 7.1
BB FlashBack Pro 5
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
Browser Cleaner
CaptureWizPro 5.40
Chromodo
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security Premium
Corel PaintShop Pro X7
Corel PaintShop Pro X7
Cyberfox Web Browser (x86)
Epic Privacy Browser
Free Alarm Clock 3.1.0
GeekBuddy
Haali Media Splitter
HitmanPro 3.7
ICA
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
IPM_PSP_COM
Java 8 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.8.1057
Maxthon App Store
Maxthon Cloud Browser
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
NoVirusThanks Anti-Rootkit (Free Edition) v1.2
PhoXo
PIXresizer
PSPPContent
PSPPHelp
QuickTime
QupZilla 1.8.6
Realtek High Definition Audio Driver
SanityCheck 3.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2972106)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2979575v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3023221)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3032662)
Security Update for Microsoft .NET Framework 4 Client Profile (KB3037578)
Setup
Spy Emergency
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
UVK - Ultra Virus Killer
WinRAR 5.30 beta 2 (32-bit)
Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.1)
Wondershare Filmora(Build 6.6.0)
Your Uninstaller! 7
Youtube Downloader HD v. 2.9.9.23
.
==== Event Viewer Messages From Past Week ========
.
8/30/2015 7:14:52 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/30/2015 7:12:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epp32
8/29/2015 2:41:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/29/2015 2:41:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/29/2015 2:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/29/2015 2:41:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/29/2015 2:41:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/29/2015 2:41:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/29/2015 2:41:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CFRMD cmdGuard cmdHlp CSC DfsC discache epp32 inspect NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 2:41:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2015 10:14:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Upgrade to Windows 10 Pro.
8/28/2015 4:39:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80040154: Upgrade to Windows 10 Pro.
8/28/2015 1:52:54 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv.dll
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Spy Emergency Health Check service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Spy Emergency Engine Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2015 1:52:41 AM, Error: Service Control Manager [7031] - The GeekBuddyRSP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:47:21 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:47:21 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2015 1:47:09 AM, Error: Service Control Manager [7034] - The Corel License Validation Service V2, Powered by arvato service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:47:09 AM, Error: Service Control Manager [7031] - The Spy Emergency Health Check service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:47:09 AM, Error: Service Control Manager [7031] - The Spy Emergency Engine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The Maxthon Core Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:48 AM, Error: Service Control Manager [7034] - The Maxthon AppStore Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:47 AM, Error: Service Control Manager [7034] - The Maxthon App Store Service 1.0.0.10539 service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:47 AM, Error: Service Control Manager [7034] - The COMODO Chromodo Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:46 AM, Error: Service Control Manager [7034] - The HitmanPro Scheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2015 1:46:46 AM, Error: Service Control Manager [7034] - The COMODO LPS Launcher service terminated unexpectedly. It has done this 1 time(s).
8/27/2015 8:59:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.
8/27/2015 7:10:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/27/2015 2:02:24 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
8/27/2015 10:41:12 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/26/2015 2:17:39 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 2C-8A-72-41-B9-4C. Network operations on this system may be disrupted as a result.
8/25/2015 8:36:15 AM, Error: Service Control Manager [7000] - The Amiti Antivirus Health Check service failed to start due to the following error: The system cannot find the file specified.
8/24/2015 4:01:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amiti Antivirus Engine Service service to connect.
8/24/2015 4:01:44 PM, Error: Service Control Manager [7000] - The Amiti Antivirus Engine Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2015 6:21:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
8/23/2015 2:16:14 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================
Search

Error Message DDS is not meant to be run in 'Compatability Mode.'

August 30, 2015, 10:15 am
$
0
0
I downloaded DDS to my desktop and double clicked on it. I said yes to the permissions screen, and got the following message:

DDS is not meant to be run in Compatibility Mode.' The program shall now exit.

Appreciate any help on this.

Slow laptop, possible malware

August 31, 2015, 4:24 am
$
0
0
Have been experiencing slow running and unresponsiveness in the laptop for some time. Running at 90% memory capacity when web browsing, and at 45-55% when idle. Had several BSOD, and was advised to check for malware.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16685
Run by ADB49 at 12:09:01 on 2015-08-31
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Users\ADB49\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Dropbox Update] "c:\users\adb49\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [SpybotPostWindows10UpgradeReInstall] "c:\program files\common files\av\spybot - search and destroy\Test.exe"
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SiSTray] c:\program files\sis vga utilities\SiSTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchPadHotKey] c:\program files\fsc\touchpad hotkey utility\TouchPad_HotKey.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: EnableSecureUIAPath = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2B2610FD-EABF-4654-850F-5A4B9945AE07} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_188.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R? CH341SER;CH341SER
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? eapihdrv;eapihdrv
R? MBAMService;MBAMService
R? MBAMWebAccessControl;MBAMWebAccessControl
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsle3030d05;MpKsle3030d05
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? PSI;PSI
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SiS6350;SiS6350
S? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver
S? ZAPrivacyService;ZoneAlarm Privacy Service
.
=============== Created Last 30 ================
.
2015-08-30 16:00:16 39168 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3588452f-c4a1-4bb9-a2b0-e83fc26a9633}\MpKsle3030d05.sys
2015-08-30 15:24:56 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1deb663-44b7-403b-a021-5e674a917742}\gapaengine.dll
2015-08-30 15:23:38 9234960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3588452f-c4a1-4bb9-a2b0-e83fc26a9633}\mpengine.dll
2015-08-30 15:18:49 -------- d-----w- c:\program files\Microsoft Security Client
2015-08-29 10:27:28 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40bb5cbb-2086-4592-92e6-681d33c94b06}\offreg.964.dll
2015-08-29 10:06:29 9234960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40bb5cbb-2086-4592-92e6-681d33c94b06}\mpengine.dll
2015-08-19 19:49:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 19:49:45 758000 ----a-w- c:\program files\internet explorer\iexplore.exe
2015-08-19 19:49:45 151184 ----a-w- c:\program files\internet explorer\sqmapi.dll
2015-08-16 15:46:37 -------- d-----w- c:\programdata\Fujitsu
2015-08-12 18:52:38 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 18:52:38 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 18:52:37 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 18:52:37 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 18:52:37 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 18:52:36 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 18:52:35 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-12 18:52:32 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 18:45:17 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:44:24 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-12 18:40:41 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 17:59:27 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 17:56:21 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 17:56:21 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 17:53:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-12 17:53:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-12 17:53:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-12 17:53:52 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-12 17:53:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-12 17:53:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 17:53:51 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-12 17:53:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-12 17:53:50 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-12 17:53:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-12 17:53:49 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 17:53:49 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 17:52:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-08-12 17:49:54 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 17:49:05 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 17:49:05 151040 ----a-w- c:\windows\notepad.exe
2015-08-04 23:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 23:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-08-02 20:28:01 -------- d-----w- c:\users\adb49\appdata\local\DriverToolkit
2015-08-02 20:27:36 -------- d-----w- c:\program files\DriverToolkit
2015-08-02 12:06:50 -------- d-----w- c:\program files\NirSoft
.
==================== Find3M ====================
.
2015-08-12 18:25:41 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 18:25:40 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 10:15:32 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-22 20:54:48 367616 ----a-w- c:\windows\system32\html.iec
2015-07-22 20:51:20 1810432 ----a-w- c:\windows\system32\jscript9.dll
2015-07-22 20:46:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-07-22 20:45:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-22 20:44:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-22 20:43:19 11776 ----a-w- c:\windows\system32\mshta.exe
2015-07-05 10:11:18 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-18 07:41:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41:42 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 00:01:52 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-16 16:19:02 18688 ----a-w- c:\windows\system32\sdnclean.exe
2015-06-12 16:01:52 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13:52 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
============= FINISH: 12:15:50.90 ===============

Attached Files
File Type: txt attach.txt (6.2 KB)

Base Filtering Engine won't start

August 31, 2015, 10:12 am
$
0
0
When I try to start Base Filtering Engine in Services it says:

'Windows could not start the Base Filtering Engine service on Local Computer - Error 5: Access is denied'

I do not have access to a Windows Install disc or Boot CD

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16684 BrowserJavaVersion: 11.31.2
Run by User at 18:02:39 on 2015-08-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.970 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\Install\{CC7A4147-B277-48F9-B90B-6A84AADA9CCB}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Windows\TEMP\CR_376D0.tmp\setup.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1
dRun: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9FBE1644-D6A2-4D7F-8F37-1FF16088AAC4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D0F0DAD0-C795-47B6-8324-59C767D47CD1} : DHCPNameServer = 172.20.10.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rqaa93y2.default-1388514397121\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-8-31 274808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-8-31 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-8-31 447944]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-8-31 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-8-31 90968]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-31 146600]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-30 27648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-29 1153368]
R3 aswStmXP;Avast StreamFilter Driver;C:\Windows\System32\drivers\aswStmXP.sys [2015-8-31 210936]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2009-6-23 158744]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2009-6-23 706584]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2009-6-23 680984]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-8-31 65224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\Windows\System32\drivers\c6501.sys [2009-8-27 1095168]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2009-6-23 158744]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-8-28 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2009-6-23 706584]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2009-6-23 141848]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2009-6-23 141848]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2009-6-23 680984]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-8-30 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
SUnknown snoanxmw;snoanxmw; [x]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-08-31 16:07:38 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-08-31 16:05:32 65224 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2015-08-31 16:05:32 210936 ----a-w- C:\Windows\System32\drivers\aswStmXP.sys
2015-08-31 16:05:30 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-08-31 16:05:29 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-08-31 16:05:29 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-08-31 16:05:29 447944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2015-08-31 16:05:29 378880 ----a-w- C:\Windows\System32\aswBoot.exe
2015-08-31 16:05:29 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-08-31 16:05:28 64712 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2015-08-31 16:03:47 43112 ----a-w- C:\Windows\avastSS.scr
2015-08-04 23:03:08 877152 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-08-04 23:03:08 538208 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2015-08-04 22:53:26 872528 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2015-08-04 22:53:26 681552 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2015-07-31 22:31:08 48128 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-31 22:08:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-31 21:46:51 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2015-07-31 21:46:51 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2015-07-31 21:46:51 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2015-07-31 21:46:51 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2015-07-31 21:44:47 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2015-07-31 21:44:46 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2015-07-31 21:44:46 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2015-07-31 21:44:46 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2015-07-31 21:26:53 2796032 ----a-w- C:\Windows\System32\win32k.sys
2015-07-31 21:25:35 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-31 21:10:54 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-31 21:09:43 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2015-07-31 21:00:29 834048 ----a-w- C:\Windows\System32\d2d1.dll
2015-07-31 20:59:16 1561088 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-31 20:59:07 1154560 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-31 20:41:22 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-31 20:40:42 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2015-07-31 20:35:10 682496 ----a-w- C:\Windows\SysWow64\d2d1.dll
2015-07-31 20:33:57 1072640 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-31 20:33:04 297472 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-31 20:03:52 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 19:27:52 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 09:59:08 132483416 ----a-w- C:\Windows\System32\mrt.exe
2015-07-22 22:08:45 17889792 ----a-w- C:\Windows\System32\mshtml.dll
2015-07-22 21:59:09 448512 ----a-w- C:\Windows\System32\html.iec
2015-07-22 21:56:02 2344448 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-22 21:55:11 10936832 ----a-w- C:\Windows\System32\ieframe.dll
2015-07-22 21:50:54 1387520 ----a-w- C:\Windows\System32\urlmon.dll
2015-07-22 21:50:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2015-07-22 21:49:21 2158080 ----a-w- C:\Windows\System32\iertutil.dll
2015-07-22 21:49:10 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-22 21:48:52 237056 ----a-w- C:\Windows\System32\url.dll
2015-07-22 21:48:43 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2015-07-22 21:48:23 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-22 21:48:18 599040 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-22 21:48:17 816640 ----a-w- C:\Windows\System32\jscript.dll
2015-07-22 21:48:07 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2015-07-22 21:47:40 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-07-22 21:47:36 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2015-07-22 21:47:32 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2015-07-22 21:47:26 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-07-22 21:47:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2015-07-22 21:47:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-22 21:47:03 12800 ----a-w- C:\Windows\System32\mshta.exe
2015-07-22 21:46:51 248320 ----a-w- C:\Windows\System32\ieui.dll
2015-07-22 20:54:48 367616 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-22 20:54:00 12386816 ----a-w- C:\Windows\SysWow64\mshtml.dll
2015-07-22 20:51:20 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-22 20:47:59 9751040 ----a-w- C:\Windows\SysWow64\ieframe.dll
2015-07-22 20:46:44 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2015-07-22 20:46:19 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-22 20:45:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-22 20:45:16 231936 ----a-w- C:\Windows\SysWow64\url.dll
2015-07-22 20:45:05 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2015-07-22 20:44:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-22 20:44:22 718336 ----a-w- C:\Windows\SysWow64\jscript.dll
2015-07-22 20:44:18 1804288 ----a-w- C:\Windows\SysWow64\iertutil.dll
2015-07-22 20:44:16 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2015-07-22 20:43:58 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2015-07-22 20:43:58 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2015-07-22 20:43:47 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2015-07-22 20:43:37 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2015-07-22 20:43:30 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2015-07-22 20:43:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-22 20:43:19 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-07-22 20:42:40 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2015-07-21 20:59:25 1586304 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-21 20:59:25 1168600 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-21 15:50:53 68544 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-21 15:50:53 4690880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-21 15:50:52 154048 ----a-w- C:\Windows\System32\drivers\ecache.sys
2015-07-21 15:41:14 11264 ----a-w- C:\Windows\System32\msmmsp.dll
2015-07-21 15:40:45 399360 ----a-w- C:\Windows\System32\emdmgmt.dll
2015-07-21 15:40:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2015-07-18 15:41:47 80384 ----a-w- C:\Windows\System32\basesrv.dll
2015-07-11 17:13:15 12901888 ----a-w- C:\Windows\System32\shell32.dll
2015-07-11 15:56:09 11587584 ----a-w- C:\Windows\SysWow64\shell32.dll
2015-07-10 19:37:10 1402368 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-07-10 19:37:10 1253376 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-07-10 19:37:09 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-10 19:35:34 1875968 ----a-w- C:\Windows\System32\msxml3.dll
2015-07-10 19:35:34 1796096 ----a-w- C:\Windows\System32\msxml6.dll
.
============= FINISH: 18:03:53.45 ===============

Attached Files
File Type: txt attach.txt (4.5 KB)

Possible Virus

September 2, 2015, 4:34 am
$
0
0
Hi, Think I have a virus on my computer when the computer sits idle I am unable to wake it without a manual shut down and then on startup I get a list of chrome extensions that have crashed. Would appreciate any help you can provide Thanks

Also I do not believe I have a windows install disc or reboot disc







DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16685 BrowserJavaVersion: 10.67.2
Run by Jenks at 7:08:15 on 2015-09-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1552 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Program Files\Norton Security Suite\Engine\22.5.2.15\N360.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=1590&gct=hp
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\22.5.2.15\CoIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_2279C6B37BEDCA0A05ED35B19AC84A13] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLKAStatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\DLKAMUI.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.11.149\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{BD1A4011-0564-4F16-B577-5ACFD0F386A8} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.157\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.1 mssplus.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jenks\appdata\roaming\mozilla\firefox\profiles\7ta98ef3.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jenks\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\jenks\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_296.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\n360\1605020.00f\SymEFASI.sys [2015-8-10 1286896]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\22.5.2.15\definitions\bashdefs\20150821.001\BHDrvx86.sys [2015-8-25 1181936]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1605020.00f\ccSetx86.sys [2015-8-10 137456]
R1 IDSVix86;IDSVix86;c:\program files\norton security suite\nortondata\22.5.2.15\definitions\ipsdefs\20150901.003\IDSvix86.sys [2015-9-2 580856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1605020.00f\Ironx86.sys [2015-8-10 234744]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1605020.00f\symtdiv.sys [2015-8-10 358104]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 142648]
R2 dlSvc;Dell Photo Device Service;c:\program files\dell\dell photo p703w aio printer\printer\center\dlSvc.exe [2008-11-17 28672]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 N360;Norton 360;c:\program files\norton security suite\engine\22.5.2.15\N360.exe [2015-8-10 282016]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\reimage\reimage protector\ReiGuard.exe [2015-8-19 6324208]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2015-8-12 122192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.11.149\McCHSvc.exe [2015-6-26 235696]
S3 Origin Client Service;Origin Client Service;c:\program files\origin\OriginClientService.exe [2015-3-25 1931632]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2011-6-8 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2011-6-8 19008]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-12 772296]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-09-01 12:45:19 -------- d-----w- C:\SUPERDelete
2015-09-01 11:55:31 -------- d-----w- c:\programdata\Reimage Protector
2015-09-01 11:55:24 -------- d-----w- c:\program files\Reimage
2015-09-01 11:55:13 -------- d-----w- C:\rei
2015-08-20 11:01:12 758000 ----a-w- c:\program files\internet explorer\iexplore.exe
2015-08-20 11:01:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 11:01:12 151184 ----a-w- c:\program files\internet explorer\sqmapi.dll
2015-08-14 04:23:08 -------- d-----w- c:\programdata\Emsisoft
2015-08-14 04:04:03 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2015-08-13 09:30:19 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-13 09:30:19 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-13 09:30:19 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-13 09:30:19 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-13 09:30:18 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-13 09:30:18 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-13 09:30:18 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-13 09:30:17 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-13 09:27:57 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:27:22 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-13 08:55:25 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 08:54:42 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-13 08:54:42 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-13 08:53:41 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-13 08:53:41 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-13 08:53:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-13 08:53:41 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-13 08:53:41 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-13 08:53:41 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-13 08:53:41 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-13 08:53:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-13 08:53:41 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-13 08:53:40 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 08:53:40 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-13 08:53:40 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 08:52:26 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-13 08:52:01 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-13 08:52:01 151040 ----a-w- c:\windows\notepad.exe
2015-08-13 08:51:24 2691072 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 14:22:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2015-08-12 14:22:59 474624 ----a-w- c:\program files\internet explorer\ieinstal.exe
2015-08-12 14:22:59 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2015-08-12 14:22:59 1810432 ----a-w- c:\windows\system32\jscript9.dll
2015-08-12 14:22:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-08-12 14:22:58 367616 ----a-w- c:\windows\system32\html.iec
2015-08-12 14:22:57 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2015-08-10 17:27:27 711408 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\srtsp.sys
2015-08-10 17:27:27 44792 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\srtspx.sys
2015-08-10 17:27:27 429816 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\symnets.sys
2015-08-10 17:27:27 358104 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\symtdiv.sys
2015-08-10 17:27:27 234744 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\Ironx86.sys
2015-08-10 17:27:27 22144 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymELAM.sys
2015-08-10 17:27:27 137456 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\ccSetx86.sys
2015-08-10 17:27:27 1286896 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymEFASI.sys
2015-08-10 17:27:16 178057 ----a-r- c:\windows\system32\drivers\n360\1605020.00f\SymVTcer.dat
2015-08-10 17:27:16 -------- d-----w- c:\windows\system32\drivers\n360\1605020.00F
2015-08-05 04:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 04:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
==================== Find3M ====================
.
2015-08-12 18:14:06 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 18:14:05 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-10 17:28:06 103152 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2015-07-22 20:45:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-22 20:44:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-22 20:43:19 11776 ----a-w- c:\windows\system32\mshta.exe
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 05:01:52 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-12 16:01:52 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13:52 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
============= FINISH: 7:09:18.23 ===============

Attached Files
File Type: txt attach.txt (9.8 KB)

PopUps and stuff on laptop

September 6, 2015, 6:57 pm
$
0
0
Having issues with pop ups happening in Chrome when my children are playing roblox or minedraft. I know they downloaded something yesterday by mistake.
Microsoft Essentials will not complete its virus scan, it reads preliminary scans malicious and unwanted software might exist on your system. you can review detected items when scan is complete, But it never makes it to complete full scan it turns off the program all together.
I dont know if I have a boot disk I will have to look and see but I dont think so.
Please help Thank you


Here is the log from my laptop.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.45.2
Run by NorrisFamily at 19:42:06 on 2015-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.4960 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:49170;https=127.0.0.1:49170
uProxyOverride = <-loopback>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\NORRIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\34F6D666F6274794E6E6 : DHCPNameServer = 10.10.10.1
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\355707562783 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\358616777457563747 : DHCPNameServer = 10.63.0.194 10.63.0.195
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\4554C4553503933373 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\D6562716B696D2373616E6E696E676 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{2AB1E659-4DE2-4526-8E5D-B705A22245F5}\E4F627279637 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E0E5BC2B-18BD-43F6-9E27-CF9F3FA8F809} : DHCPNameServer = 172.168.21.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - <orphaned>
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\lmlruds1.default-1417060002134\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\NorrisFamily\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\NorrisFamily\AppData\Local\Roblox\Versions\version-59f5d380c5e14856\NPRobloxProxy.dll
FF - plugin: C:\Users\NorrisFamily\AppData\Local\Roblox\Versions\version-59f5d380c5e14856\NPRobloxProxy64.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-27 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-15 169624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-7-29 772064]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-20 2765496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-6-7 1641768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-25 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-7-25 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-25 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124568]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-25 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-10-11 3671792]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2011-12-7 108288]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-25 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-7-26 25528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-25 565352]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-10-11 284912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-2 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-7-25 259688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-27 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-09-07 01:36:09 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0C39076-5CF0-4667-A610-68CF7E7DA1C8}\offreg.2296.dll
2015-09-07 01:35:21 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8EFF70-276B-3808-70C9-BDFA87C931B3}\GapaEngine.dll
2015-09-06 22:38:07 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0C39076-5CF0-4667-A610-68CF7E7DA1C8}\mpengine.dll
2015-09-04 17:12:46 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-04 00:31:14 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DE58FA1-AA5B-4B0E-A44B-13103B861852}\gapaengine.dll
2015-09-01 00:09:59 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-09-01 00:09:59 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-09-01 00:09:59 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-09-01 00:09:59 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-09-01 00:09:59 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-09-01 00:07:01 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-01 00:07:00 -------- d-----w- C:\Program Files\iTunes
2015-09-01 00:07:00 -------- d-----w- C:\Program Files\iPod
2015-08-19 09:27:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 09:27:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-13 16:55:31 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 16:55:31 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:40:56 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-08-11 23:39:03 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-08-11 23:38:59 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-08-11 23:34:16 9284296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2015-08-11 23:34:26 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-11 23:34:26 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-06 17:43:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-08-06 17:43:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:12:29 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-16 19:11:27 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-07-16 19:11:26 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-16 19:11:26 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
.
============= FINISH: 19:42:56.48 ===============

Attached Files
File Type: txt attach.txt (15.0 KB)

Help please

September 6, 2015, 7:23 pm
$
0
0
My pc is in popup hell! It lags and pops up in firefox and chrome sometimes 6 pop ups at a time. sometimes about pc virus and sometimes other stuff.
My virus scan shows nothing when scanned

Help please

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.40.2
Run by NorrisFamily at 20:04:34 on 2015-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.3694 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\daugava\Upbgbeie.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\daugava\csrcc.exe
C:\Program Files\daugava\Weekfqwb.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\daugava\Ejemidvlf.exe
C:\Program Files\daugava\Ejemidvlf64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\PROGRA~2\MICROS~3\Office14\WINWORD.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\splwow64.exe
c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [Facebook Update] "C:\Users\NorrisFamily\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\03431393 : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\4554C4553503933373 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\E4F627279637 : DHCPNameServer = 192.168.1.254 75.153.176.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
x64-BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [daugava] C:\Program Files\daugava\Ejemidvlf.exe
x64-Run: [daugava64] C:\Program Files\daugava\Ejemidvlf64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=79890939703080431061329885315450452091&crg=3.5000006.10058&ppd=&did=10729&st=23&q=
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-10-11 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-11 55856]
R1 cherimoya;cherimoya;C:\Windows\System32\drivers\cherimoya.sys [2015-7-26 61336]
R2 65f825de-0adc-4791-a1e5-209aa6f7ea76;65f825de-0adc-4791-a1e5-209aa6f7ea76;C:\Program Files\daugava\Upbgbeie.exe [2015-7-26 284320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-11 98208]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 csrcc;csrcc;C:\Program Files\daugava\csrcc.exe [2015-7-26 1447584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 daugava Updater;daugava Updater;C:\Program Files\daugava\Weekfqwb.exe [2015-7-26 173216]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-10-11 98304]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 124568]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-10-11 176128]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2012-1-6 689464]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-11 1692480]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-6-11 20648]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2656280]
R2 Updater By Sweetpacks;Updater By Sweetpacks;C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [2013-10-15 188760]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2011-10-11 1800064]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-11 176096]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-1-30 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-11 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 255040]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-11 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 2057736]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-6-20 31152]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2011-10-11 311400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-09-06 15:05:00 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCF028D-5BF2-4FBD-A1ED-74D1AD91E0C1}\offreg.868.dll
2015-09-06 15:03:25 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCF028D-5BF2-4FBD-A1ED-74D1AD91E0C1}\mpengine.dll
2015-09-06 05:14:22 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-05 20:16:07 -------- d-----w- C:\Program Files (x86)\Minecraft
2015-09-03 23:29:15 -------- d-----w- C:\ProgramData\Package Cache
2015-09-03 21:31:12 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{741DB20D-061E-4898-98B9-9ABDC2A953F2}\gapaengine.dll
2015-09-01 20:59:13 -------- d-----w- C:\Program Files\iPod
2015-09-01 20:59:12 -------- d-----w- C:\Program Files\iTunes
2015-09-01 20:59:12 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-01 15:48:47 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F71C1DD-E43D-459F-8514-1188BEFCB989}\gapaengine.dll
2015-08-29 17:38:30 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2FC283-6F49-4D5B-8CAF-BC52FA035418}\gapaengine.dll
2015-08-29 17:28:47 -------- d-----w- C:\Program Files (x86)\Dell Update
2015-08-19 09:00:54 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-19 09:00:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-12 09:24:04 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:24:04 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:26:45 9284296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-08-11 20:22:07 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-08-11 20:19:47 260096 ----a-w- C:\Windows\System32\WebClnt.dll
.
==================== Find3M ====================
.
2015-08-11 20:27:09 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-11 20:27:08 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
.
============= FINISH: 20:05:08.40 ===============

Attached Files
File Type: txt attach.txt (13.7 KB)

Webpage Not Responding

August 16, 2015, 11:10 am
$
0
0
We are consistently encountering either "stop script" for long running scripts on webpages or "not responding" for webpages. The webpage will freeze up and consistently display either of these and then require a close program and then refresh the page. It will work for a little while and then do it again. Often times it will just keep doing it and then finally work again. Additionally, I've noticed the mouse freezing up/hesitating or acting lethargic.

Here is the DDS file result:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.45.2
Run by John at 12:54:45 on 2015-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5619.3669 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\hp\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\hp\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
mStart Page = about:blank
uProxyOverride = <-loopback>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\hp\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28D170VJ05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E0CFC77-09F4-430D-A558-710C1914C493} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = about:blank
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-4-3 875928]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 344704]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-10 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-19 204288]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-8-5 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-6-22 782608]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-7-23 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-6-22 368048]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-8-6 76064]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-4-1 373704]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-22 254792]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-19 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 77536]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-17 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 412440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 347800]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-6-22 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 496888]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-6-28 529080]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-8-5 37960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-19 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-19 47232]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-17 1133880]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-6-24 207208]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-17 63704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-6-2 225216]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-6-28 109728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-6-2 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-13 08:24:12 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:24:12 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:24:30 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-08-12 14:18:36 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-08-12 14:17:48 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-06 16:30:49 76064 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2015-07-22 23:37:12 2689680 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL
2015-07-18 02:32:28 -------- d-----w- C:\Program Files\iPod
2015-07-18 02:32:28 -------- d-----w- C:\Program Files (x86)\iTunes
2015-07-18 02:32:27 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2015-08-11 19:24:45 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-11 19:24:45 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-09 14:34:18 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-15 16:46:17 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-15 16:46:13 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-07-15 16:37:02 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-07-15 16:37:00 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-07-15 16:34:10 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-07-15 16:34:10 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
.
============= FINISH: 12:57:27.04 ===============

Attached Files
File Type: txt attach.txt (16.7 KB)
Search

Help please! Computer is a mess

September 8, 2015, 6:16 pm
$
0
0
Hi,

My family's computer is a mess. Nothing on Chrome and IE will load, Firefox loads one page then there is a ton of pop ups and won't load anymore. It's sluggish. I've uninstalled programs that were obvious malware like Fast Clean Pro and ran the antivirus they had installed, as well as spybot search and destroy but it didn't make a difference. The Security Center won't turn on, and a lot of security updates failed to install. Please help! Thank you!


-----------------------------


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 10.67.2
Run by Home at 20:56:59 on 2015-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3029 [GMT -4:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;
mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [BeginInteractiveOSUpgrade] C:\windows\System32\wuauclt.exe /BeginInteractiveOSUpgrade
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_112] <no file>
dRunOnce: [panda4_2dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_2dn" /f
dRunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
dRunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{05DDD59F-AFE1-4586-8FE2-20968752EA9F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20BD1366-DEB5-4A27-B5AA-29BA5B0684E0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{60688BEE-3ED1-4DCC-88E5-05A8ABB6F224} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8403AF2E-3BD8-49AB-9BAD-500FE5364A42} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269}\25B445A5B4 : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q&cr=504169009&ir=
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qfe06vtf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.nspdlsd.aflt - spd_cmi_14_25_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_c
FF - user.js: extensions.nspdlsd.cr - 504169009
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q
.
.
.
.
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=&q=
FF - user.js: extensions.srchvstrn.id - 4437E609B264E6EC
FF - user.js: extensions.srchvstrn.instlDay - 16426
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 12:25:49
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_secureddownload_14_52_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_c
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1408702106
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-21 49952]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\windows\System32\drivers\NNSNAHSL.sys [2014-12-31 48400]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-2-26 142584]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-2-26 38136]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-15 215040]
S1 NNSALPC;NNSALPC;C:\windows\System32\drivers\NNSAlpc.sys [2015-2-9 93968]
S1 NNSHTTP;NNSHTTP;C:\windows\System32\drivers\NNSHttp.sys [2015-2-9 202000]
S1 NNSHTTPS;NNSHTTPS;C:\windows\System32\drivers\NNSHttps.sys [2015-2-9 110864]
S1 NNSIDS;NNSIDS;C:\windows\System32\drivers\NNSIds.sys [2015-2-9 116496]
S1 NNSPICC;NNSPICC;C:\windows\System32\drivers\NNSpicc.sys [2015-2-9 99600]
S1 NNSPIHSW;NNSPIHSW;C:\windows\System32\drivers\NNSPihsw.sys [2015-2-9 69904]
S1 NNSPOP3;NNSPOP3;C:\windows\System32\drivers\NNSPop3.sys [2015-2-9 124176]
S1 NNSPROT;NNSPROT;C:\windows\System32\drivers\NNSProt.sys [2015-2-9 299792]
S1 NNSPRV;NNSPRV;C:\windows\System32\drivers\NNSPrv.sys [2015-2-9 166160]
S1 NNSSMTP;NNSSMTP;C:\windows\System32\drivers\NNSSmtp.sys [2015-2-9 113424]
S1 NNSSTRM;NNSSTRM;C:\windows\System32\drivers\NNSStrm.sys [2015-2-9 257296]
S1 NNSTLSC;NNSTLSC;C:\windows\System32\drivers\NNStlsc.sys [2015-2-9 106256]
S1 PSINKNC;PSINKNC;C:\windows\System32\drivers\PSINKNC.sys [2015-2-25 197392]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-9 66808]
S2 PSINAflt;PSINAflt;C:\windows\System32\drivers\PSINAflt.sys [2015-2-25 163088]
S2 PSINFile;PSINFile;C:\windows\System32\drivers\PSINFile.sys [2015-2-25 121616]
S2 PSINProc;PSINProc;C:\windows\System32\drivers\PSINProc.sys [2015-2-25 124176]
S2 PSINProt;PSINProt;C:\windows\System32\drivers\PSINProt.sys [2015-2-25 133904]
S2 PSINReg;PSINReg;C:\windows\System32\drivers\PSINReg.sys [2015-2-25 107792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-21 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-21 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-21 171928]
S2 ServiceUpdater;Network Support Service Updater;C:\windows\SysWOW64\netupdsrv.exe --> C:\windows\SysWOW64\netupdsrv.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 SurfShieldUpdateService;Update Service for SurfShield;"C:\Program Files (x86)\SurfShieldMain\UpdateService.exe" --> C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\windows\System32\drivers\athrxusb.sys [2008-7-28 1075712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-11-28 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-8 114688]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 panda_url_filteringd;panda_url_filteringd driver;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2015-6-6 61712]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\windows\System32\ZDCNDIS6a64.sys [2011-10-20 41280]
S4 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?]
.
=============== Created Last 30 ================
.
2015-09-08 11:42:01 -------- d--h--w- C:\$Windows.~BT
2015-09-08 06:43:30 774656 ----a-w- C:\windows\System32\invagent.dll
2015-09-08 06:43:30 743424 ----a-w- C:\windows\System32\generaltel.dll
2015-09-08 06:43:30 69120 ----a-w- C:\windows\System32\acmigration.dll
2015-09-08 06:43:30 437760 ----a-w- C:\windows\System32\devinv.dll
2015-09-08 06:43:30 1148416 ----a-w- C:\windows\System32\aeinv.dll
2015-09-08 06:43:30 1116672 ----a-w- C:\windows\System32\appraiser.dll
2015-09-08 06:43:29 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-09-08 06:43:29 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-09-08 06:41:59 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-09-08 06:32:54 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C665416-5FAB-42FE-BA2F-A8A0DC018335}\mpengine.dll
2015-09-07 22:56:09 -------- d-----w- C:\Program Files\Common Files\AV
.
==================== Find3M ====================
.
2015-08-26 07:22:17 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-08-26 07:22:16 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-07-15 03:19:57 2004992 ----a-w- C:\windows\System32\msxml6.dll
2015-07-15 03:19:57 1887232 ----a-w- C:\windows\System32\msxml3.dll
2015-07-15 03:14:09 2048 ----a-w- C:\windows\System32\msxml6r.dll
2015-07-15 03:13:59 2048 ----a-w- C:\windows\System32\msxml3r.dll
2015-07-15 02:55:45 1390592 ----a-w- C:\windows\SysWow64\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- C:\windows\SysWow64\msxml3.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2015-07-10 17:51:27 44032 ----a-w- C:\windows\System32\tsgqec.dll
2015-07-10 17:51:19 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-07-10 17:51:10 158720 ----a-w- C:\windows\System32\aaclient.dll
2015-07-10 17:34:09 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-07-09 17:57:57 193536 ----a-w- C:\windows\System32\notepad.exe
2015-07-09 17:57:57 193536 ----a-w- C:\windows\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- C:\windows\SysWow64\notepad.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\windows\SysWow64\ole32.dll
2015-07-01 20:56:03 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:56 260096 ----a-w- C:\windows\System32\WebClnt.dll
2015-07-01 20:49:53 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-07-01 20:48:36 102912 ----a-w- C:\windows\System32\davclnt.dll
2015-07-01 20:48:34 44032 ----a-w- C:\windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-07-01 20:30:43 206848 ----a-w- C:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30:43 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
.
============= FINISH: 21:00:35.87 ===============

Attached Files
File Type: txt attach.txt (22.1 KB)

ARP attack on Linux

September 9, 2015, 12:35 am
$
0
0
Hi. I am running a Linux Mint System. My internet connection is cable DSL. I have this strange ARP output in Wireshark . Is this an ARP attack ?

Code:
"1","0.000000000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x858d3b60"
"2","3.060005000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x858d3b60"
"3","6.120037000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x858d3b60"
"4","16.479870000","Zhongxin_fd:04:38","Spanning-tree-(for-bridges)_09","LLC","242","[Malformed Packet]"
"5","29.190352000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xc0a0c949"
"6","32.250335000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xc0a0c949"
"7","35.310368000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xc0a0c949"
"8","42.406078000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"9","42.406114000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"10","42.406149000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"11","42.406177000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"12","42.406227000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"13","42.406263000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"14","42.406298000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"15","42.406325000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"16","42.406374000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"17","42.406410000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"18","42.406443000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"19","42.406469000","Zte_5f:f8:67","TainetCo_12:fe:09","ARP","64","Who has 10.117.3.82?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"20","43.163592000","Hangzhou_07:f2:e0","Spanning-tree-(for-bridges)_0a","0x88a7","160","Ethernet II"
"21","46.480676000","Zhongxin_fd:04:38","Spanning-tree-(for-bridges)_09","LLC","242","[Malformed Packet]"
"22","58.380671000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x42244f7c"
"23","61.440654000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x42244f7c"
"24","64.500698000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x42244f7c"
"25","69.106271000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"26","69.106347000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"27","69.106382000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"28","69.106409000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"29","69.106492000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"30","69.106528000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"31","69.106562000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"32","69.106586000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"33","69.106639000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"34","69.106674000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"35","69.106709000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"36","69.106734000","Zte_5f:f8:67","Tp-LinkT_4d:76:bd","ARP","64","Who has 1.0.118.188?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"37","76.481479000","Zhongxin_fd:04:38","Spanning-tree-(for-bridges)_09","LLC","242","[Malformed Packet]"
"38","87.571276000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xcb9a4e6d"
"39","90.630988000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xcb9a4e6d"
"40","91.006410000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"41","91.006448000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"42","91.006481000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"43","91.006522000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"44","91.006560000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"45","91.006606000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"46","91.006639000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"47","91.006664000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"48","91.006713000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"49","91.006747000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"50","91.006782000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"51","91.006807000","Zte_5f:f8:67","Zte_25:36:63","ARP","64","Who has 10.117.3.85?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"52","93.691047000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xcb9a4e6d"
"53","103.714022000","Hangzhou_07:f2:e0","Spanning-tree-(for-bridges)_0a","0x88a7","160","Ethernet II"
"54","103.906481000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"55","103.906518000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"56","103.906552000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"57","103.906578000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"58","103.906629000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"59","103.906665000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"60","103.906701000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"61","103.906726000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"62","103.906776000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"63","103.906811000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"64","103.906844000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"65","103.906870000","Zte_5f:f8:67","TainetCo_13:01:0d","ARP","64","Who has 10.117.3.83?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"66","106.498942000","Zhongxin_fd:04:38","Spanning-tree-(for-bridges)_09","LLC","242","[Malformed Packet]"
"67","116.761323000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x726caa69"
"68","119.821359000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x726caa69"
"69","122.891418000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0x726caa69"
"70","136.499772000","Zhongxin_fd:04:38","Spanning-tree-(for-bridges)_09","LLC","242","[Malformed Packet]"
"71","145.961646000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xbdc5df11"
"72","149.021650000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xbdc5df11"
"73","152.081720000","0.0.0.0","255.255.255.255","DHCP","590","DHCP Discover - Transaction ID 0xbdc5df11"
"74","160.706862000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"75","160.706900000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"76","160.706933000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"77","160.706960000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"78","160.707009000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"79","160.707045000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"80","160.707098000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"81","160.707126000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"82","160.707156000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"83","160.707190000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"84","160.707223000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"85","160.707249000","Zte_5f:f8:67","TainetCo_13:b6:7e","ARP","64","Who has 10.117.3.84?  Tell 192.168.1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]"
"86","163.714954000","Hangzhou_07:f2:e0","Spanning-tree-(for-bridges)_0a","0x88a7","160","Ethernet II"
Thanks.

Inernet Explorer

September 9, 2015, 9:46 am
$
0
0
It appears Internet Explorer is not working correctly. When I open explorer and go to a site, a window pops up and says that my PC is infected with a virus and is at risk and to call a 1 888 339-6907 number. The message says this is a free service from micro soft operating system security essentials warning - internet explorer. The window cannot be closed, even using ctl, alt, delete keys. I have to shut the computer off and re-start. The window says the message in audio as well.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937
Run by Larry Ellerman at 19:46:36 on 2015-09-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.4972 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\SYSWOW64\VMNAT.EXE
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe,
BHO: {0BB39B40-285C-7D3C-D125-8BB824483DA5} - <orphaned>
BHO: {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Gaaiho PDF Conversion Toolbar Helper: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: {EFAF857D-DE82-4594-37C4-DE38B18E376A} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [PPScheduler] C:\Program Files (x86)\Nuance\PaperPort\PPScheduler.exe
uRun: [Dropbox Update] "C:\Users\Larry Ellerman\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [Nuance OmniPage 17-reminder] "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe
mRun: [UsbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\LARRYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Larry Ellerman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\LARRYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONS~1.LNK - E:\Common\EpsonReg\Ereg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: PlayOn - C:\Program Files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{14BBE08A-FC91-482F-895B-63AB1EAAB49A} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{D18D9B44-0644-4067-9729-F2921BD883CF} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{F4D6DB83-B252-403B-A6EF-E46FFC13D68E} : DHCPNameServer = 192.168.1.254 75.153.176.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ShopperMastoEr: {082F2896-8035-557D-7635-6CF07087E6DB} -
x64-BHO: {0BB39B40-285C-7D3C-D125-8BB824483DA5} - <orphaned>
x64-BHO: {14626502-0AB1-6A1A-688B-8A56BE0BA3E6} - <orphaned>
x64-BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {EFAF857D-DE82-4594-37C4-DE38B18E376A} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
x64-Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-9-8 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-9-8 274808]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-4-28 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-4-28 141920]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-14 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-9-8 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-9-8 447944]
R1 VirtualBackplane;A-B Virtual Backplane;C:\Windows\System32\drivers\VirtualBackplane.sys [2013-10-10 51200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-10 203264]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-9-8 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-9-8 90968]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-9-8 146600]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-4-29 65536]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DragonLoggerService;Dragon Logger service;C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [2014-7-12 137280]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2014-7-12 339008]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-11-13 135824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-10 13336]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2015-4-10 5938992]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-7-22 138600]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-7-5 5611280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-10 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 239616]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-9-8 150672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe [2015-3-28 89840]
S2 uvnc_service;uvnc_service;"C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service --> C:\Program Files (x86)\UltraVNC\WinVNC.exe [?]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-10 763904]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392]
S3 USA19H;USA19H;C:\Windows\System32\drivers\USA19Hx64.sys [2007-10-30 740096]
S3 USA19HP;USA19HP;C:\Windows\System32\drivers\USA19Hx64p.sys [2007-10-23 35840]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-4-7 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-09-08 23:33:31 -------- d-----w- C:\Users\Larry Ellerman\AppData\Roaming\AVAST Software
2015-09-08 23:32:14 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-09-08 23:32:14 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-09-08 23:32:13 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-09-08 23:32:12 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-09-08 23:32:11 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-09-08 23:32:09 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-09-08 23:32:03 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-09-08 23:31:53 43112 ----a-w- C:\Windows\avastSS.scr
2015-09-08 23:30:59 -------- d-----w- C:\Program Files\AVAST Software
2015-09-08 11:26:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72A8003C-65EF-467F-97FA-5D99345A3105}\mpengine.dll
2015-08-28 22:55:31 -------- d-----w- C:\Sean
2015-08-24 23:54:29 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\MFAData
2015-08-24 23:54:29 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\Avg2015
2015-08-24 23:54:29 -------- d-----w- C:\ProgramData\MFAData
2015-08-24 05:13:59 -------- d---a-w- C:\FixMeStick Quarantine
2015-08-23 22:32:58 -------- d-----w- C:\FixMeStick
2015-08-23 03:02:20 -------- d-----w- C:\ProgramData\Malwarebytes
2015-08-23 03:01:06 -------- d-----w- C:\MalawareBytes
2015-08-22 07:00:05 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\SetupSkin
2015-08-19 09:00:41 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 09:00:41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-19 02:13:27 -------- d-----w- C:\ProgramData\Tarma Installer
2015-08-15 16:11:08 -------- d-----w- C:\Users\Larry Ellerman\AppData\Local\Dropbox
2015-08-15 16:11:08 -------- d-----w- C:\ProgramData\Dropbox
2015-08-15 16:05:30 -------- d-----r- C:\Users\Larry Ellerman\Dropbox
2015-08-15 15:59:07 -------- d-----w- C:\RAF Product Notices
2015-08-12 09:18:49 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:18:49 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:14:54 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-11 20:13:30 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
.
==================== Find3M ====================
.
2015-08-12 07:10:17 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 07:10:17 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
.
============= FINISH: 19:46:46.36 ===============

Attached Files
File Type: txt attach.txt (17.9 KB)

Avast detected Kill.bat file in system32 folder

September 9, 2015, 1:25 pm
$
0
0
I am using Windows 7.

Avast detected Kill.bat file in system32 folder.


Opened it with notepad and contains these commands-

*
@ECHO OFF

taskkill /f /im explorer.exe

START %SystemRoot%\explorer.exe

exit


Anything to worry about ? Or is this a normal file that is usually in Windows ?


Thanks

infected with javaws.exe

September 10, 2015, 7:36 am
$
0
0
i have 33 programs installed but task manager shows %100 usage with no programs running.

there are so many instances of javaws.exe running i can't count them. when i googled it one of the possible ways to remove led me to a program that didn't even identify it. :banghead:

i tried adaware and wambam that didn't catch it either.

here's my dds file. i don't have a zip program and the file is so small, i thought pasting would be ok


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015 BrowserJavaVersion: 11.51.2
Run by office at 8:51:34 on 2015-09-10
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\loggingserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={93FD56EB-D306-4D0B-A88A-17DD698DF06C}&mid=cd4ba53a232047cdb928d17921d36a17-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-05-27 15:32:14&v=4.1.0.411&pid=wtu&sg=&sap=hp
uURLSearchHooks: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{BFA87CE1-95BB-458F-8041-6B9EC2C07B31} : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? MBAMSwissArmy;MBAMSwissArmy
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? Avgdiska;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
S? DiagTrack;Diagnostics Tracking Service
S? LavasoftAdAwareService11;Ad-Aware Service 11
S? Realtek87B;Realtek87B
S? RTL8167;Realtek 8167 NT Driver
S? vToolbarUpdater40.1.6;vToolbarUpdater40.1.6
.
=============== Created Last 30 ================
.
2015-09-10 08:21:51 -------- d-----w- C:\Program Files\CCleaner
2015-09-10 02:24:53 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-09-10 02:22:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-09-10 02:22:36 2048 ----a-w- C:\Windows\System32\tzres.dll
2015-09-10 02:22:25 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-09-10 02:22:25 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-09-10 02:22:24 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-09-10 02:22:24 1632256 ----a-w- C:\Windows\System32\dwmcore.dll
2015-09-10 02:19:25 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-09-10 02:18:48 41984 ----a-w- C:\Windows\System32\UtcResources.dll
2015-09-09 23:30:28 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-09-09 23:30:19 115136 ----a-w- C:\Windows\System32\consent.exe
2015-09-09 23:30:18 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-09-09 23:30:18 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-09-09 23:30:04 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-09-09 23:30:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-09-09 23:30:04 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-09-09 23:30:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-09-09 23:30:03 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-09-09 23:30:03 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-09-09 23:30:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-09-09 23:30:02 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-09-09 13:23:28 692672 ----a-w- C:\Windows\System32\winload.efi
2015-09-09 13:23:28 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-09-09 13:23:28 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-09-09 13:23:28 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-09-09 13:23:27 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-09-09 13:23:26 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-09-09 13:23:25 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-09-09 13:23:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-09-09 13:23:25 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-27 05:01:51 -------- d-----w- C:\Users\office\AppData\Local\CEF
2015-08-27 03:36:02 -------- d-----w- C:\Users\office\.oracle_jre_usage
2015-08-12 08:59:53 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 08:59:53 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:47:23 9284296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-08-12 03:50:56 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-08-12 03:50:55 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-12 03:50:55 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-08-12 03:50:55 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-08-12 03:50:54 158720 ----a-w- C:\Windows\System32\aaclient.dll
2015-08-12 03:50:54 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-08-12 03:50:17 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-08-12 03:48:27 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-08-12 03:48:27 260096 ----a-w- C:\Windows\System32\WebClnt.dll
2015-08-12 03:48:27 206848 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2015-08-12 03:48:27 102912 ----a-w- C:\Windows\System32\davclnt.dll
2015-08-12 03:48:15 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-08-12 03:48:15 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-08-12 03:48:15 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-08-12 03:48:10 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-08-12 03:48:10 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-08-12 03:47:49 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
.
==================== Find3M ====================
.
2015-09-09 19:10:57 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-09-09 19:10:57 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:04:49 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-02 03:04:46 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-02 03:04:44 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-02 03:04:42 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-02 02:48:31 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-02 02:47:18 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-02 01:51:28 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-02 01:47:08 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-02 01:33:48 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-23 00:06:25 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-22 17:57:49 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-22 17:57:49 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-22 17:54:12 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-22 17:52:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-22 17:52:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-22 17:52:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-22 17:52:03 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-22 17:52:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-22 17:52:03 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-22 17:47:28 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-22 17:46:50 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-22 16:45:48 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-22 16:44:51 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-22 16:44:45 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-07-22 16:34:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-07-22 16:34:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-07-22 16:31:52 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-07-22 16:31:52 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-22 16:31:52 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-22 16:31:52 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-07-19 01:42:30 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:10:58 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2015-07-15 18:10:50 11264 ----a-w- C:\Windows\System32\msmmsp.dll
.
============= FINISH: 9:05:14.95 ===============


thanks for your time and help
charlotte:frown:

Attached Files
File Type: txt attach.txt (6.8 KB)
Viewing all 2798 articles
Browse latest View live
Search