Hi, me again.

Not sure how I picked it up, I downloaded an .ico file and I think all went haywire after that. Firstly Start menu stopped working - I got a error message and Windows signed out and back in again to no avail. I tried the most recent restore point and that helped. I also ran sfc / scannow. But no my machine is extremely sluggish, takes forever to restart. I tried to restore to previous points but get errors. Kaspersky Internet security stopped working, so I uninstalled it. Get a strange chinese symbol program in force quit when I do a restart. Please help. I downloaded dds.scr but like before it won't run.

Hey guys,

I really need to remove DNS Unlocker from my PC. I already tried several of the methods found elsewhere in the internet (malware bytes, Hitman pro, adware). At first, these programs seem to clean my PC (tried several of them in several past infections on this computer). However, after some days are past, it all come back again in all of its force.

I also safely removed the program, removed its extension in Chrome, but it is immortal!!!

Does anyone has any clue on what should I do to completely get rid of it once and for all?

Thank you very much.

OS Version: Microsoft Windows 10 Home, 64 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3686 Mb
Graphics Card: AMD Radeon HD 6320 Graphics, 384 Mb
Hard Drives: C: Total - 465190 MB, Free - 292101 MB; D: Total - 11196 MB, Free - 1332 MB; H: Total - 953836 MB, Free - 388246 MB; I: Total - 476936 MB, Free - 475211 MB; J: Total - 953867 MB, Free - 331329 MB; K: Total - 953866 MB, Free - 582925 MB; L: Total - 953833 MB, Free - 145781 MB;
Motherboard: PEGATRON CORPORATION, 2AD1

Does anybody know how to disable or stop what I call “Pop Over” advertising
This is where the entire screen is covered by an ad for a product or service and it tells you either to “click on X to close” or You have xx second until it returns you to the Web page. They are getting more and more prevalent

Dear Forum:
Unusual situation with laptop. Laptop was in storage.
Upon removing from storage had Cox Cable come out to set up internet connection. A new tech came out.
I forgot Cox offered McAfee Security Suite with service.
Tech did not inform me to download.
Laptop was kept shut off.
Recently tried to download McAfee onto laptop. Now it appears it has Malware.
How do I maintain my internet connection; clean out the laptop; and download McAfee?
I am somewhat a novice.
Thank You...

Hi, everyone.

So I might have one, maybe not. Anyway, I was web-surfing and suddenly a new tab came up with both visual and audio messages saying something like, "You have a virus! Click here to remove it NAOW!!" Naturally, I simply did "Show Desktop" and ran the Temp File Cleaner to end my surfing session instead.

Still, I'm a-feared that something wormed its way in. So I followed the "Do before posting for malware help", downloaded DDS.scr and ran it, now awaiting instructions if we have to proceed further.

And just in case I don't have a virus, my sincere apologies in advance.

So, the dds.txt log pasted in here first, then the attachment log err...attached.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Keith at 14:41:38 on 2015-10-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.236 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} -
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} -
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\keith\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\keith\application data\leadertech\powerregister\Seagate NA77HH4Z Product Registration.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350322420296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\45.0.2454.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 208664]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-3-18 26096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 789296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-17 434184]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-20 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 76000]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-17 146600]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-6 54760]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-3-21 148016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-7-13 157888]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
S2 ofcservice;Websensecamreportserver;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-8 25600]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2014-3-6 35256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [2010-10-7 19677]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2011-6-14 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2011-6-14 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2011-6-14 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2011-6-14 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2012-6-13 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2012-6-13 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2012-6-13 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2012-6-13 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2012-6-13 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: Cdj.exe: null="c:\program files\padus\discjuggler\Cdj.exe"
.
=============== Created Last 30 ================
.
2015-09-26 05:57:12 43112 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2015-10-11 15:55:11 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-11 15:52:18 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-26 05:57:17 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-09-26 05:57:16 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-26 05:57:16 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-26 05:57:16 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-26 05:57:16 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-26 05:57:05 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-09-26 05:57:05 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-09-23 02:36:13 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-23 02:36:13 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:42:27.60 ===============

Attached Files

attach.txt (530.7 KB)

About a month ago I needed to get MS Office for a school project, and I had Win 10 so I (not knowing that it installed adware) used a certain program to activate it. I THOUGHT I removed all the viruses from it but obviously not. (The application has since been uninstalled) Starting about two weeks ago, Malwarebytes AND Bitdefender started detecting Trojans and Registry keys in every scan. I kept removing them, they kept coming back and still do. (Just assuming this is that program's doing because I haven't really downloaded/installed anything since then.)

Now when I start up my PC, my RAM usage instantly rises into the 90-100% range. It does this even while idle with no programs running, which of course makes my PC very slow and it's very annoying. Normally I would just format the hard drive and reinstall Windows, but I don't have a copy of Win 10 lying around, or any other copy of Windows for that matter. Any advice on what to do would be very helpful.


Thanks, - Noah

cmd.exe will not stay open when I try to run programs, this is with elevated privileges and without either way no luck. I suspect a backdoor is on the computer because this is a newly installed os. anyone???? The command prompt flashes on the screen then closes whenever i try to run an application. If I open a cmd.exe window it will stay open but doesnt recognize the commands I type in. ????????:banghead:

dds.txt is below



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by at 0:26:36 on 2015-09-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7659.4611 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
uRun: [GoogleChromeAutoLaunch_8444C81AF347914E6C73A77AA14C32B9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
StartupFolder: C:\Users\Brooke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0A114AE5-11F7-43F1-9E6A-A5FFC53AD917} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2015-9-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-9-24 2774104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2015-9-24 2375168]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 124568]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-18 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2015-9-24 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-18 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2015-9-24 266240]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2015-9-24 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-9-24 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2015-9-24 1142376]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2015-9-24 47232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-25 114688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-9-25 1255736]
.
=============== Created Last 30 ================
.
2015-09-26 04:24:00 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3CD29F4-423B-41C2-9E02-AA92B9CAF33F}\offreg.964.dll
2015-09-26 04:18:35 -------- d-----w- C:\Windows\System32\MRT
2015-09-26 00:48:34 -------- d-----w- C:\Windows\Migration
2015-09-26 00:48:33 -------- d-s---w- C:\Windows\System32\CompatTel
2015-09-26 00:48:33 -------- d-----w- C:\Windows\System32\appraiser
2015-09-26 00:47:51 -------- d-----w- C:\Windows\SysWow64\Wat
2015-09-26 00:47:51 -------- d-----w- C:\Windows\System32\Wat
2015-09-25 23:30:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-09-25 23:30:11 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-09-25 22:56:12 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-25 21:22:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2015-09-25 19:43:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2015-09-25 19:43:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2015-09-25 19:43:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2015-09-25 19:43:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2015-09-25 19:43:24 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2015-09-25 19:43:23 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2015-09-25 19:43:23 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2015-09-25 19:08:15 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2015-09-25 19:08:14 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2015-09-25 19:08:14 5120 ----a-w- C:\Windows\System32\wmi.dll
2015-09-25 18:44:03 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-09-25 18:44:03 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-09-25 18:44:02 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-09-25 18:44:02 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-09-25 18:44:00 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-09-25 18:44:00 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-09-25 18:43:26 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-09-25 18:43:26 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-09-25 03:03:22 -------- d-----w- C:\Users\Brooke\AppData\Roaming\ControlCenter4
2015-09-25 02:58:44 -------- d-----r- C:\Users\Brooke\ODBA
2015-09-24 22:42:06 -------- d-----w- C:\Brother
2015-09-24 22:39:04 -------- d-----w- C:\ProgramData\Brother
2015-09-24 22:26:19 -------- d-----w- C:\Users\Brooke\AppData\Local\ElevatedDiagnostics
2015-09-24 17:33:55 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-09-24 17:33:55 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-09-24 17:33:55 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-09-24 17:33:54 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-09-24 17:26:39 328704 ----a-w- C:\Windows\System32\services.exe
2015-09-24 17:25:50 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2015-09-24 17:24:21 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-09-24 17:24:21 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-09-24 17:24:21 113664 ----a-w- C:\Windows\System32\sechost.dll
2015-09-24 17:24:21 104448 ----a-w- C:\Windows\System32\logman.exe
2015-09-24 17:24:20 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-09-24 17:24:20 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-09-24 17:24:20 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-09-24 17:24:19 43008 ----a-w- C:\Windows\System32\relog.exe
2015-09-24 17:24:19 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-09-24 17:24:19 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-09-24 17:24:18 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-09-24 17:24:18 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-09-24 17:22:57 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2015-09-24 17:22:56 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-09-24 17:22:53 2560 ----a-w- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2015-09-24 17:22:53 11264 ----a-w- C:\Windows\System32\msmmsp.dll
2015-09-24 17:20:24 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2015-09-24 17:20:23 395776 ----a-w- C:\Windows\System32\webio.dll
2015-09-24 17:20:19 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2015-09-24 17:20:18 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2015-09-24 17:20:12 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2015-09-24 17:20:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2015-09-24 17:19:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2015-09-24 17:19:53 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2015-09-24 17:19:53 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2015-09-24 17:19:49 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2015-09-24 17:19:48 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2015-09-24 17:19:46 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2015-09-24 17:18:17 241152 ----a-w- C:\Windows\System32\pku2u.dll
2015-09-24 17:18:17 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2015-09-24 17:16:59 265216 ----a-w- C:\Windows\SysWow64\msnetobj.dll
2015-09-24 17:15:13 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-09-24 17:14:39 -------- d-----w- C:\Program Files\Microsoft Office 15
2015-09-24 17:12:38 478208 ----a-w- C:\Windows\System32\dpnet.dll
2015-09-24 17:12:38 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2015-09-24 17:12:35 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2015-09-24 17:12:35 156312 ----a-w- C:\Windows\System32\mscorier.dll
2015-09-24 17:12:34 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2015-09-24 17:12:34 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2015-09-24 17:12:33 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2015-09-24 17:12:33 73880 ----a-w- C:\Windows\System32\mscories.dll
2015-09-24 17:12:16 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-09-24 17:12:16 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-09-24 17:12:01 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-09-24 17:12:01 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-09-24 17:11:16 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-09-24 17:10:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-09-24 17:10:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2015-09-24 17:08:42 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2015-09-24 17:06:20 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2015-09-24 17:06:20 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2015-09-24 17:06:18 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-09-24 17:06:18 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-09-24 17:06:07 515584 ----a-w- C:\Windows\System32\timedate.cpl
2015-09-24 17:06:06 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2015-09-24 17:06:03 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-09-24 17:06:03 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-09-24 17:06:03 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-09-24 17:04:45 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-09-24 17:03:53 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-09-24 17:02:53 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2015-09-24 17:01:33 722944 ----a-w- C:\Windows\System32\objsel.dll
2015-09-24 17:00:52 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2015-09-24 16:59:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2015-09-24 16:59:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2015-09-24 16:59:38 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2015-09-24 16:59:33 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2015-09-24 16:59:33 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2015-09-24 16:59:33 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2015-09-24 16:59:33 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2015-09-24 16:59:33 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2015-09-24 16:59:10 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2015-09-24 16:59:10 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2015-09-24 16:59:10 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2015-09-24 16:58:32 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2015-09-24 16:58:32 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2015-09-24 16:58:31 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2015-09-24 16:58:30 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2015-09-24 16:58:30 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2015-09-24 16:58:29 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2015-09-24 16:58:29 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2015-09-24 16:58:22 20352 ----a-w- C:\Windows\System32\kdusb.dll
2015-09-24 16:58:22 19328 ----a-w- C:\Windows\System32\kd1394.dll
2015-09-24 16:58:22 17792 ----a-w- C:\Windows\System32\kdcom.dll
2015-09-24 16:58:00 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2015-09-24 16:58:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2015-09-24 16:57:24 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2015-09-24 16:57:24 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2015-09-24 16:57:24 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2015-09-24 16:57:24 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2015-09-24 16:57:24 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2015-09-24 16:56:17 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-09-24 16:56:17 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-09-24 16:56:17 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-09-24 16:56:16 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-09-24 16:56:16 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-09-24 16:56:16 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-09-24 16:56:16 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-09-24 16:56:03 77824 ----a-w- C:\Windows\System32\packager.dll
2015-09-24 16:56:03 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2015-09-24 16:54:11 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2015-09-24 16:54:11 31232 ----a-w- C:\Windows\System32\prevhost.exe
2015-09-24 16:54:10 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2015-09-24 16:54:07 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2015-09-24 16:54:05 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2015-09-24 16:54:05 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2015-09-24 16:54:04 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2015-09-24 16:54:04 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2015-09-24 16:54:02 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2015-09-24 16:54:01 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-09-24 16:54:00 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-09-24 16:53:56 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2015-09-24 16:53:56 1192448 ----a-w- C:\Windows\System32\certutil.exe
2015-09-24 16:53:55 52224 ----a-w- C:\Windows\System32\certenc.dll
2015-09-24 16:53:54 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2015-09-24 16:53:33 202752 ----a-w- C:\Windows\System32\scrrun.dll
2015-09-24 16:53:33 168960 ----a-w- C:\Windows\System32\wscript.exe
2015-09-24 16:53:33 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2015-09-24 16:53:33 156160 ----a-w- C:\Windows\System32\cscript.exe
2015-09-24 16:53:33 150016 ----a-w- C:\Windows\System32\wshom.ocx
2015-09-24 16:53:33 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2015-09-24 16:53:33 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2015-09-24 16:53:33 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2015-09-24 16:52:48 956928 ----a-w- C:\Windows\System32\localspl.dll
2015-09-24 16:52:43 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2015-09-24 16:52:40 331776 ----a-w- C:\Windows\System32\oleacc.dll
2015-09-24 16:52:40 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2015-09-24 16:52:35 723456 ----a-w- C:\Windows\System32\EncDec.dll
2015-09-24 16:52:35 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2015-09-24 16:52:34 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2015-09-24 16:52:34 367552 ----a-w- C:\Windows\System32\clfs.sys
2015-09-24 16:52:33 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2015-09-24 16:47:02 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-24 16:47:01 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-24 16:47:00 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-24 16:47:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-24 16:47:00 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-24 16:47:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-24 16:47:00 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-09-24 16:47:00 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-24 16:47:00 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-24 16:47:00 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-24 16:47:00 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-24 16:40:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2015-09-24 16:40:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2015-09-24 16:40:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2015-09-24 16:40:46 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2015-09-24 16:40:46 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2015-09-24 16:40:30 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2015-09-24 05:57:18 -------- d-----w- C:\Windows\ehome
2015-09-24 05:24:15 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2015-09-24 05:23:56 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2011
2015-09-24 05:23:50 -------- d-----w- C:\ProgramData\Downloaded Installations
2015-09-24 05:23:50 -------- d-----w- C:\Program Files\Common Files\AuthenTec
2015-09-24 05:23:50 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec
2015-09-24 05:19:43 -------- d-----w- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2015-09-24 05:19:30 -------- d-----w- C:\Program Files (x86)\AMD
2015-09-24 05:18:37 0 ----a-w- C:\Windows\ativpsrm.bin
2015-09-24 05:17:55 -------- d-----w- C:\Windows\Hewlett-Packard
2015-09-24 05:17:10 -------- d-----w- C:\Program Files (x86)\Cisco
2015-09-24 05:16:45 1142376 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2015-09-24 05:16:44 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2015-09-24 05:16:24 -------- d-----w- C:\Windows\Driver Cache
2015-09-24 05:16:23 -------- d-----w- C:\Program Files (x86)\HP
2015-09-24 05:15:39 -------- d-----w- C:\Program Files\Validity Sensors
2015-09-24 05:15:31 -------- d-----w- C:\Windows\SysWow64\sda
2015-09-24 05:15:24 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2015-09-24 05:15:24 337512 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2015-09-24 05:14:36 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2015-09-24 05:14:36 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2015-09-24 05:14:36 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2015-09-24 05:14:33 -------- d-----w- C:\Program Files (x86)\Realtek
2015-09-24 05:14:22 -------- d-----w- C:\Program Files\Synaptics
2015-09-24 05:09:50 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEFBEE4A-420D-48A3-B768-6CC6FC7888C7}\gapaengine.dll
2015-09-24 05:09:41 11062400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3CD29F4-423B-41C2-9E02-AA92B9CAF33F}\mpengine.dll
2015-09-24 05:06:44 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-09-24 05:06:42 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-09-24 05:06:42 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2015-09-24 05:06:00 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2015-09-24 05:06:00 -------- d-----w- C:\ProgramData\AMD
2015-09-24 05:05:59 -------- d-----w- C:\Program Files\ATI Technologies
2015-09-24 05:05:53 47232 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2015-09-24 05:05:26 -------- d-----w- C:\Program Files\ATI
2015-09-24 05:05:24 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-09-24 05:05:19 -------- d-sh--w- C:\Windows\Installer
2015-09-24 04:33:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2015-09-24 04:33:44 -------- d-----w- C:\Program Files\Microsoft Security Client
2015-09-24 03:59:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2015-09-24 03:59:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2015-09-24 03:59:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2015-09-24 03:09:02 -------- d-----w- C:\Users\Brooke\AppData\Local\Google
2015-09-24 03:08:47 -------- d-----w- C:\Users\Brooke\AppData\Local\Apps
2015-09-24 03:08:46 -------- d-----w- C:\Users\Brooke\AppData\Local\Deployment
2015-09-24 02:38:51 -------- d-----w- C:\Users\Brooke\AppData\Local\AMD
2015-09-24 02:38:43 -------- d-----w- C:\Users\Brooke\AppData\Local\ATI
2015-09-24 02:37:43 -------- d-----w- C:\Users\Brooke\AppData\Roaming\Synaptics
2015-09-24 02:37:43 -------- d-----w- C:\Users\Brooke\AppData\Roaming\hpqLog
2015-09-11 22:48:46 94208 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll
2015-09-11 21:44:26 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2015-09-11 21:44:26 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
.
==================== Find3M ====================
.
2015-09-25 22:56:12 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-09-11 22:48:44 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2015-09-11 22:48:44 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-23 00:06:25 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-22 17:57:49 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-22 17:57:49 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-22 17:54:12 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-22 17:52:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-22 17:52:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-22 17:52:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-22 17:52:03 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-22 17:52:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-22 17:52:03 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-22 17:47:28 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-22 17:46:50 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-22 16:48:49 41984 ----a-w- C:\Windows\System32\UtcResources.dll
2015-07-22 16:45:48 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-22 16:44:51 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-22 16:44:45 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-07-22 16:34:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-07-22 16:34:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-07-22 16:31:52 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-07-22 16:31:52 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-22 16:31:52 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-22 16:31:52 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-07-10 17:51:27 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-07-10 17:51:19 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-10 17:51:10 158720 ----a-w- C:\Windows\System32\aaclient.dll
2015-07-10 17:34:09 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-07-10 17:34:02 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-10 17:33:50 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-07-09 17:58:26 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-07-09 17:58:26 1632256 ----a-w- C:\Windows\System32\dwmcore.dll
2015-07-09 17:57:57 193536 ----a-w- C:\Windows\System32\notepad.exe
2015-07-09 17:57:57 193536 ----a-w- C:\Windows\notepad.exe
2015-07-09 17:42:54 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-07-09 17:42:54 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-07-09 17:42:27 179712 ----a-w- C:\Windows\SysWow64\notepad.exe
2015-07-05 10:08:23 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-01 20:49:56 260096 ----a-w- C:\Windows\System32\WebClnt.dll
2015-07-01 20:48:36 102912 ----a-w- C:\Windows\System32\davclnt.dll
2015-07-01 20:30:43 206848 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2015-07-01 20:30:21 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
.
============= FINISH: 0:27:49.22 ===============

Dear Sirs

I recently opened an email, (despite being warned not to do so by Goole), sent to me from BrianandSally!

Sally is my stepbrother’s daughter & Brian is her husband, but the email was not from my relatives.

Ever since I opened the email, Google has had problems:

It keeps locking on me, and I cannot go forwards, backwards or open another link.

The only way to get out of the problem is to reboot my computer.

My computer has Windows 8

Jack Willday

Hi, Last night i wanted to download a pdf to jpg converter so i went to source forge & got this hxxp://sourceforge.net/projects/convertjpgtopdf/?source=directory on this page i downloaded to app where it says download. Then a multitude of programs installed & demanded firewall access. One of them netman.exe. Next thing the computer locked up. & some windows updates that modified things. Now web pages lag out & are very slow to load. Most of my programs wont respond, ccleaner wont work, sfc.scannow wont complete. I did a spybot search & destroy scan fet minor detection usual stuff 3 wouldnt delete. I did a gdata scan no detection. I will do more scans. So below are dds & attach logs. when i went to upload attach.txt the web browser find file location popup lagged to several seconds to a minute to access computer to upload it. Then i took several seconds to upload, this is unusal as i have used it before. All programs lagging locking up even start menu.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 10.55.2
Run by Gary at 13:51:23 on 2015-10-16
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.1033.18.4095.1547 [GMT 8:00]
.
AV: G DATA TOTAL PROTECTION *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: G DATA TOTAL PROTECTION *Enabled/Outdated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\AEADISRV.EXE
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Has Apps Com\dlfxap_updater_service.exe
C:\Program Files\Has Apps Com\dlfxap.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
C:\WINDOWS\system32\taskhostw.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\WINDOWS\System32\vds.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\System32\Taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Google Update] "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [SmartSwitchPDLR.exe] C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
uRun: [Dropbox Update] "C:\Users\Gary\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [OneDrive] "C:\Users\Gary\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
mRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3648c94c-571b-4217-a170-5ba36fe383f1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6c180abb-3d48-404f-aa22-1c6906757a72} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{dfd11378-f819-422b-9f85-14a2836adbea} : DHCPNameServer = 192.168.1.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\WINDOWS\System32\userinit.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\wlhtmyvs.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.safebrowsing.downloads.enabled - false
FF - user.js: browser.safebrowsing.enabled - false
FF - user.js: browser.safebrowsing.malware.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\WINDOWS\System32\drivers\GDBehave.sys [2014-9-2 55808]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-7-12 192216]
R0 mv61xx;mv61xx;C:\WINDOWS\System32\drivers\mv61xx.sys [2011-2-9 181040]
R0 TS4NT;TS4nt driver;C:\WINDOWS\System32\drivers\TS4nt.sys [2014-9-2 98760]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-12 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 gddcv;G Data DCV Driver;C:\WINDOWS\System32\drivers\gddcv64.sys [2014-9-2 59904]
R1 GDKBFlt;G Data GDKBFlt Driver;C:\WINDOWS\System32\drivers\GDKBFlt64.sys [2014-9-2 20992]
R1 GDMnIcpt;GDMnIcpt;C:\WINDOWS\System32\drivers\MiniIcpt.sys [2014-9-2 142336]
R1 gdwfpcd;G Data WFP CD;C:\WINDOWS\System32\drivers\gdwfpcd64.sys [2014-9-2 64512]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 GRD;G Data Rootkit Detector Driver;C:\WINDOWS\System32\drivers\GRD.sys [2014-9-2 106272]
R1 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2014-9-2 61440]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\drivers\hssdrv6.sys [2012-8-2 41704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 gddcd;G Data DCD Driver;C:\WINDOWS\System32\drivers\gddcd64.sys [2014-9-2 79872]
R3 GDPkIcpt;GDPkIcpt;C:\WINDOWS\System32\drivers\PktIcpt.sys [2014-9-2 64000]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem63.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-7-12 25816]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Legacy Controllers;C:\WINDOWS\System32\drivers\yk63x64.sys [2015-7-10 295216]
S?4 WinDivert1.1;WinDivert1.1;C:\Program Files\Has Apps Com\WinDivert64.sys [2015-10-16 38064]
S1 PCC_DSCP;Personal Communicator DSCP Driver;C:\WINDOWS\System32\drivers\PCC_DSCP_x64.sys [2013-2-21 21152]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2015-6-3 31992]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\WINDOWS\System32\drivers\ssadadb.sys [2013-4-10 38080]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 fssfltr;fssfltr;C:\WINDOWS\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-7-12 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-7 934752]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2014-12-30 31800]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\System32\drivers\ssadbus.sys [2013-4-10 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\System32\drivers\ssadmdfl.sys [2013-4-10 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\System32\drivers\ssadmdm.sys [2013-4-10 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\WINDOWS\System32\drivers\ssadserd.sys [2013-4-10 158024]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-20 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-7 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-12 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-10-16 05:49:10 16148 ----a-w- C:\WINDOWS\System32\PRECIOUS_Gary_HistoryPrediction.bin
2015-10-15 16:32:25 -------- d-----w- C:\Program Files\Has Apps Com
2015-10-15 16:30:22 -------- d-----w- C:\WINDOWS\SysWow64\updtSer
2015-10-15 16:30:22 -------- d-----w- C:\Program Files (x86)\PdfToJpgConverter
2015-10-15 16:29:03 -------- d-----w- C:\Program Files (x86)\Pdf To Jpg Converter
2015-10-15 15:41:49 -------- d-----w- C:\Program Files (x86)\Jpg To Pdf Converter
2015-10-15 09:04:56 -------- d-----w- C:\Users\Gary\AppData\Local\{6B3D583E-F5D4-4762-83FC-5A77F1B184D9}
2015-10-15 04:08:00 -------- d-----w- C:\Users\Gary\AppData\Local\{BBAF2D42-D889-480B-9B53-6FE8663E8B9C}
2015-10-14 10:29:44 -------- d-----w- C:\Users\Gary\AppData\Local\{04089B28-7763-4653-A1F5-32F574D5EDD0}
2015-10-13 18:43:21 -------- d-----w- C:\Users\Gary\AppData\Local\{098E4E01-D9E2-4D60-AEB7-164ABF1C7178}
2015-10-13 05:27:17 -------- d-----w- C:\Users\Gary\AppData\Local\{5831458E-6123-4D5A-A339-85017960645F}
2015-10-12 16:02:36 -------- d-----w- C:\Users\Gary\AppData\Local\{412A83E9-FBDF-47B3-989A-759991302CA7}
2015-10-12 03:22:16 -------- d-----w- C:\Users\Gary\AppData\Local\{05853521-D56B-44EF-9480-57C48FAE6DA1}
2015-10-11 03:38:01 -------- d-----w- C:\Users\Gary\AppData\Local\{37779909-AD6D-4F10-8C5C-59BCE9177AA8}
2015-10-10 03:57:05 -------- d-----w- C:\Users\Gary\AppData\Local\{AEF9CD6D-F9A4-4BD9-99DC-D1C92B978BBD}
2015-10-09 14:25:29 -------- d-----w- C:\Users\Gary\AppData\Local\{49B36FDD-4214-446E-8821-A43FACF61FCA}
2015-10-08 18:48:10 -------- d-----w- C:\Users\Gary\AppData\Local\{DB0A3A2F-BC35-4760-8A85-ED8EA0322D8C}
2015-10-08 05:59:01 -------- d-----w- C:\Users\Gary\AppData\Local\{DEB22DD3-7BAC-48CC-B19F-9325A0353B8A}
2015-10-07 03:42:46 -------- d-----w- C:\Users\Gary\AppData\Local\{419A46DC-C82A-4932-8A61-D4ECC8232A05}
2015-10-06 03:13:19 -------- d-----w- C:\Users\Gary\AppData\Local\{2ED0030D-B233-414A-BAAA-F39360E216CF}
2015-10-05 07:30:00 -------- d-----w- C:\Users\Gary\AppData\Local\{9C9E1D8D-F87A-42BC-89C9-52FD81E337BF}
2015-10-05 04:56:53 -------- d-----w- C:\Users\Gary\AppData\Local\{940EA6D4-912A-4C82-A78C-E8AB32D28FA6}
2015-10-05 04:09:07 -------- d-----w- C:\Users\Gary\AppData\Local\{E47216B3-0BEA-4444-80D5-885488EDF73C}
2015-10-05 03:11:44 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-10-05 03:11:44 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-04 10:40:52 -------- d-----w- C:\Users\Gary\AppData\Local\{382B21D6-EC8C-4CAF-B97D-AD94EA697923}
2015-10-04 03:48:21 -------- d-----w- C:\Users\Gary\AppData\Local\{3B2466B8-024A-4F39-A6BB-3180D765B641}
2015-10-03 12:41:16 -------- d-----w- C:\Users\Gary\AppData\Local\{053CB3D7-3897-458E-A6F3-FC8E65289C70}
2015-10-02 16:13:28 -------- d-----w- C:\Users\Gary\AppData\Local\{50E388EE-91F0-41A4-A02A-789741DD5FB0}
2015-10-01 15:32:16 -------- d-----w- C:\Users\Gary\AppData\Local\{5DA72588-0F5C-4183-AF17-CEEEB4CBC6A5}
2015-10-01 05:11:59 41472 ----a-w- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll
2015-10-01 03:31:53 -------- d-----w- C:\Users\Gary\AppData\Local\{204D610A-F779-459D-9F75-658C3B0E2A99}
2015-09-30 10:28:12 -------- d-----w- C:\Users\Gary\AppData\Local\{921E6605-E0EF-433C-AF67-E1A0A064B051}
2015-09-29 16:53:17 -------- d-----w- C:\Users\Gary\AppData\Local\{FC671868-4ED1-44F7-81F5-B9882BA51BD6}
2015-09-29 02:53:43 -------- d-----w- C:\Users\Gary\AppData\Local\{05869656-A98F-4A4F-B0B5-8FA9B9033ADA}
2015-09-28 05:27:08 -------- d-----w- C:\Users\Gary\AppData\Local\{852AAE38-D595-4930-B89A-500056085BE9}
2015-09-27 17:26:45 -------- d-----w- C:\Users\Gary\AppData\Local\{059839C3-B851-476E-850C-B688ADBC2CED}
2015-09-27 03:40:36 -------- d-----w- C:\Users\Gary\AppData\Local\{B0BDF174-684E-47D6-B201-80AE02C1E3C1}
2015-09-26 23:19:22 252648 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-09-26 17:55:44 -------- d-----w- C:\Users\Gary\AppData\Local\{F6379007-A7D8-4395-9462-6B70A4417DDD}
2015-09-26 04:08:21 -------- d-----w- C:\Users\Gary\AppData\Local\{2DB923D4-1DC3-41E2-B4D6-C9576BBD9513}
2015-09-25 15:31:51 -------- d-----w- C:\Users\Gary\AppData\Local\{D28EF519-51F4-49AE-8857-6672D48DEF5E}
2015-09-24 15:59:20 -------- d-----w- C:\Users\Gary\AppData\Local\{31F88742-2E37-437C-A5AB-592A85377DDA}
2015-09-24 03:40:24 -------- d-----w- C:\Users\Gary\AppData\Local\{66E3620B-AAB5-4D43-BF18-E904731982C4}
2015-09-23 15:48:02 -------- d-----w- C:\Users\Gary\AppData\Local\{903BA944-AA12-4579-ADEA-8AC872ABA549}
2015-09-23 03:30:09 -------- d-----w- C:\Users\Gary\AppData\Local\{1DEA3499-C8FE-4E2F-A01B-7089AE9D6165}
2015-09-22 12:00:02 -------- d-----w- C:\Users\Gary\AppData\Local\{A79BA3EE-C80B-4460-814C-D3AFAA6E3DBB}
2015-09-22 03:41:20 -------- d-----w- C:\Program Files\iTunes
2015-09-22 03:41:20 -------- d-----w- C:\Program Files\iPod
2015-09-22 03:41:20 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-22 03:39:21 -------- d-----w- C:\Program Files\Bonjour
2015-09-22 03:39:21 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-09-21 09:36:51 -------- d-----w- C:\Users\Gary\AppData\Local\{51E114B9-4023-495B-A176-0F6F5212843E}
2015-09-20 18:07:33 -------- d-----w- C:\Users\Gary\AppData\Local\{B7CE4F83-2A6F-477D-A33B-6AF2E5FE5FFA}
2015-09-20 05:35:18 -------- d-----w- C:\Users\Gary\AppData\Local\{E3F1BFDC-DE82-4AC8-9DA4-60E0732256BC}
2015-09-20 04:25:43 -------- d-----w- C:\Users\Gary\AppData\Local\{49A40252-7E7E-4051-8688-B7FA8B3E88B6}
2015-09-19 03:48:48 -------- d-----w- C:\Users\Gary\AppData\Local\{FCFD8086-2170-4EF8-BD9A-E5672A49D47B}
2015-09-18 10:39:40 -------- d-----w- C:\Users\Gary\AppData\Local\{D22747D2-8D2C-4590-9D93-E7DC4DA33405}
2015-09-17 16:18:05 -------- d-----w- C:\Users\Gary\AppData\Local\{DD5A2937-BB2A-4EAB-BC4F-45CAE4AD0147}
2015-09-17 04:17:42 -------- d-----w- C:\Users\Gary\AppData\Local\{BF816C12-2776-491A-810F-A6CA3210E2E7}
2015-09-16 18:28:26 -------- d-----w- C:\Users\Gary\AppData\Local\{EA5DC746-FFFF-4A30-84CE-DB9BA7358E19}
.
==================== Find3M ====================
.
2015-10-15 16:07:27 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-10 06:40:43 21875712 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-10-10 06:07:47 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-05 01:50:22 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-10-05 01:50:10 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-10-05 01:50:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 04:00:07 8020320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:57 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:42 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-09-25 03:02:37 949248 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:01:15 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:40 1382400 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:48 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:19 766976 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2015-09-17 06:50:10 2464216 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-09-17 06:50:05 1563392 ----a-w- C:\WINDOWS\System32\winmde.dll
2015-09-17 06:50:02 88384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-09-17 06:49:33 1563472 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2015-09-17 06:49:11 6487248 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2015-09-17 06:49:11 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-09-17 06:49:10 894256 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2015-09-17 06:49:01 553808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2015-09-17 06:47:11 1397088 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-09-17 06:44:22 781976 ----a-w- C:\WINDOWS\System32\mfds.dll
2015-09-17 06:43:40 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-09-17 06:37:20 1168736 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2015-09-17 06:37:19 1295712 ----a-w- C:\WINDOWS\System32\wpx.dll
2015-09-17 06:28:43 2154808 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-09-17 06:28:40 5120056 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2015-09-17 06:28:38 74880 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2015-09-17 06:28:36 1357888 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2015-09-17 06:28:29 441168 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2015-09-17 06:28:21 407608 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2015-09-17 06:27:29 1766952 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-09-17 06:27:16 454512 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-09-17 06:26:49 434376 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
2015-09-17 06:26:41 1895568 ----a-w- C:\WINDOWS\SysWow64\hevcdecoder.dll
2015-09-17 06:26:39 2446648 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2015-09-17 06:26:38 646672 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2015-09-17 06:26:32 508248 ----a-w- C:\WINDOWS\SysWow64\mf.dll
2015-09-17 06:26:31 428128 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2015-09-17 06:25:10 962400 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-09-17 06:21:38 658528 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2015-09-17 06:20:25 764416 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-09-17 06:11:07 160256 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2015-09-17 06:10:35 169984 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2015-09-17 06:09:54 269312 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-09-17 06:09:50 143360 ----a-w- C:\WINDOWS\System32\provops.dll
2015-09-17 06:08:23 494592 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-09-17 06:08:03 26624 ----a-w- C:\WINDOWS\System32\LicenseManagerShellext.exe
2015-09-17 06:08:01 53760 ----a-w- C:\WINDOWS\System32\Windows.Speech.Pal.dll
.
============= FINISH: 13:56:39.11 ===============

Attached Files

attach.txt (14.3 KB)

Okay so first of all I'm not mall 100% sure what I even even posting here but anyways this all started because my Dell Inspiron 531 with Windows 7 64 Bit one day decided to have a "No Internet Access" one day I have done everything I mean EVERYTHING and I was told by spunk.funk after he tried to help me with everything you can imagine i still cannot connect to the internet :banghead:

So he thinks I have a Malware Virus causing me not to connect to the Internet so he sent me here So like I said Tried everything cannot connect to the internet just a ("Local Area Connection" doesn't have a valid IP configuration) and I am going to post the DSS readings i got down below for more help. Thanks in Advance to anyone willing to try and help me out there.

DSS Readings

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 11.40.2
Run by Ryan Wrights at 23:25:54 on 2015-10-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3518.2347 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 {fef7f75c-f985-4250-96f9-8183cd04238b}w64;{fef7f75c-f985-4250-96f9-8183cd04238b}w64;C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}w64.sys [2014-10-16 48792]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-2 1148744]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-2 1795912]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-9-29 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-9 114688]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-2 19784]
S3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-2 19819848]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2021-01-01 08:23:03 -------- dcsh--w- C:\Users\Ryan Wrights\AppData\Local\EmieUserList
2021-01-01 08:23:03 -------- dcsh--w- C:\Users\Ryan Wrights\AppData\Local\EmieSiteList
2021-01-01 08:20:25 -------- dc----w- C:\Users\Ryan Wrights\AppData\Local\LogMeIn Rescue Applet
2021-01-01 07:40:47 -------- dc----w- C:\Windows\System32\MRT
2015-10-14 10:56:25 -------- d-----w- C:\Windows\Panther
2015-10-14 10:43:26 -------- dc-h--w- C:\$WINDOWS.~Q
2015-10-14 10:37:33 -------- dc-h--w- C:\$INPLACE.~TR
2015-10-14 09:59:45 62792 ----a-w- C:\Windows\System32\nvshext.dll
2015-10-14 09:59:44 878400 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-10-14 09:59:44 6223680 ----a-w- C:\Windows\System32\nvcpl.dll
2015-10-14 09:59:44 3299472 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-10-14 09:59:44 2558272 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-10-14 09:59:44 117392 ----a-w- C:\Windows\System32\nvmctray.dll
2015-10-14 09:59:16 -------- dc----w- C:\ProgramData\NVIDIA Corporation
2015-10-14 09:59:10 -------- dc----w- C:\Program Files\NVIDIA Corporation
2015-10-12 04:48:47 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AB63DAD-DF46-492D-B8C9-FDF51E898708}\offreg.1676.dll
2015-10-12 00:51:19 374272 -c--a-w- C:\Windows\System32\NVUNINST.EXE
2015-10-12 00:51:00 -------- dc----w- C:\dell
2015-10-11 08:48:52 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AB63DAD-DF46-492D-B8C9-FDF51E898708}\mpengine.dll
2015-09-19 12:33:29 -------- dc----w- C:\Users\Ryan Wrights\AppData\Local\gtk-2.0
2015-09-19 12:33:11 -------- dc----w- C:\Users\Ryan Wrights\.thumbnails
2015-09-18 10:08:11 -------- dc----w- C:\Users\Ryan Wrights\.gimp-2.8
2015-09-18 10:03:00 -------- dc----w- C:\Program Files\GIMP 2
.
==================== Find3M ====================
.
2015-09-17 06:25:18 778440 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-09-17 06:25:18 142536 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-09 10:08:57 41984 ------w- C:\Windows\System32\UtcResources.dll
2015-09-09 10:08:57 1390592 ----a-w- C:\Windows\System32\diagtrack.dll
2015-09-09 10:03:37 91136 ------w- C:\Windows\System32\WinSetupUI.dll
2015-09-09 10:03:37 12288 ------w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-12 10:23:08 17344 ------w- C:\Windows\System32\CompatTelRunner.exe
.
============= FINISH: 23:26:58.92 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2015 3:51:44 AM
System Uptime: 10/15/2015 3:38:01 AM (20 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Sempron(tm) Processor LE-1250 | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 335.964 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.063 GiB free.
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: PCI CX11261 Soft Modem
Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&1A24ACD9&0&5020
Manufacturer: Conexant
Name: PCI CX11261 Soft Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&1A24ACD9&0&5020
Service: Modem
.
==== System Restore Points ===================
.
RP3: 10/14/2015 4:28:55 AM - Removed NetWaiting
RP4: 10/14/2015 4:29:24 AM - Removed NetWaiting
RP5: 10/14/2015 4:30:27 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Any Video Converter 5.8.1
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Aurora 3D Animation Maker version 14.07.21
Avidemux 2.6 (32-bit)
Bonjour
D3DX10
DivX Setup
DVD Architect Studio 5.0
GIMP 2.8.14
Google Chrome
Google Earth
Google Earth Pro
Google Update Helper
iTunes
Java 7 Update 71
Java 8 Update 40
Java Auto Updater
Junk Mail filter update
MergeModule_x86
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Expression Encoder 4
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Movie Maker
Movie Studio Platinum 13.0 (64-bit)
MP3 Rocket
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA Control Panel 309.08
NVIDIA Drivers
NVIDIA GeForce Experience 2.1.4
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 309.08
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA ShadowPlay 16.13.65
NVIDIA Update 16.13.65
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.26
Photo Common
Photo Gallery
PlayMemories Home
PMB_ModeEditor
PMB_ServiceUploader
QuickTime 7
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)
SHIELD Streaming
SHIELD Wireless Controller Driver
SketchUp 2014
SketchUp 2015
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinISD Pro [alpha]
WinISD v0.7
x264vfw - H.264/MPEG-4 AVC codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
10/15/2015 3:36:53 AM, Error: Service Control Manager [7043] - The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
10/14/2015 4:22:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/14/2015 4:20:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/14/2015 4:19:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/14/2015 4:19:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/14/2015 4:19:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/14/2015 4:19:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
10/14/2015 11:52:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/14/2015 1:52:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ttnfd
10/14/2015 1:52:39 AM, Error: Service Control Manager [7000] - The Update SunriseBrowse service failed to start due to the following error: The system cannot find the file specified.
10/14/2015 1:52:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
10/14/2015 1:52:37 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/14/2015 1:52:28 AM, Error: Service Control Manager [7023] - The Windows Audio Endpoint Builder service terminated with the following error: Error performing inpage operation.
10/14/2015 1:52:28 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: Error performing inpage operation.
10/14/2015 1:50:56 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/14/2015 1:46:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom ttnfd
10/14/2015 1:15:35 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
10/11/2015 7:12:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr ttnfd Wanarpv6
10/11/2015 5:53:46 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
.
==== End Of File ===========================

Hey guys,

So recently, i had this CTB locker on my computer that took many of my personal files 'hostage', in that it has changed the file-types of said hostage files. This has disabled my ability to access said files, while they are still on my PC. Is there anyone that can help me with this issue?

The files in question are mainly personal files, like pictures(JPEGS, PNGs, etc), text documents(Mainly TXT's and RTF's), and so on. Other corrupted files include game files (mainly TXT files).

A friend of mine offered me a program called Photorec, which should be able to recover all of said files. However, despite after having it scan for corrupted files for well over 10 hours, it offered little to no results. Only a handful of files were found/recovered, and these files were found quite early on in the scan. For the rest of the scan, there has been little to no change in files found, and the estimated time it took to complete the scan has only increased to about 2500 hours, before my pc was accidentally restarted due to a required update, causing me to be back to where i began... With next to no knowledge of this program, or how to get my files back at all, my friend told me about this forum.

My question: Is there anyone out there with knowledge of CTB viruses and file recovery? If there is, please contact me by either replying to this thread, or adding me on skype: xx-vypra-xx (Brian Lammers from the Netherlands should be the only result, and yes, that is me).

System Restore is no longer creating automatic restore points and is not retaining manually created points.
It also shows a Runtime error message and that message seems to cause Microsoft Help and Support pop up message to crash.
This happens also on opening Safe Mode.
I had posted this in the Vista forums but SpywareDr thought that there might be spyware or Malware involved and suggested checking this out.
I have run extensive antivirus checks but all have come up clean.

Dear Sirs

I recently opened an email, (despite being warned not to do so by Goole), sent to me from BrianandSally!

Sally is my stepbrother’s daughter & Brian is her husband, but the email was not from my relatives.

Ever since I opened the email, Google has had problems:

It keeps locking on me, and I cannot go forwards, backwards or open another link.

The only way to get out of the problem is to reboot my computer.

My computer has Windows 8

Jack Willday

Hi Guys.

In the last week my Google Chrome keeps opening pop-up windows for no reason with different websites.
It happens when I surf, but also when I'm not touching the computer and the Chrome is open.
This means that if I open Chrome, leave the computer and come back after 1 hour, I can have A LOT of pop up windows that opened up in the meantime.

I can't detect any other issues. Computer is not slow or anything. Just those endless pop ups. Looks definitly like some kind of malware.

I'm attaching the logs.
Thank you for your help!

**************
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 11.31.2
Run by Shahar Ben-Porath at 21:42:47 on 2015-10-18
Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.2922.1047 [GMT 3:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: Kaspersky Internet Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Windows\system32\taskhost.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=COSP&ptag=D101515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.maxiwe.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ActiveMail Add-on: {2BBC8EDB-3D27-4FD3-9F9F-DFDC5B4A27A4} - c:\program files\activepath\addon\apieinbodyBHO.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - <orphaned>
BHO: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - c:\program files\agat\agform\AGFormsHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - c:\program files\kaspersky lab\kaspersky internet security 16.0.0\ieext\ie_plugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} -
TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - c:\program files\kaspersky lab\kaspersky internet security 16.0.0\ieext\ie_plugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\shahar ben-porath\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AVG-Secure-Search-Update_0913b] c:\users\shahar ben-porath\appdata\roaming\avg 0913b campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
uRun: [GoogleChromeAutoLaunch_B1CFEE270F926F92FBAC5A26A0459617] "c:\users\shahar ben-porath\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Dropbox Update] "c:\users\shahar ben-porath\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Web Companion] c:\program files\lavasoft\web companion\application\WebCompanion.exe --minimize
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Power Manager Power Agenda] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.8.586.8535\AdAwareTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: ש&לח אל OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
LSP: c:\windows\system32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{A68E97FE-3021-4C69-AB0D-F919893DC660} : DHCPNameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{F64C6EC5-5E94-4367-97B9-C4EB5204B9AA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 0.0.0.1 mssplus.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Bingֲ®
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=COSP&ptag=D101515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\shahar ben-porath\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-16 08:40; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [2015-7-6 201912]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-18 51144]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-3 26984]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2015-10-18 44728]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2015-6-8 39304]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2015-6-11 54328]
R1 Klwtp;Klwtp;c:\windows\system32\drivers\klwtp.sys [2015-6-16 87736]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2015-6-23 156856]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2015-6-6 58040]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-5-17 269824]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2015-10-18 136888]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-17 41088]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2010-9-28 38336]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2011-8-7 16256]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2015-6-6 46776]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2015-6-27 58224]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2015-6-11 33976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2011-9-6 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-9-6 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-9-6 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-9-16 73728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2015-6-6 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2015-6-7 38072]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
.
=============== Created Last 30 ================
.
2015-10-18 18:37:58 8884144 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba0d9d0e-e7c9-49f1-99be-c287ecc2ee9b}\mpengine.dll
2015-10-18 18:37:56 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-10-18 18:21:10 -------- d-----w- c:\windows\ELAMBKUP
2015-10-18 18:21:08 -------- d-----w- c:\programdata\Kaspersky Lab
2015-10-18 18:21:08 -------- d-----w- c:\program files\Kaspersky Lab
2015-10-18 18:20:44 44728 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-10-18 18:20:44 136888 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-10-17 16:29:42 -------- d-----w- c:\users\shahar ben-porath\appdata\local\TeamViewer
2015-10-17 16:27:24 -------- d-----w- c:\program files\TeamViewer
2015-10-15 06:28:17 -------- d-----w- c:\users\shahar ben-porath\appdata\local\Lavasoft
2015-10-15 06:27:41 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-10-15 06:26:19 -------- d-----w- c:\program files\Lavasoft
2015-10-15 05:28:44 -------- d-----w- c:\program files\common files\Lavasoft
2015-10-15 04:13:09 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 04:13:09 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 04:13:09 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 04:13:09 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 04:13:09 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 04:13:09 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 04:13:09 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-14 09:26:39 -------- d-----w- c:\program files\CCleaner
2015-10-14 07:16:37 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2015-09-26 23:19:22 252648 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2015-09-20 06:59:25 -------- d-----w- c:\program files\Citrix
2015-09-20 06:59:13 -------- d-----w- c:\users\shahar ben-porath\appdata\local\Citrix
.
==================== Find3M ====================
.
2015-10-18 18:34:21 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2015-10-17 14:30:09 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 14:30:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 03:05:01 3990976 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-29 03:02:09 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-09-29 02:59:20 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- c:\windows\system32\srclient.dll
2015-09-29 02:59:16 400896 ----a-w- c:\windows\system32\srcore.dll
2015-09-29 02:59:13 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-29 02:59:08 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-09-29 02:58:57 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-09-29 02:58:57 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- c:\windows\system32\credssp.dll
2015-09-29 02:58:37 69632 ----a-w- c:\windows\system32\smss.exe
2015-09-29 02:58:33 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-09-29 02:58:05 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-09-29 02:53:44 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-29 02:49:51 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-09-29 02:49:50 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-29 01:43:28 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-09-29 01:43:11 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-09-29 01:43:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-09-25 17:59:08 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-09-25 17:59:08 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-09-25 17:59:08 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-25 17:58:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-25 17:58:29 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-25 17:58:25 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-09-16 03:45:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-16 03:45:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-09-16 03:33:26 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- c:\windows\system32\html.iec
2015-09-16 03:31:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-09-16 03:23:07 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-09-16 03:23:01 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-09-16 03:22:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-09-16 03:18:00 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-09-16 03:10:46 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-16 03:05:51 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-09-16 02:55:49 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-09-16 02:55:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-09-16 02:37:26 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-09-15 17:42:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-09-15 17:42:14 139096 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-09-15 17:36:40 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-09-15 17:36:40 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-09-15 17:36:38 248832 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36:38 22016 ----a-w- c:\windows\system32\secur32.dll
2015-09-15 17:36:35 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-15 17:36:30 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-09-15 17:35:49 22528 ----a-w- c:\windows\system32\lsass.exe
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36:35 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-06 17:44:36 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-08-06 08:43:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-08-06 08:43:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-08-05 17:41:00 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40:50 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40:50 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40:50 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-22 17:53:34 937984 ----a-w- c:\windows\system32\diagtrack.dll
2015-07-22 17:53:31 635392 ----a-w- c:\windows\system32\tdh.dll
2015-07-22 17:53:10 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-07-22 16:38:27 41984 ----a-w- c:\windows\system32\UtcResources.dll
2015-07-16 05:07:57 6420480 ----a-w- c:\program files\GUTAD7B.tmp
2014-03-30 16:02:59 6000640 ----a-w- c:\program files\GUTA2A7.tmp
.
============= FINISH: 21:48:28.69 ===============

Attached Files

attach.txt (12.2 KB)

PC - HP Probook 4530s, Intel Core i5-2450 (2.5ghz), Windows 7 64-bit, 4 GB RAM, HDD 500 GB (226GB free), purchased Jan. 2012

I will get right into it:

1. Computer's fan has been running hard and non-stop for several months now, fan exhaust is always hot. Fan does turn off when computer is put into sleep mode or shutdown. I have opened the back panel and thoroughly cleaned the fan and other components with a can of air. I have run AdwCleaner, MWB-Antimalware, ESET OnlineScanner in hopes of identifying a virus (all scans came back negative).

2. Computer has suddenly started running slow for last 3-4 days, all programs and web browser are loading slowly. I have also addressed all of the issues outlined on this page http://www.techsupportforum.com/foru...ow-532075.html

3. Battery is completely gone. Computer will shut off immediately if power cord is removed. (I know this is normal for a 3 year old notebook, just including it in case this may have some connection with the fan running.)

I was planning on posting this in the Windows forum however I thought perhaps I should ensure that some more covert form of malware was not behind these problems first. I have included my logs below, any expert advice would be deeply appreciated.

Thanks,

987654321

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 11.40.2
Run by Arif at 14:33:08 on 2015-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4030.2149 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [AdobeBridge] <no file>
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Arif\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Arif\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\2656C6B696E6E2369303E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\3416E6475627265727970255E69667562737964797 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\34F4C4055726C69636 : DHCPNameServer = 10.20.10.2
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\3637D69647866364 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{349A03F5-786E-4C14-8EF8-B7FDC4858ECB}\D45646963616C633 : DHCPNameServer = 192.168.253.10 8.8.8.8
TCP: Interfaces\{8876C2B0-4C9A-46F5-AA23-87D29A01A8DF} : DHCPNameServer = 192.168.253.10 8.8.8.8
TCP: Interfaces\{BE677193-EDE4-4FEF-93A4-A17D4C2A0A2C} : NameServer = 64.71.255.198 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arif\AppData\Roaming\Mozilla\Firefox\Profiles\za5zexv5.default-1412869890417\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2015-10-18 89600]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-1-26 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-2 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-24 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-24 1135416]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-2 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-21 3154224]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-24 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-22 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-2 1145448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;"C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe" --> C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\windows\System32\drivers\swg3kser00.sys [2012-4-17 258432]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\windows\System32\drivers\swiwdmbx64.sys [2012-4-17 109312]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\windows\System32\drivers\swnc8ua3.sys [2012-4-17 295936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-19 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2015-10-18 18:02:40 -------- d-----w- C:\Users\Arif\AppData\Local\Xobni
2015-10-18 17:54:42 -------- d-----w- C:\ProgramData\PDFC
.
==================== Find3M ====================
.
2015-10-18 18:49:16 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-10-05 14:50:18 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-10-05 14:50:10 109272 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-10-05 14:50:06 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-09-11 15:40:52 778440 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-09-11 15:40:52 142536 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:33:47.78 ===============

Attached Files

attach.txt (12.4 KB)

Hi I am new here. I just want to ask some help. I do have a laptop and some sort of virus turned off some windows services. Current status:

- Wifi doesnt work(cant detect wifi. wifi icon doesnt even show)
- Audio services not working

I only noticed these things so far. Don't know if it turned off other services.
Some laptop infos:

Acer Aspire E1-471
Windows 7 Home Basic

Please help :(

Hi,
So my email client which is set to automatic gave me a random request to login. It has been almost 20 years since i started using a computer and that happened only a few times. Usually it just goes away. This time it kept coming back. So instead of logging in since my email is supposed to be automatic I opened the client properties and checked each tab the closed it and it worked. next time it check mail automatically it asked me to login again.
I ran a Scan with MSE and it has gone away.

I suspect that somehow I received a bit o code from some kind soul that would trigger this necessity hoping to track me logging in.
Its just a theory but it was persistent until I scanned. So I am posting to alert in case this is a thing.

Hi,

Since buying my laptop over 3 years ago I have NEVER been able to update windows, access the itunes store, IE, steam and a few other programs. I can however use the internet with chrome, firefox, file sharing software, etc with no problems whatsoever.

When I try to use Windows update it says: "Windows could not search for new updates Code 80072F8F".
When I click on the iTunes store button it stays on "Accessing iTunes store" indefinitely.
IE opens up, but cannot load any webpages.

After peviosuly being unable to solve the problem, I swept it under the rug until recently getting an iphone 6 (having forgotten about this issue) and hit my head against a wall remembering that I can't put my music onto my computer because I can't access the itunes store.

Things I have done so far to try and solve the issue:

1) Temporarily disabled antivirus software (AVG)
2) Made sure I'm not using a proxy
3) Repairing my internet connection
4) Reinstalling said programs which don't work (itunes, steam etc)
5) Restarting in safe mode with networking
6) Performing a clean boot
7) Ran SFC /scannow (couldn't fix all files) and then SFCfix ("No corruptions were detected") and then SFC /scannow a 2nd time (couldn't fix files)
8) Checked my BIOS clock settings
9) Downloaded Malware bytes and ran a scan - removing 7 PUPs
10) Ran the DDS file (see attachment)

spunk.funk and masterchiefxx17 advised me to post here for advice. Previous thread can be found here:
hxxp://www.techsupportforum.com/forums/f320/cannot-connect-to-windows-update-itunes-store-steam-ie-and-others-1053114.html#post6682698

Thanks in advance!

Attached Files

attach.txt (9.3 KB)

I've had this adware for the past three weeks. Various key words on any opened web page will become active links to another advertising website. When moused over the link, a bubble pops up which says along the bottom, "Ad by ffsecure". I've run several bug programs, including, Panda, Avast, Reason Core Security, Spyware Blaster, SuperAntiSpyware, and AVG; all to no avail. Can anyone help?
I did run Combofix and I included the log below:

ComboFix 15-10-23.01 - Asus 10/24/2015 22:55:57.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6030.3582 [GMT -5:00]
Running from: c:\users\Asus\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-09-25 to 2015-10-25 )))))))))))))))))))))))))))))))
.
.
2015-10-25 04:06 . 2015-10-25 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-24 07:51 . 2015-10-24 07:51 -------- d-----w- c:\users\Asus\AppData\Roaming\BOINC
2015-10-24 07:38 . 2015-10-25 04:05 -------- d-----w- c:\programdata\BOINC
2015-10-24 07:38 . 2015-10-24 07:38 -------- d-----w- c:\program files\BOINC
2015-10-24 07:36 . 2015-10-24 07:36 -------- d-----w- c:\windows\Downloaded Installations
2015-10-24 07:32 . 2014-05-16 19:04 254240 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-10-24 07:31 . 2014-05-16 19:03 128288 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-10-24 07:30 . 2015-10-24 07:30 -------- d-----w- c:\program files\Oracle
2015-10-18 07:31 . 2015-10-22 09:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C07354E-7451-4FD7-9C83-3C8B113E9766}\offreg.dll
2015-10-16 02:51 . 2015-10-16 02:51 -------- d-----w- c:\users\Asus\AppData\Roaming\AVAST Software
2015-10-16 02:50 . 2015-10-16 02:52 -------- d-----w- c:\windows\SysWow64\vbox
2015-10-16 02:50 . 2015-10-16 02:52 -------- d-----w- c:\windows\system32\vbox
2015-10-16 02:49 . 2015-10-16 02:48 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-16 02:49 . 2015-10-16 02:48 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-10-16 02:49 . 2015-10-16 02:48 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-16 02:49 . 2015-10-16 02:48 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-16 02:49 . 2015-10-16 02:48 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-16 02:49 . 2015-10-16 02:48 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-16 02:49 . 2015-10-16 02:48 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-10-16 02:49 . 2015-10-16 02:48 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-16 02:49 . 2015-10-16 02:48 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-10-16 02:49 . 2015-10-16 02:48 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-16 02:48 . 2015-10-16 02:48 43112 ----a-w- c:\windows\avastSS.scr
2015-10-16 02:47 . 2015-10-16 02:47 -------- d-----w- c:\program files\AVAST Software
2015-10-16 02:44 . 2015-10-16 02:44 -------- d-----w- c:\programdata\AVAST Software
2015-10-15 01:52 . 2015-10-15 01:52 -------- d-----w- c:\programdata\Reason
2015-10-15 01:50 . 2015-10-15 01:50 -------- d-----w- c:\program files\Reason
2015-09-30 20:47 . 2015-09-30 20:47 225976 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-27 21:17 . 2015-08-27 21:17 1156928 ----a-w- c:\windows\boinc.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-19 02:12 223432 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-19 02:12 223432 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-19 02:12 223432 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
"Google Photos Backup"="c:\users\Asus\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2015-10-13 3787080]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE" [2013-01-24 297024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-16 6134544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.163\SSScheduler.exe [2015-7-31 330456]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2015-4-6 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Hidndruswru;Hidndruswru; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.163\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.163\McCHSvc.exe [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ngvss;ngvss; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys;c:\windows\SYSNATIVE\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys;c:\windows\SYSNATIVE\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys;c:\windows\SYSNATIVE\Drivers\avgtdia.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\AVG\AVG8\avgemc.exe;c:\progra~2\AVG\AVG8\avgemc.exe [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe;c:\progra~2\AVG\AVG8\avgwdsvc.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 rscp;Reason Core Security Bundle Protection;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [x]
S2 rsEngineSvc;Reason Core Security Engine Service;c:\program files\Reason\Security\rsEngineSvc.exe;c:\program files\Reason\Security\rsEngineSvc.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - VBOXDRV
*NewlyCreated* - VBOXUSBMON
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-25 c:\windows\Tasks\EPSON XP-610 Series Invitation {2F35EE4A-52C0-4400-AB50-6CDFF5E00600}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-07-09 00:20]
.
2015-10-25 c:\windows\Tasks\EPSON XP-610 Series Update {2F35EE4A-52C0-4400-AB50-6CDFF5E00600}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-07-09 00:20]
.
2015-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-806272418-2317806128-900787372-1000Core.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-03 06:23]
.
2015-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-806272418-2317806128-900787372-1000UA.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-03 06:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-19 02:12 262344 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-19 02:12 262344 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-19 02:12 262344 ----a-w- c:\users\Asus\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-16 02:48 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-22 440600]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2015-08-27 68928]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2015-08-27 9016128]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 66.90.130.101 66.90.130.10
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\bdc1vpbc.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - Google
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Asus\Pictures\Startup\ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-24 23:10:03
ComboFix-quarantined-files.txt 2015-10-25 04:10
.
Pre-Run: 642,208,051,200 bytes free
Post-Run: 641,841,926,144 bytes free
.
- - End Of File - - 5ADFB23EB4CC1316932C252C8558F82E
A36C5E4F47E84449FF07ED3517B43A31

Dear Sirs

I recently opened an email, (despite being warned not to do so by Goole), sent to me from BrianandSally!

Sally is my stepbrother’s daughter & Brian is her husband, but the email was not from my relatives.

Ever since I opened the email, Google has had problems:

It keeps locking on me, and I cannot go forwards, backwards or open another link.

The only way to get out of the problem is to reboot my computer.

My computer has Windows 8

Jack Willday