Hello,

A couple days ago my computer started running very slowly when using Chrome or Firefox. Pages wouldn't load and/or would load very slowly. When this happened I ran a scan with my McAfee security and it found a virus called Artemis!9C2E73D3CEEA that it said it removed. Then I ran the scan again and it found and removed 1 file (not sure what it removed). Then I ran a third time and it said it was clear. My computer is still running slow and certain websites aren't loading well (gmail, Kelly Blue Book, etc) . One last thing to mention is that in Chrome the default search engine keeps changing to yahoo when I never changed it (I prefer google). Even when I change it back to google it seems to switch back to yahoo on it's own.

I do not have access to a Windows install disc.

Thanks so much in advance for your help.
Jenny
--------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 11.65.2
Run by Cliffside at 10:10:25 on 2015-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.1959 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\GWX\GWX.exe
C:\Users\Cliffside\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Cliffside\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Playskool\MADE FOR ME Software\HbDetect.exe
C:\Users\Cliffside\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Users\Cliffside\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Users\Cliffside\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\Cliffside\AppData\Roaming\ShieldSoft\UI\bin\shieldsoft.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
C:\Users\Cliffside\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe
C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Cliffside\AppData\Roaming\ShieldSoft\UI\bin\shieldsoft64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: BlspcHlpr Class: {15C9938F-CB96-496D-800A-B827F2E34EA1} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Value Apps plugin: {F63AAEDC-3602-49EF-AA45-262380A98980} -
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [Google Update] "C:\Users\Cliffside\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [HbDetect.exe] C:\Program Files (x86)\Playskool\MADE FOR ME Software\HbDetect.exe
uRun: [Dropbox Update] "C:\Users\Cliffside\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [SansaDispatch] C:\Users\Cliffside\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [FPCCSMiddleware] C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Digital Coupon Print Driver] "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
mRun: [Http Listener] C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\CLIFFS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Cliffside\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D49FA43E-FF7E-428A-A7EC-0A30819B003E} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: BlspcHlpr Class: {15C9938F-CB96-496D-800A-B827F2E34EA1} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cliffside\AppData\Roaming\Mozilla\Firefox\Profiles\sx6qie0q.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=C111US91021D20130814&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\CLIFFS~1\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Users\Cliffside\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\Mozilla\Firefox\Profiles\sx6qie0q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Cliffside\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 875928]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 344704]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-1 52856]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 1413104]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2015-9-4 5750440]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 368048]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 99128]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-11-11 157928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-8 782608]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [2015-9-1 1694152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 368048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 368048]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 368048]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-8 368048]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-6-30 373704]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-8-14 254792]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2014-3-27 581568]
R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2013-12-4 25600]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-12 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
R2 ShieldSoft;ShieldSoft Protection;C:\Users\Cliffside\AppData\Roaming\ShieldSoft\UI\bin\shieldsoftService.exe [2015-11-13 83456]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-12 2656280]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-8-14 77536]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 412440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-8-14 347800]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-8-14 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-8-14 496888]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-6-28 529080]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-11-11 37960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-12 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-11-8 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-28 207208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-11-11 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-12 158976]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2013-12-25 79920]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [2015-7-31 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-6-28 109728]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-9-17 1910128]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-23 1255736]
.
=============== Created Last 30 ================
.
2015-11-15 14:33:56 -------- d-----w- C:\Users\Cliffside\.oracle_jre_usage
2015-11-13 15:40:27 -------- d-----w- C:\Users\Cliffside\AppData\Roaming\ShieldSoft
2015-11-12 05:34:57 3211264 ----a-w- C:\Windows\System32\win32k.sys
2015-11-11 08:29:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-11-07 02:36:41 901288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc55.dll
2015-11-06 00:40:55 -------- d-----w- C:\Program Files (x86)\PrintMyCouponAnywhere
2015-11-06 00:29:28 -------- d-----w- C:\Users\Cliffside\AppData\Local\Hopster
2015-11-06 00:28:52 -------- d-----w- C:\Program Files (x86)\Digital Coupon Printer
2015-11-02 21:54:32 -------- d-----w- C:\Users\Cliffside\AppData\Local\{E1C2C17D-9EE2-4742-B80B-9DC065B3AD99}
2015-10-23 18:24:27 -------- d-----w- C:\Program Files\iPod
2015-10-23 18:24:27 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2015-11-15 14:33:14 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-10 23:19:09 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-11-10 23:19:09 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-30 23:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-10-30 23:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-10-30 23:25:55 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-10-30 23:25:15 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-10-30 23:25:08 417792 ----a-w- C:\Windows\System32\html.iec
2015-10-30 23:24:50 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-10-30 23:24:34 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-10-30 23:12:09 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-10-30 23:12:09 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-10-30 23:11:58 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-10-30 23:11:46 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-10-30 22:58:29 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-10-30 22:53:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-10-30 22:47:08 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-10-30 22:44:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-10-30 22:36:25 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-10-30 22:29:57 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-10-30 22:29:52 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-10-30 22:23:51 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-10-30 22:17:06 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-10-30 22:16:43 4527616 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-10-29 17:50:44 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-10-29 17:50:30 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-10-29 17:50:29 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-10-29 17:50:29 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50:29 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50:29 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50:29 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50:21 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-10-29 17:50:14 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-10-29 17:49:58 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-10-29 17:49:57 562176 ----a-w- C:\Windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-10-29 17:39:57 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-10-20 18:42:14 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-10-20 18:42:14 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-10-20 18:42:14 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-10-20 18:41:36 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-10-20 18:41:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-10-20 18:41:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-10-20 17:46:02 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-10-20 17:46:02 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-10-20 17:45:08 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-10-20 01:12:12 5570496 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-10-20 01:12:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-10-20 01:12:10 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-10-20 01:09:05 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-10-20 01:06:18 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-10-20 01:06:18 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-10-20 01:06:18 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-10-20 01:06:18 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-10-20 01:04:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-10-20 01:04:40 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-10-20 01:04:35 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-10-20 01:00:20 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-10-20 00:59:20 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-10-20 00:52:02 3991488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48:46 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-10-20 00:44:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-10-20 00:44:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-10-20 00:44:18 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-10-20 00:44:18 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-10-20 00:44:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-10-20 00:39:32 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-10-19 23:41:20 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-10-19 23:40:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-10-19 23:40:39 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-10-19 23:29:36 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-10-19 23:29:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-10-19 23:27:10 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-10-19 23:27:10 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-19 23:27:10 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-19 23:27:10 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 16:41:05 497664 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-10-13 16:40:33 118272 ----a-w- C:\Windows\System32\drivers\tdx.sys
2015-10-13 06:29:08 875720 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 06:22:02 869568 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2015-10-13 04:57:21 950720 ----a-w- C:\Windows\System32\drivers\ndis.sys
2015-10-01 18:06:49 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:51 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-10-01 18:00:50 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
.
============= FINISH: 10:11:29.92 ===============

Attached Files

attach.txt (519.0 KB)

I have PeerBlock on my computer which starts up automatically but today a window popped up after startup saying something along the lines of "Peerguardian 2 cannot run whilst PeerBlock is running. Please close and restart". I haven't even heard of Peerguardian 2 let alone chosen to download it so I was suspicious about whether it was a virus. Googling it though is giving a bit of a mixed opinion - it seems to be a genuine program but I also came up with lots of results about it being a particularly nasty trojan. I'm inclined to believe the latter in my case as I recently reformatted my computer so it normally runs fairly fast but is being particularly slow to respond today.
Anyone know whether it is a virus and how to safely remove it? I cant find it on my computer anywhere to uninstall (even in control panel programs or task manager).

Thanks

Dear all,

A couple of month ago, I was instructed by a user here to perform a Chrome disinfection. Nonetheless, after doing it all, installing a new version of Chrome (now I am using the canary version), DNS Unlocker came back in full force...

Could Anyone help me out on how to solve this?

This virus is very annoying and keeps opening unwanted tabs.

Thank you in advance.

When I mean 'random', I mean that I have been noticing that my browsers would, only now and again, try to pop up a random webpage.

Stated a while ago after I let someone hold my laptop for a bit, only to come back to something called 'SpringFiles'. I know this is likely similar to Kazza or whatever it was back in the day, so, I uninstalled it, and scalded him appropriately.

Anywho, that's when I noted my browser issues.

So, just as an example, I'd be on Imgur, or some other site, and try to click, like, 'Next Image', or pretty much anything, and the mouse would not reply like it should when you are about to click a link; it would stay a mouse cursor, and a new tab would -sometimes- appear when clicked, -then- that link you clicked on in the first place would be highlighted by the mouse with the little link hand thingy like, 'Hey! This is a link!'

So, TL;DR, mouse cursor doesn't highlight link right. You click, new tab. I close that tab, and resume my browsing, and that link I clicked the first time is no longer malicious, and just... is a link.

Before coming here to reach out for help, I did scans with my antivirus, Spybot, etc, etc. Nothing I run seems to wanna remove it. The URL it tried to go to is blocked automatically by NOD32, but, it's the whole idea that something is making my browser glitch... very annoying.

And, just as an FYI, I had to refresh this page to attach the required file, another pop-up attempted to render before it closed out. Does that sometimes, too.

Now, the technical voodoo, the parts where hopefully someone can make sense of it;

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 11.65.2
Run by hazyd_000 at 7:34:53 on 2015-11-17
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.8108.4268 [GMT -8:00]
.
AV: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ESET NOD32 Antivirus 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dashost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Ciuly\SVI Deleter\svi_deleter.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\RTFTrack.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\hazyd_000\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\hazyd_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\Users\hazyd_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:8082
uProxyOverride = <local>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Users\hazyd_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [GoogleChromeAutoLaunch_99B105205C87BE88897C5350BD5D11C7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRunOnce: [Uninstall C:\Users\hazyd_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\hazyd_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download ALL with IDA - <no file>
IE: Download remotely with IDA - <no file>
IE: Download with IDA - <no file>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{375e54fd-5521-4b93-961d-4c020ae59767} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9ca8deca-5e31-4538-8ea3-35e27ff55b63} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9ca8deca-5e31-4538-8ea3-35e27ff55b63}\8416A797E6563737 : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TNOD UP] "C:\Misc\TNod User & Password Finder\TNODUP.exe" /i
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Bluetooth] C:\Program Files\Lenovo\Bluetooth Software\bttray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hazyd_000\AppData\Roaming\Mozilla\Firefox\Profiles\1s6mhpeh.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\WINDOWS\System32\drivers\edevmon.sys [2015-7-13 251632]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-11 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2015-1-30 246000]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-6-28 2278152]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2015-7-8 1353720]
R2 epfwwfpr;epfwwfpr;C:\WINDOWS\System32\drivers\epfwwfpr.sys [2015-1-30 159480]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-6-28 1152656]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-17 351120]
R2 ImControllerService;System Interface Foundation Service;C:\Program Files\Lenovo\iMController\Service\Lenovo.Modern.ImController.exe [2015-9-23 35272]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2015-6-28 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-28 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-6-28 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-6-28 23007376]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-11-2 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-11-2 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-11-2 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-8-31 410744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 SVI_Deleter_Ciuly;System Volume Information Deleter;C:\Program Files (x86)\Ciuly\SVI Deleter\svi_deleter.exe [2015-9-14 834560]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-8-29 2100024]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-7-31 42328]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\WINDOWS\System32\drivers\anvsnddrv.sys [2015-10-25 33872]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 199472]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-6-28 214320]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2015-6-28 40248]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-3-4 30512]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-6-28 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-6-28 46768]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-22 886528]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2015-6-15 761600]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2015-6-16 3068160]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-3 42696]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-8-21 14112]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2015-7-10 165376]
S3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2015-7-10 36864]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 HPMoA407;Mouse Suite Driver_A407 (WDF Version);C:\WINDOWS\System32\drivers\HPMoA407.sys [2015-10-8 25088]
S3 HPubA407;USB Mouse Low Filter Driver_A407 (WDF Version);C:\WINDOWS\System32\drivers\HPubA407.sys [2015-10-8 18944]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-3-4 42288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-31 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-31 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-11 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-31 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-9-11 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-11-17 13:33:17 16148 ----a-w- C:\WINDOWS\System32\HAZY-LAPPY_hazyd_000_HistoryPrediction.bin
2015-11-16 19:46:09 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24217E45-BFB9-4648-978F-ED7099822611}\mpengine.dll
2015-11-15 22:36:00 -------- d-----w- C:\Users\hazyd_000\AppData\Roaming\TuneUp Software
2015-11-15 22:35:29 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2014
2015-11-15 22:33:38 -------- d-----w- C:\ProgramData\TuneUp Software
2015-11-15 22:33:28 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-11-15 22:33:28 -------- d--h--w- C:\ProgramData\Common Files
2015-11-15 22:30:21 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-11-14 19:58:52 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF0AC20E-A035-460B-A83E-81DF8F871BC5}\gapaengine.dll
2015-11-11 18:01:32 -------- d-----w- C:\BIOS
2015-11-10 13:31:56 -------- d-----w- C:\ProgramData\Auslogics
2015-11-10 13:31:45 -------- d-----w- C:\Program Files (x86)\Auslogics
2015-11-10 06:58:16 -------- d-----w- C:\Users\hazyd_000\AppData\Local\Fallout4
2015-11-08 12:38:03 14232 ----a-w- C:\WINDOWS\SysWow64\sh4native.exe
2015-11-07 08:37:31 -------- d--h--w- C:\ProgramData\CanonIJFAX
2015-11-07 08:37:29 303104 ----a-w- C:\WINDOWS\System32\CNCALC2.DLL
2015-11-07 08:36:20 30208 ----a-w- C:\WINDOWS\System32\Spool\prtprocs\x64\CNMPDC2.DLL
2015-11-07 08:36:20 101888 ----a-w- C:\WINDOWS\System32\Spool\prtprocs\x64\CNMPPC2.DLL
2015-11-07 08:36:12 391168 ----a-w- C:\WINDOWS\System32\CNMLMC2.DLL
2015-11-05 06:17:11 110080 ----a-r- C:\Users\hazyd_000\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2015-11-05 06:17:11 110080 ----a-r- C:\Users\hazyd_000\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2015-11-05 06:17:11 110080 ----a-r- C:\Users\hazyd_000\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2015-11-05 06:17:10 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2015-11-05 06:16:31 -------- d-----w- C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-11-05 06:16:29 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-11-04 06:52:34 -------- d-----w- C:\AdwCleaner
2015-11-03 02:54:07 -------- d-----w- C:\Program Files\Common Files\AV
2015-11-03 02:47:56 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2015-11-03 02:47:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-11-03 02:47:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-02 04:00:01 -------- d-----w- C:\Program Files\ESET
2015-11-01 01:45:06 -------- d-----w- C:\Users\hazyd_000\AppData\Local\ESET
2015-11-01 01:40:05 -------- d-----w- C:\Users\hazyd_000\AppData\Roaming\GRLevel3_2
2015-11-01 01:40:05 -------- d-----w- C:\Users\hazyd_000\AppData\Local\GRLevelX
2015-11-01 01:40:05 -------- d-----w- C:\Users\hazyd_000\AppData\Local\GRLevel3_2
2015-11-01 01:38:42 -------- d-----w- C:\Program Files (x86)\GRLevelX
2015-10-28 03:33:07 -------- d-----w- C:\Users\hazyd_000\AppData\Local\CrashDumps
2015-10-26 05:47:39 -------- d-----w- C:\ProgramData\AVS4YOU
2015-10-26 05:47:38 -------- d-----w- C:\Users\hazyd_000\AppData\Roaming\AVS4YOU
2015-10-26 05:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2015-10-26 05:45:20 24576 ----a-w- C:\WINDOWS\SysWow64\msxml3a.dll
2015-10-26 05:45:20 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2015-10-26 05:10:25 33872 ----a-w- C:\WINDOWS\System32\drivers\anvsnddrv.sys
2015-10-26 04:53:22 -------- d-----w- C:\Users\hazyd_000\AppData\Roaming\AnvSoft
2015-10-26 04:53:08 -------- d-----w- C:\Program Files (x86)\AnvSoft
2015-10-22 08:21:56 -------- d---a-w- C:\Program Files (x86)\VAMT 2.0
.
==================== Find3M ====================
.
2015-11-17 13:33:32 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-05 05:15:45 8020832 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-11-05 05:15:43 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-11-05 05:14:21 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-11-05 05:13:31 577888 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2015-11-05 05:11:46 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-11-05 05:06:10 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-11-05 05:01:05 607408 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-11-05 04:56:48 1083072 ----a-w- C:\WINDOWS\System32\appraiser.dll
2015-11-05 04:56:44 25280 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2015-11-05 04:56:39 116064 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2015-11-05 04:30:20 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-11-05 04:23:42 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-11-05 04:23:32 762888 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-11-05 04:20:43 21873664 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-05 04:18:37 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-11-05 04:18:34 539728 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-11-05 04:17:35 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-11-05 04:12:31 515072 ----a-w- C:\WINDOWS\System32\internetmail.dll
2015-11-05 04:11:30 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-11-05 04:10:48 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-11-05 04:07:02 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-11-05 04:06:41 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-11-05 04:03:52 2180608 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-11-05 04:03:49 1015808 ----a-w- C:\WINDOWS\System32\RDXService.dll
2015-11-05 04:01:52 949760 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-11-05 04:01:41 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-11-05 04:01:38 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-11-05 03:59:20 3587072 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-11-05 03:59:13 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-11-05 03:58:50 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-11-05 03:58:36 1383936 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-05 03:58:02 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-11-05 03:56:30 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-11-05 03:55:55 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-11-05 03:54:44 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-11-05 03:42:23 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-11-05 03:40:41 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-11-05 03:35:47 18803712 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-11-05 03:35:04 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-11-05 03:34:45 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-11-05 03:30:03 767488 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-11-05 03:27:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-11-05 03:27:12 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-11-05 03:26:33 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-11-05 03:23:15 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-11-04 00:42:16 97888 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2015-11-03 18:20:11 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-11-03 18:20:11 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-02 13:45:22 2366824 ----a-w- C:\WINDOWS\System32\WudfUpdate_01011.dll
2015-10-02 13:45:22 134616 ----a-w- C:\WINDOWS\System32\drivers\UMDF\iMDriver.dll
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
.
============= FINISH: 7:35:40.83 ===============

I do have the install medium if required to re-install, but, hopefully, it won't come to that.

Installed via the download tool on Microsoft.com.

Attached Files

attach.txt (10.4 KB)

OS is windows 7 web browser is opera (yes some people use opera :p)

i downloaded dreamscape to play a video as my desktop backgroup. the installer was filled with crap and i think thats where i got the virus or malware whatever it is

all guides i have found online dont cover opera or vaguely tell me to edit my registery or to download and buy spyhunter. most guides say to go into programs and features and simply uninstall it (which be great if it was there)

as always i appreciate your help very much :thumb:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.19038
Run by Gary at 18:56:14 on 2015-11-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8142.5468 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Stardock\DeskScapes8\DeskScapes64.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
E:\Steam\Steam.exe
E:\Steam\bin\steamwebhelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera_crashreporter.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www-searching.com/?pid=s&s=FBEzamobl1598,2fe1b957-bdde-4833-8aa4-ccce15f0e9e6,&vp=ch&prd=set
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [Steam] "E:\Steam\steam.exe" -silent
uRun: [WindApp] "C:\Users\Gary\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
uRun: [Selection Tools] "C:\Users\Gary\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C2FB13D9-CC2D-48D6-BBC5-2C5F1F540B7C} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D078EFC6-FEF0-4171-BCDF-5C972CBEA527} : DHCPNameServer = 192.168.42.129
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-10-30 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-10-30 274808]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-10-31 19264]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-10-30 1059656]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2015-10-30 449992]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2015-11-16 27552]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-10-30 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-10-30 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-10-30 153744]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-10-30 146600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DeskScapes8;Stardock DeskScapes 8;C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe [2014-3-10 75376]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-10-30 1156384]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2015-10-31 166720]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-10-30 1873696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-10-30 5568288]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-11-16 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-11-16 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-11-16 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-9 417584]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2015-10-31 365376]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-10-31 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-10-31 789824]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-30 20768]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-10-30 50472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-10-30 769168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 NetTcpHandler;Net.Tcp Service Handler;C:\Users\Gary\AppData\Roaming\NetService\netservice.exe -start --> C:\Users\Gary\AppData\Roaming\NetService\netservice.exe -start [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-10-30 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2015-6-2 13536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-10-30 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-10-30 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-10-30 1255736]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-11-16 16:53:17 27552 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
2015-11-16 16:53:09 -------- d-----w- C:\Program Files\HWiNFO64
2015-11-16 15:49:09 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2015-11-16 15:48:04 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2015-11-16 10:35:25 -------- d-----w- C:\Program Files\Common Files\AV
2015-11-16 10:17:53 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-11-16 10:17:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-11-16 10:17:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-15 16:39:20 -------- d-----w- C:\Users\Gary\AppData\Roaming\NVIDIA
2015-11-15 16:39:14 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2015-11-15 16:39:14 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2015-11-15 16:39:14 -------- d-----w- C:\Program Files (x86)\OpenAL
2015-11-15 16:39:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2015-11-15 16:39:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2015-11-14 19:37:32 -------- d-----w- C:\Users\Gary\AppData\Roaming\WinAVI
2015-11-14 19:37:32 -------- d-----w- C:\Users\Gary\AppData\Local\WinAVI
2015-11-14 19:37:10 -------- d-----w- C:\Program Files (x86)\WinAVI
2015-11-14 14:45:25 -------- d-----w- C:\Users\Gary\AppData\Roaming\Apowersoft
2015-11-14 14:45:22 -------- d-----w- C:\ProgramData\Apowersoft
2015-11-14 14:45:22 -------- d-----w- C:\Program Files (x86)\Apowersoft
2015-11-14 14:34:10 -------- d-----w- C:\Users\Gary\AppData\Local\Stardock
2015-11-14 14:34:10 -------- d-----w- C:\ProgramData\Stardock
2015-11-14 14:34:05 -------- d-----w- C:\Program Files (x86)\Stardock
2015-11-14 14:31:02 -------- d-----w- C:\Users\Gary\AppData\Local\http___www.julien-manici
2015-11-14 14:30:16 -------- d-----w- C:\Program Files (x86)\Julien MANICI
2015-11-14 14:06:39 275360 ----a-w- C:\Windows\System32\DreamScene.dll.0
2015-11-14 14:06:39 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2015-11-14 14:02:53 -------- d-----w- C:\Program Files (x86)\DreamScene Seven
2015-11-14 14:01:50 -------- d-----w- C:\Users\Gary\AppData\Roaming\WTools
2015-11-14 14:01:44 -------- d-----w- C:\Users\Gary\AppData\Roaming\Store
2015-11-14 14:01:34 -------- d-----w- C:\Users\Gary\AppData\Roaming\Nosibay
2015-11-14 14:01:20 -------- d-----w- C:\Program Files (x86)\CinePlus-1.44V09.11
2015-11-14 14:00:58 -------- d-----w- C:\Users\Gary\AppData\Roaming\RunDir
2015-11-14 14:00:58 -------- d-----w- C:\Users\Gary\AppData\Roaming\NetService
2015-11-13 16:14:28 -------- d-----w- C:\Users\Gary\AppData\Roaming\PacificPoker
2015-11-13 16:14:21 -------- d-----w- C:\Program Files (x86)\PacificPoker
2015-11-13 14:40:28 -------- d-----w- C:\Program Files\LSoft Technologies
2015-11-13 14:09:17 -------- d-----w- C:\Users\Gary\AppData\Roaming\EncryptStick
2015-11-13 11:31:56 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63CFFAA6-A20A-4F88-B22B-9D1B4E3709EA}\mpengine.dll
2015-11-13 11:29:38 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-11-13 11:29:37 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-11-13 11:23:05 67072 ----a-w- C:\Windows\splwow64.exe
2015-11-13 11:23:05 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2015-11-12 20:09:29 -------- d-----w- C:\Users\Gary\AppData\Local\Arktos Entertainment
2015-11-12 20:07:30 -------- d-----w- C:\Users\Gary\AppData\Local\CrashRpt
2015-11-12 20:07:30 -------- d-----w- C:\Users\Gary\AppData\Local\Arktos
2015-11-12 11:07:08 -------- d-----w- C:\ProgramData\YTD Video Downloader
2015-11-12 11:06:37 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2015-11-11 21:48:59 -------- d-----w- C:\Users\Gary\AppData\Local\Microsoft Games
2015-11-10 21:41:16 -------- d-----w- C:\Users\Gary\AppData\Roaming\Fallout2
2015-11-10 11:13:22 -------- d-----w- C:\Users\Gary\AppData\Local\Fallout4
2015-11-09 17:09:58 -------- d-----w- C:\ProgramData\Package Cache
2015-11-09 16:55:21 102704 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-11-08 12:30:19 -------- d-----w- C:\Users\Gary\AppData\Local\Gas Powered Games
2015-11-06 17:42:58 -------- d-----w- C:\Users\Gary\AppData\Roaming\BitTorrent
2015-11-06 16:23:09 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2015-11-06 16:23:09 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2015-11-06 16:23:09 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2015-11-06 16:23:09 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2015-11-06 16:23:08 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2015-11-06 16:23:08 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2015-11-05 18:36:11 -------- d-----w- C:\Users\Gary\AppData\Local\Rockstar Games
2015-11-05 18:35:34 -------- d-----w- C:\Windows\SysWow64\xlive
2015-11-05 18:35:34 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-11-05 15:38:31 -------- d-----w- C:\Users\Gary\AppData\Local\NVIDIA Corporation
2015-11-05 14:53:03 -------- d-----w- C:\Users\Gary\AppData\Roaming\Mionix
2015-11-05 14:53:03 -------- d-----w- C:\Program Files (x86)\Mionix
2015-11-05 14:52:48 -------- d-----w- C:\Users\Gary\AppData\Local\Downloaded Installations
2015-11-04 13:18:28 44544 ----a-w- C:\Users\Gary\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-11-02 11:05:48 -------- d-----w- C:\Program Files\VideoLAN
2015-11-01 18:09:35 -------- d-----w- C:\Users\Gary\AppData\Roaming\Media Converter
2015-10-31 19:59:53 -------- d-----w- C:\Users\Gary\AppData\Roaming\7DaysToDie
2015-10-31 19:59:05 238376 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2015-10-31 18:05:32 -------- d-----w- C:\Users\Gary\AppData\Local\Steam
2015-10-31 18:05:32 -------- d-----w- C:\Users\Gary\AppData\Local\CEF
2015-10-31 18:04:58 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2015-10-31 17:47:04 -------- d-----w- C:\ProgramData\Freemake
2015-10-31 17:47:04 -------- d-----w- C:\Program Files (x86)\Common Files\Freemake Shared
2015-10-31 17:46:55 -------- d-----w- C:\Program Files (x86)\Freemake
2015-10-31 17:45:13 -------- d-----w- C:\Program Files (x86)\mkvtoavi_setup
2015-10-31 17:44:15 -------- d-----w- C:\Program Files (x86)\Free MKV to AVI Converter
2015-10-31 17:43:48 -------- d-----w- C:\Users\Gary\AppData\Local\Programs
2015-10-31 17:37:14 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2015-10-31 17:36:42 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2015-10-31 17:30:13 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2015-10-31 17:30:08 -------- d-----w- C:\Intel
2015-10-31 17:29:42 789824 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2015-10-31 17:29:42 357184 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2015-10-31 17:29:42 19264 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2015-10-31 17:29:42 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2015-10-31 17:12:12 -------- d-----w- C:\Users\Gary\AppData\Roaming\mIRC
2015-10-31 17:12:12 -------- d-----w- C:\Program Files (x86)\mIRC
2015-10-30 18:55:38 -------- d-----w- C:\Users\Gary\AppData\Roaming\BitLord
2015-10-30 18:55:38 -------- d-----w- C:\Users\Gary\AppData\Local\BitLord
2015-10-30 18:30:44 -------- d-----w- C:\Windows\System32\MRT
2015-10-30 18:27:38 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-10-30 18:27:38 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-10-30 18:20:47 -------- d-----w- C:\Windows\Panther
2015-10-30 18:18:09 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-10-30 18:18:09 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-10-30 18:18:09 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-10-30 18:18:09 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-10-30 18:18:09 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-10-30 18:18:08 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-10-30 18:18:08 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-10-30 18:13:36 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-10-30 18:13:36 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-10-30 18:02:41 -------- d-----w- C:\Windows\SysWow64\Wat
2015-10-30 18:02:41 -------- d-----w- C:\Windows\System32\Wat
2015-10-30 17:22:11 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-10-30 17:22:07 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-10-30 17:22:05 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-10-30 17:22:05 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-10-30 17:22:05 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-10-30 17:22:04 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-10-30 17:22:04 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-10-30 17:22:04 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-10-30 17:22:04 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-10-30 17:22:04 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-10-30 17:22:04 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-10-30 17:19:59 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-10-30 17:19:59 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-10-30 17:19:57 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-10-30 17:19:57 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-10-30 17:12:12 22528 ----a-w- C:\Windows\System32\icaapi.dll
2015-10-30 17:12:10 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2015-10-30 17:11:33 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-10-30 17:11:33 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-10-30 17:11:33 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-10-30 17:11:33 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-10-30 17:11:03 -------- d-----w- C:\Users\Gary\Tracing
2015-10-30 17:10:13 -------- d-----w- C:\Users\Gary\AppData\Local\Skype
2015-10-30 17:09:52 -------- d-----r- C:\Program Files (x86)\Skype
2015-10-30 16:51:34 -------- d-s---w- C:\Windows\System32\CompatTel
2015-10-30 16:51:34 -------- d-----w- C:\Windows\System32\appraiser
2015-10-30 16:51:24 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-10-30 16:51:24 -------- d-s---w- C:\Windows\System32\GWX
2015-10-30 14:44:27 -------- d-----w- C:\Windows\Migration
2015-10-30 14:31:57 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-10-30 14:25:43 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2015-10-30 13:19:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2015-10-30 13:19:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2015-10-30 13:19:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2015-10-30 13:19:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2015-10-30 13:19:46 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2015-10-30 13:19:46 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2015-10-30 13:19:46 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2015-10-30 13:12:59 83736 ----a-w- C:\Windows\System32\xinput1_2.dll
2015-10-30 13:03:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2015-10-30 13:03:43 5120 ----a-w- C:\Windows\System32\wmi.dll
2015-10-30 13:03:43 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2015-10-30 12:55:30 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-10-30 12:55:30 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-10-30 12:55:30 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-10-30 12:55:30 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-10-30 12:55:30 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-10-30 12:55:30 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-10-30 12:55:23 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-10-30 12:55:23 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-10-30 12:52:55 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-10-30 12:51:51 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2015-10-30 12:50:35 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-10-30 12:49:49 455168 ----a-w- C:\Windows\System32\winlogon.exe
2015-10-30 12:48:54 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2015-10-30 12:47:59 327168 ----a-w- C:\Windows\System32\mswsock.dll
2015-10-30 12:46:57 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-10-30 12:45:50 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2015-10-30 12:37:22 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-10-30 12:37:22 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-30 12:36:58 -------- d-----w- C:\Users\Gary\AppData\Local\Adobe
2015-10-30 12:27:45 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2015-10-30 11:40:26 769168 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2015-10-30 11:40:26 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2015-10-30 11:40:26 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2015-10-30 11:40:22 -------- d-----w- C:\Program Files (x86)\Realtek
2015-10-30 11:36:46 -------- d-----w- C:\Users\Gary\AppData\Local\NVIDIA
2015-10-30 11:36:16 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2015-10-30 11:36:16 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2015-10-30 11:36:15 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2015-10-30 11:36:15 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2015-10-30 11:36:15 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2015-10-30 11:36:15 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2015-10-30 11:34:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2015-10-30 11:32:12 -------- d-sh--w- C:\Windows\Installer
2015-10-30 11:31:06 72504 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2015-10-30 11:31:06 69416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-10-30 11:31:06 50472 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-10-30 11:31:06 3579000 ----a-w- C:\Windows\System32\nvapi64.dll
2015-10-30 11:31:06 3158736 ----a-w- C:\Windows\SysWow64\nvapi.dll
2015-10-30 11:31:06 1905456 ----a-w- C:\Windows\System32\nvdispco6435850.dll
2015-10-30 11:31:06 17515208 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2015-10-30 11:31:06 1572496 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2015-10-30 11:31:06 1564976 ----a-w- C:\Windows\System32\nvdispgenco6435850.dll
2015-10-30 11:31:06 15121784 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2015-10-30 11:31:06 12770752 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2015-10-30 11:30:40 -------- d-----w- C:\Program Files\NVIDIA Corporation
2015-10-30 11:30:26 -------- d-----w- C:\NVIDIA
2015-10-30 11:27:39 -------- d-----w- C:\Users\Gary\AppData\Roaming\AVAST Software
2015-10-30 11:27:11 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-10-30 11:27:11 153744 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-10-30 11:27:09 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-10-30 11:27:09 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-10-30 11:27:09 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-10-30 11:27:09 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-10-30 11:27:08 1059656 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-10-30 11:27:06 43112 ----a-w- C:\Windows\avastSS.scr
2015-10-30 11:26:27 -------- d-----w- C:\Program Files\AVAST Software
2015-10-30 11:25:49 -------- d-----w- C:\ProgramData\AVAST Software
2015-10-30 11:24:27 -------- d-----w- C:\Users\Gary\AppData\Roaming\Opera Software
2015-10-30 11:24:27 -------- d-----w- C:\Users\Gary\AppData\Local\Opera Software
.
==================== Find3M ====================
.
2015-11-05 15:13:09 6358648 ----a-w- C:\Windows\System32\nvcpl.dll
2015-11-05 15:13:09 2983032 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-11-05 15:13:08 938616 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-11-05 15:13:07 62584 ----a-w- C:\Windows\System32\nvshext.dll
2015-11-05 15:13:07 385328 ----a-w- C:\Windows\System32\nvmctray.dll
2015-11-05 15:13:07 2554488 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-11-05 02:20:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2015-11-05 02:19:53 611840 ----a-w- C:\Windows\System32\vbscript.dll
2015-11-05 02:19:45 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2015-11-05 02:19:41 22528 ----a-w- C:\Windows\System32\corpol.dll
2015-11-05 02:19:21 47616 ----a-w- C:\Windows\System32\mshta.exe
2015-11-05 02:19:17 174592 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-11-05 02:19:04 1538048 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-11-05 02:12:17 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-11-05 02:12:06 429568 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-11-05 02:11:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2015-11-05 02:11:22 18944 ----a-w- C:\Windows\SysWow64\corpol.dll
2015-11-05 02:11:03 50176 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-11-05 02:11:00 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-11-05 02:10:48 1466368 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-11-05 01:50:07 483328 ----a-w- C:\Windows\System32\html.iec
2015-11-05 01:37:41 386560 ----a-w- C:\Windows\SysWow64\html.iec
2015-11-05 01:30:12 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2015-11-05 01:22:09 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-11-03 17:55:32 3211264 ----a-w- C:\Windows\System32\win32k.sys
2015-10-29 17:50:44 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-10-29 17:50:30 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-10-29 17:50:29 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-10-29 17:50:29 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50:29 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50:29 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50:29 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50:21 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-10-29 17:50:14 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-10-29 17:49:58 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-10-29 17:49:57 562176 ----a-w- C:\Windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-10-29 17:39:57 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-10-28 07:42:27 6027430 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-10-20 18:42:14 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-10-20 18:42:14 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-10-20 18:42:14 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-10-20 18:41:36 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-10-20 18:41:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-10-20 18:41:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-10-20 17:46:02 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-10-20 17:46:02 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-10-20 17:45:08 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-10-20 01:12:12 5570496 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-10-20 01:12:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-10-20 01:12:10 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-10-20 01:09:05 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-10-20 01:06:18 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-10-20 01:06:18 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-10-20 01:06:18 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-10-20 01:06:18 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-10-20 01:04:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-10-20 01:04:40 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-10-20 01:04:35 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-10-20 01:00:20 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-10-20 00:59:20 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-10-20 00:52:02 3991488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48:46 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-10-20 00:44:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-10-20 00:44:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-10-20 00:44:18 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-10-20 00:44:18 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-10-20 00:44:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-10-20 00:39:32 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-10-19 23:41:20 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-10-19 23:40:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-10-19 23:40:39 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-10-19 23:29:36 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-10-19 23:29:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-10-19 23:27:10 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-10-19 23:27:10 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-19 23:27:10 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-19 23:27:10 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 16:41:05 497664 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-10-13 16:40:33 118272 ----a-w- C:\Windows\System32\drivers\tdx.sys
2015-10-13 04:57:21 950720 ----a-w- C:\Windows\System32\drivers\ndis.sys
2015-10-13 01:29:08 875720 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 01:22:02 869568 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2015-10-12 03:05:01 1423304 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-10-12 03:05:01 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-10-12 03:04:46 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-10-12 03:04:46 1710752 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-10-01 18:06:49 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:51 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-10-01 18:00:50 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-10-01 18:00:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
.
============= FINISH: 18:56:52.71 ===============

Attached Files

attach.txt (6.9 KB)

Hi,

I suspect my desktop to be infected.
1) The 'My Computer' view has changed from the default.
2) On using USB drives with this system, a folder with drives name is being created on its own with the drives contents.
3) Constant data usage even when the system is idle.

Following is the DDS.txt log for review;

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.40.2
Run by parry at 13:35:33 on 2015-11-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2813.1890 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Photon Plus\Huawei\OnlineUpdate\ouc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\FileServe Manager\FSStarter.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\AVG Web TuneUp\avgcefrend.exe
C:\Program Files\AVG\AVG2015\avgmfapx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\parry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\parry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={65BFE316-060B-49E2-BD52-66627FAB4F9B}&mid=30638dd225ac47d28498cd2623c57881-

a8cba8d0c701d27e3be6f0bc99fd599f19c07dbb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2014-11-08 13:55:47&v=4.1.4.948&pid=wtu&sg=&sap=hp
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} -
BHO: FileServeManager: {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - c:\program files\fileserve manager\FileServeBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_40\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\parry\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [FileServe Manager Task] "c:\program files\fileserve manager\FSStarter.exe"
mRun: [NPSStartup] <no file>
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\dhruvc~1\startm~1\programs\startup\h.lnk - c:\documents and settings\parry\application data\obckpnucef.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV04.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Verify with DAP - c:\program files\dap\dapverify.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{08906AF8-B224-4939-89E4-F192D7F30DA4} : NameServer = 202.56.215.55,202.56.215.54
TCP: Interfaces\{08906AF8-B224-4939-89E4-F192D7F30DA4} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.3.0\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\parry\application data\mozilla\firefox\profiles\mlhlmq22.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\documents and settings\parry\local settings\application data\google\update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 290272]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 170464]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 35808]
R0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\drivers\BFRD4G.sys [2011-4-19 36344]
R0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2012-7-29 41472]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-10-21 19496]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 217008]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 207328]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 213984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-11 120088]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-7-7 3518376]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-7-7 314304]
R2 BFBackupUtilityService;Backup Utility Service;c:\program files\buffalo\backup_utility\buservice.exe -service_execute --> c:\program

files\buffalo\backup_utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\buffalo\backup_utility\buvssservicexp.exe -service_execute -->

c:\program files\buffalo\backup_utility\BUVSSServiceXP.exe -Service_Execute [?]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-10-21 68136]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-3-7 244392]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-3-1 238952]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-10-22 10136]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
R2 Sentry;Sentry;c:\windows\system32\sentry.sys [2013-3-28 9180]
R2 vToolbarUpdater18.8.0;vToolbarUpdater18.8.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.8.0\ToolbarUpdater.exe [2015-7-28 1874320]
R2 WtuSystemSupport;WtuSystemSupport;c:\program files\avg web tuneup\WtuSystemSupport.exe [2015-2-26 1195920]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2010-10-23 45288]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-3-1 36608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-9-3 76544]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2010-10-28 82432]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2010-10-28 119808]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-10-21 30392]
S2 Photon Plus. RunOuc;Photon Plus. OUC;c:\program files\photon plus\huawei\updatedog\ouc.exe [2013-9-3 655712]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-10-21 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2012-7-29 11776]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-17 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-10-21 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-17 8456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-9-3 102784]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-10-21 24944]
S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [2013-2-9 129536]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-11-18 07:51:55 17488 ----a-w- c:\windows\gdrv.sys
.
============= FINISH: 13:36:24.77 ===============

Attached Files

attach.txt (17.2 KB)

Please tell me what you would like me to run, which log to get, etc.

Thanks so much for your help!!

Tried to install a browser plugin and ended up getting lots of things not wanted with it. Malwarebytes is constantly bringing up PUP's and other notices of blocked sites. Programs crash more often and im noticing a system healer on startup but uninstalled the program via add/remove programs yesterday.

I DO NOT HAVE ACCESS TO A WINDOWS CD.

-------------------------
DDS Log:
-------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 10.60.2
Run by John Kim at 13:44:15 on 2015-11-19
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.6090.3425 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\ProgramData\JjMpqJX\KxkTVT.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\System32\dwm.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\SystemHealer\HealerConsole.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\Users\John Kim\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Users\John Kim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\windows\system32\msfeedssync.exe
C:\WINDOWS\System32\sihclient.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [BitTorrent] "C:\Users\John Kim\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\John Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [OneDrive] "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Spotify] "C:\Users\John Kim\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
uRunOnce: [Uninstall C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\John Kim\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11f6b674-c3dd-4f71-88f4-ef63d9d587f4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7599bbc2-779f-4566-a1fe-677c7a5ad54c} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Sound+] "C:\Program Files\Sound+\Sound+.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Kim\AppData\Roaming\Mozilla\Firefox\Profiles\fxzq9272.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/-bfr-sw__alt__ddc_dsssyc_bd_com
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\John Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\John Kim\AppData\Roaming\raidcall\plugins\nprcplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2014-6-9 65224]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2014-6-9 274808]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2014-3-7 39008]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-11 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2014-6-9 1059656]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2014-6-9 449992]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2015-9-15 669872]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2015936]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-6-9 28656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-6-9 90968]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2014-6-9 150160]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-7-21 146600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-16 1152656]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-7 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-6-26 155448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-7 169432]
R2 KxkTVT;KxkTVT;C:\ProgramData\JjMpqJX\KxkTVT.exe [2015-11-18 3000824]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-5-21 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2015-5-21 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2015-5-29 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-15 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-15 1135416]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2015-3-6 1291248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-25 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-25 23007376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-8-31 410744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-7-8 35600]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-3-19 253680]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-27 130248]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-11-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-11-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-11-15 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-7-10 3496216]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-25 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-6-22 46768]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2014-3-7 8876248]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-6-3 42696]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-9-30 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2012-2-15 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-9-25 178312]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-29 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-29 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2012-2-15 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-18 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-29 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-11 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2014-3-7 102376]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-19 21:40:55 16148 ----a-w- C:\WINDOWS\System32\JOHN_John Kim_HistoryPrediction.bin
2015-11-19 06:55:20 -------- d-----w- C:\AdwCleaner
2015-11-19 06:50:17 -------- d-----w- C:\ProgramData\Peeamuwiaihuo
2015-11-19 06:42:33 -------- d-----w- C:\Users\John Kim\AppData\Local\mixvideoplayer
2015-11-19 06:41:46 -------- d-----w- C:\ProgramData\JjMpqJX
2015-11-19 06:41:41 -------- d-----w- C:\Program Files\Sound+
2015-11-19 06:41:40 -------- d-----w- C:\Program Files (x86)\spaceeplus_v138.9331
2015-11-19 06:41:40 -------- d-----w- C:\Program Files (x86)\spaceeplus
2015-11-19 06:41:35 -------- d-----w- C:\Program Files (x86)\MixVideoPlayer
2015-11-19 06:41:33 -------- d-----w- C:\Users\John Kim\AppData\Roaming\System Healer
2015-11-19 06:41:33 -------- d-----w- C:\Program Files (x86)\SystemHealer
2015-11-08 19:53:07 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn-Time-Community
2015-11-08 19:52:38 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn Time Community
2015-10-30 20:47:06 21871616 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-10-30 20:47:00 18801664 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-10-28 01:59:51 -------- d-----w- C:\Users\John Kim\AppData\Local\Popcorn Time Offical
.
==================== Find3M ====================
.
2015-11-19 21:41:59 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-11-11 00:02:55 35328 ----a-w- C:\WINDOWS\System32\LMIport.dll
2015-11-11 00:02:55 122400 ----a-w- C:\WINDOWS\System32\LMIRfsClientNP.dll
2015-11-11 00:02:55 107008 ----a-w- C:\WINDOWS\System32\LMIinit.dll
2015-11-10 14:21:22 1059656 ----a-w- C:\WINDOWS\System32\drivers\aswsnx.sys
2015-10-21 12:45:50 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-10-21 12:44:41 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-10-21 12:43:02 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-10-21 12:00:19 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-10-21 11:59:51 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-10-21 11:57:51 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-10-21 11:52:58 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-10-21 11:50:51 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-10-21 11:48:00 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-10-21 11:47:00 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-10-21 11:46:03 2179584 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-10-21 11:44:17 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-10-21 11:44:07 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-10-21 11:43:11 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-10-21 11:42:37 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-10-21 11:41:27 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-10-21 11:41:25 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-10-21 11:40:17 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-10-21 11:38:32 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-10-21 05:53:48 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-10-21 05:11:46 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-10-21 05:08:29 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-10-21 05:05:36 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-10-21 05:03:19 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-10-21 04:58:48 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-10-21 04:58:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-10-21 04:57:27 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-10-21 04:55:14 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-10-16 03:10:46 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-10-16 03:10:46 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-05 17:50:22 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2015-10-05 17:50:10 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-10-05 17:50:06 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 04:00:07 8020320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:37 949248 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:01:15 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:40 1382400 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:19 766976 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2015-09-17 06:50:10 2464216 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-09-17 06:50:05 1563392 ----a-w- C:\WINDOWS\System32\winmde.dll
2015-09-17 06:50:02 88384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-09-17 06:49:33 1563472 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2015-09-17 06:49:11 6487248 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2015-09-17 06:49:11 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-09-17 06:49:10 894256 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2015-09-17 06:49:01 553808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
.
============= FINISH: 13:46:36.34 ===============

Attached Files

attach.txt (10.6 KB)

Greetings, first time poster.

About a week and a half ago, I opened Chrome and got a warning screen from Time Warner cable indicating that BotNet activity had been detected on my network. At the time, I was using my neighbors wireless connection (with his permission), because I no longer have a functioning wireless router. When I saw the notice, to be safe I switched to a backup cord connection to my modem and ran an AVG virus scan (which I later discovered was outdated) and a scan using a tool suggested by Time Warner. Both came up with nothing. So I told my neighbor about the notice and continued on my landline connection for the next week and a half (I'm moving soon, and will be getting a new modem from Time Warner upon moving).

However, last night I got the warning from Time Warner again (still using my backup corded connection), and right before it my internet connection seemed to be out (the warning came up on like mythird try). So this time, I updated my AVG and ran another scan. Nothing came up. Knowing that root kits and the like can be notoriously hard to find, a downloaded Malwarebytes and (making sure to click the detect rootkits option) ran another scan that came up with nothing.

I'm not exactly very tech savvy, and I don't have a firewall installed or anything like that, so I know I've compromised my security in that regard. Even though the scans have come up with nothing, I want to make sure before I take my laptop to a new modem after I move. Can anyone lend an assist?

I have a few problems. Recently my pc has siezed up and I had to do a hard shutdown. I got a square green icon on my taskbar which claims to be a Windows Installer Repair. I uninstalled it but then noticed that the icon what still on the taskbar. also, I recieved an email which may have indicated that the virus may have obtained one of my passwords. These issues happened since I downloaded Firefox.

I have had a problem for a long time now in that Windows Installer doesn't work. Also, I have a problem editing with my host's editor. This happens with all my browsers.

Here is the info you want. Thank you.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16717
Run by Brent at 13:10:24 on 2015-11-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.903 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - c:\program files\netscape accelerator\components\NOWImaging.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [Application Restart #3] c:\windows\system32\conime.exe c:\windows\system32\conime.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
mRunOnce: [20150107] c:\program files\avast software\avast\setup\emupdate\6b83e08b-aca2-4f19-a222-c931e52e76d4.exe /check
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.86\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-6 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-6 208664]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-8-17 95112]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-3-6 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-3-6 435464]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-16 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-6 76000]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-6 146600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-5-26 21504]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-4-10 220752]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-8-17 161472]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-4-10 3218624]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2015-3-31 373312]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2014-12-16 265808]
S3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200vista.sys [2014-1-15 1073216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-3-31 119512]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
2015-11-21 10:25:58 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d35ead6-8481-419c-8285-b18a5396d35a}\offreg.6116.dll
2015-11-20 13:52:15 8991856 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3d35ead6-8481-419c-8285-b18a5396d35a}\mpengine.dll
2015-11-16 01:02:56 -------- d-----w- C:\wamp
2015-11-13 00:32:17 -------- d-----w- c:\programdata\TweakBit
2015-11-11 11:43:00 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 11:06:33 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 11:06:33 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 11:06:19 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 11:05:19 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-11-11 11:05:19 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 11:05:18 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 11:04:39 940032 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-11-11 11:04:38 985600 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-11-11 11:04:38 967680 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-11-11 11:04:38 1220608 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-11-11 11:03:49 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 11:01:38 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 11:01:33 281600 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 11:01:32 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-11-11 11:01:32 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-10-29 22:31:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2015-11-11 04:42:18 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-11 04:42:18 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-06 15:39:03 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-31 18:38:21 367616 ----a-w- c:\windows\system32\html.iec
2015-10-31 18:37:41 1830912 ----a-w- c:\windows\system32\jscript9.dll
2015-10-31 18:36:55 1436160 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-31 18:36:50 1088512 ----a-w- c:\windows\system32\wininet.dll
2015-10-31 18:36:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-31 18:36:35 412672 ----a-w- c:\windows\system32\vbscript.dll
2015-10-31 18:36:33 11776 ----a-w- c:\windows\system32\mshta.exe
2015-10-31 18:36:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-02 21:26:55 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 21:26:55 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 21:26:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 19:54:25 297472 ----a-w- c:\windows\system32\atmfd.dll
2012-08-13 08:58:22 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
============= FINISH: 13:11:33.65 ===============

Attached Files

Attach.txt (3.7 KB)

I reset my computer back to factory settings. i loaded it back with printer and scanner, then i updated it, i have Bitdefender antivirus 2014 . when the update was finished i ended up with a pop up window that i cant remove some people say its a virus. i tried Add/Remove and a root kit but to no advail. I did another back to factory settings and still their,

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16446
Run by nudger-tower at 18:24:54 on 2015-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16317.12018 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Keyboard Indicator\KeyboardIndicatorEx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DB88CB23-0873-4833-B080-386C11741A66} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-11-21 1288472]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-11-21 150256]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-20 16152]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2015-11-21 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-11-21 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2015-11-21 76944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-7 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-20 161560]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2015-11-21 363344]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2015-11-21 94624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-20 363800]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2015-11-21 67320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-11-21 647752]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-20 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-11-21 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-20 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2015-11-21 263032]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2015-11-21 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-11-21 82824]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2015-11-21 77632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-11-22 15:49:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-22 15:49:55 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-11-22 15:49:11 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-11-22 14:11:53 -------- d-----w- C:\ProgramData\Visan
2015-11-22 14:11:53 -------- d-----w- C:\ProgramData\HP Photo Creations
2015-11-22 14:11:53 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2015-11-22 14:11:45 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\HpUpdate
2015-11-22 14:11:44 741480 ------w- C:\Windows\System32\HPDiscoPMBC11.dll
2015-11-22 14:11:31 -------- d-----w- C:\Program Files (x86)\HP
2015-11-22 14:11:29 -------- d-----w- C:\Program Files\HP
2015-11-22 14:10:59 -------- d-----w- C:\Users\nudger-tower\AppData\Local\HP
2015-11-22 14:03:56 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2015-11-21 21:11:58 -------- d-----w- C:\Program Files\Common Files\AV
2015-11-21 21:08:32 647752 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-11-21 21:08:16 34384 ----a-w- C:\Windows\System32\bdsandboxuh.dll
2015-11-21 21:07:53 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2015-11-21 21:07:41 84848 ----a-w- C:\Windows\System32\bdsandboxuiskin.dll
2015-11-21 21:06:05 -------- d-----w- C:\ProgramData\BDLogging
2015-11-21 21:06:02 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2015-11-21 21:06:01 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2015-11-21 21:06:01 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2015-11-21 21:06:01 511328 ----a-w- C:\Windows\capicom.dll
2015-11-21 21:05:55 263032 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-11-21 21:05:54 1288472 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-11-21 21:05:49 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\Bitdefender
2015-11-21 21:05:46 2216 ----a-w- C:\ProgramData\1448139841.5004.bin
2015-11-21 21:00:19 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\Malwarebytes
2015-11-21 20:59:38 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2015-11-21 20:59:38 -------- d-----w- C:\ProgramData\Malwarebytes
2015-11-21 20:59:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-11-21 20:59:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-11-21 20:49:46 -------- d-----w- C:\Users\nudger-tower\AppData\Roaming\SUPERAntiSpyware.com
2015-11-21 20:49:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-11-21 20:49:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-11-21 20:43:36 -------- d-----w- C:\Users\nudger-tower\AppData\Local\Google
2015-11-21 20:40:47 -------- d-----w- C:\Users\nudger-tower\AppData\Local\DSG_Retail_Ltd
2015-11-21 20:40:34 -------- d-----w- C:\Users\nudger-tower\AppData\Local\ATI
2015-11-21 20:40:06 2620928 ----a-w- C:\Windows\System32\wucltux.dll
.
==================== Find3M ====================
.
2015-11-21 21:20:31 558 ----a-w- C:\ProgramData\1448139841.1792.bin
2015-11-21 21:20:31 558 ----a-w- C:\ProgramData\1448139841.1404.bin
2015-11-21 21:20:31 45238 ----a-w- C:\ProgramData\1448139841.1480.bin
2015-11-21 21:20:31 3735 ----a-w- C:\ProgramData\1448139841.3688.bin
2015-11-21 21:20:31 228372 ----a-w- C:\ProgramData\1448139841.2500.bin
2015-11-21 21:20:31 1731065 ----a-w- C:\ProgramData\1448139841.4300.bin
2015-11-21 21:20:31 15990 ----a-w- C:\ProgramData\1448139841.3600.bin
2015-11-21 21:20:31 13936 ----a-w- C:\ProgramData\1448139841.4436.bin
2015-11-21 21:20:31 110270 ----a-w- C:\ProgramData\1448139841.1800.bin
2015-11-21 21:20:31 10648 ----a-w- C:\ProgramData\1448139841.2516.bin
2015-11-21 21:08:18 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-11-21 21:08:16 452040 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-11-21 21:04:53 1451 ----a-w- C:\ProgramData\1448139841.3988.bin
.
============= FINISH: 18:25:10.88 ===============

Attached Files

	attach.txt (3.6 KB)
	dds.txt (14.7 KB)

Hello

My PC has been running much slower than normal lately and I think I know why. I have Avira Antivir and it keeps detecting a certain virus called TR/Crypt.ZPACK.200907. I keep hitting remove but the infection keeps coming back. Please help!

My specs: Windows 8 64 bit

I went to run DDS, but it said that I could not run it in compatibility mode. Therefore I used Farbar Recovery Scan Tool because I saw someone else had the same problem in another thread. TSF advised them to use this tool.

Please let me know if I should post anything else. THanks!

Attached Files

	Addition.txt (26.1 KB)
	FRST.txt (33.2 KB)

Chrome is opening many, many tabs at once. It isn't redirecting me anywhere, it's just opening the same tab. For example, I'll go to Yahoo and it will open 7 tabs of Yahoo. I'll try to search for something and it will act as if I typed in a website and take me to the search page or "page not found" message before I finished typing the search term.

I cannot go into Chrome settings because it then freaks out and opens 1,000 tabs of settings so I can't mess with anything.

Some people have mentioned "Lucky tab" being a program running that causes problems. It isn't on my task manager's list. It isn't there.

Firefox and IE aren't doing this.

I don't know if this is malware, adware, or just a problem with my browsers. I already posted in the Chrome and other browsers sub-forum, only to be told to go here.

I don't have access to a re-install disc or boot CD for Windows.

Please note that DDS isn't working for me. I have downloaded it from the provided link, as well as a different one, and it never works. It always says to me that it "can't run in compatibility mode."

In place of a DDS log, here are my HijackThis logs. If you can help me make DDS work, I'll see about getting those logs. I figured it was better to provide something than nothing.

-----------

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:20:06 PM, on 11/24/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Users\Nicholas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=yset_ie_sy...ype=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 11802 bytes

Hello world and to fellow techforum members, i don't know where to start or what to call with this thing but i'm encountering a problem that locking a file in my external. the worst is it keeps spreading, the first target extension that has been locked was .mp4 and now folder and all files is eating it! I have used all top of anti viruses but nothing happened. Im not so sure if this is a virus.please note that this problem only occur in my external HDD.any suggestion is very much appreciated.

Attached Thumbnails

 

Attached Files

dds.txt (23.4 KB)

Recently my brother was complaining about popups and other weird stuff on the computer. I took a look at it, and saw a few popups. I downloaded Malwarebytes, ran it and saw 210 reports. I removed them, but I want to make sure everything is gone. This PC is Windows 8.1 and DDS wont work. What do I need to post?

Hello, I have a few problems with my computer and I'm hoping that you can give me a little help with that.
I have McAffee as my antivirus and the day before yesterday I was making a research on google and suddenly a red screen appeared saying that I was infected by a virus named RDN/YahLover.worm!bdl.E577A350425c but before this happened, the browser used to change to yahoo by itself even when I had google as the default. After the red screen appeared I used a point to take the computer back 3 days where it was not infected but it seems that it didn't worked. I just got a message from McAffee saying that it has detected a trojan and asked me to restart the computer and I did. After that, it said that a virus named Artemis!9c2e73d3ceea was stopped and sent to some place. My computer is running really slow and I don't know what else to do. I have already make some scans with McAffee and Malwarebytes Anti-Malware. Please help.

Hello

My PC has been running much slower than normal lately and I think I know why. I have Avira Antivir and it keeps detecting a certain virus called TR/Crypt.ZPACK.200907. I keep hitting remove but the infection keeps coming back. Please help!

My specs: Windows 8 64 bit

I went to run DDS, but it said that I could not run it in compatibility mode. Therefore I used Farbar Recovery Scan Tool because I saw someone else had the same problem in another thread. TSF advised them to use this tool.

Please let me know if I should post anything else. THanks!

Attached Files

	Addition.txt (26.1 KB)
	FRST.txt (33.2 KB)

my comp. is a dell inspiron 530 - with win. xp 3

My problems with the comp.

1. The comp. going very slowly - when i restart the comp. its good, then after a few days it's Again going slowly

2. I send and receive my e-mail with outlook express, i cannot send mail the lest week

3. Some days i receive mail from the 'mail delivery system' to inform me that 'this message could not be delivered to one or more recipients'. And the truth is i did not even send this message at all

i have access to the Windows Install CD

T.Y.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by abraham at 16:01:47 on 2015-11-11
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Norton 360\Engine\22.5.4.24\N360.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Program Files\Norton 360\Engine\22.5.4.24\N360.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\OEM05Mon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Norton 360\Engine\22.5.4.24\coNatHst.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\abraham\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\22.5.4.24\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\22.5.4.24\coIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\22.5.4.24\coIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\abraham\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [FinishOptions] c:\docume~1\abraham\locals~1\temp\hpbinxst.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.8.1
TCP: Interfaces\{D247E746-12E5-463F-9C17-7BB878E48508} : DHCPNameServer = 192.168.8.1
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\expressview\expressview.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? cpuz134;cpuz134
R? DCamUSBSTK02N;Standard Camera
R? GeekBuddyRSP;GeekBuddyRSP Server
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? MBAMService;MBAMService
R? MBAMSwissArmy;MBAMSwissArmy
R? PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer
R? silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver
R? silabser;Silicon Labs CP210x USB to UART Bridge Driver
S? avgtp;avgtp
S? BHDrvx86;BHDrvx86
S? ccSet_N360;N360 Settings Manager
S? CFRMD;CFRMD
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? hasplms;HASP License Manager
S? IDSxpx86;IDSxpx86
S? MBAMProtector;MBAMProtector
S? N360;Norton 360
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.
S? OEM05Vfx;Creative Camera OEM005 Video VFX Driver
S? OEM05Vid;Creative Camera OEM005 Driver
S? RLDesignVirtualAudioCableWdm;Live! Cam Virtual
S? SentinelKeysServer;Sentinel Keys Server
S? SymEFASI;Symantec Extended File Attributes (SI)
S? SymIRON;Symantec Iron Driver
S? WDC_SAM;WD SCSI Pass Thru driver
.
=============== Created Last 30 ================
.
2015-11-10 20:08:07 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-10 20:07:59 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2015-11-06 16:30:58 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-06 16:30:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-06 16:30:15 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-06 16:30:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-11-06 16:30:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2015-10-28 20:00:51 -------- d-----w- c:\program files\Canon
2015-10-28 20:00:48 -------- d-----w- c:\program files\common files\Canon_Inc_IC
2015-10-28 19:58:35 -------- d-----w- c:\documents and settings\all users\application data\Canon_Inc_IC
2015-10-20 16:35:37 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-10-20 16:35:37 21504 ----a-w- c:\windows\system32\hidserv.dll
.
==================== Find3M ====================
.
2015-09-23 22:49:23 431328 ----a-w- c:\windows\system32\drivers\n360\1605040.018\symnets.sys
2015-09-23 22:49:23 388440 ----a-w- c:\windows\system32\drivers\n360\1605040.018\symtdi.sys
2015-09-23 22:49:23 358104 ----a-w- c:\windows\system32\drivers\n360\1605040.018\symtdiv.sys
2015-09-23 22:49:21 713960 ----a-w- c:\windows\system32\drivers\n360\1605040.018\srtsp.sys
.
============= FINISH: 16:01:58.48 ===============

Attached Files

attach.txt (19.7 KB)

Hi,
I am unable to access internet using my Dell XPS notebook with Windows 7. I did not have this issue since a couple of days ago. The Wireless Network Connection shows that it is connected, but there is yellow triangle that indicates there is no internet access.
I believe it may be malware related, as my Malwarebytes alerted me on an issue, that it has found issues and wanted me to restart the notebook.
I was able to restart, and run a full scan using both Malwarebytes and Microsoft Security Essentials. It was not able to find any further issues virus or malware, but then I lost my internet connection. I have done multiple refreshes of the modem, router, and worked with Cox (ISP provider) over several hours to fix the issue.

I was looking for possible solutions on-line, and saw the post here for 'Fix Internet Connection after Malware Removal'. It is very well drafted, and the first part of the solution was similar to a lot of the steps I followed with Cox in diagnosis of the issue. I run the reset.bat again but it also did not help. The second step, using Farbar service scanner, was new and I was hopeful this is the fix. however, after running the scanner, file check did not find any missing drivers. Everything was digitally signed.

The Connection Status also seems like the same issue I have:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

I have also downloaded network drivers for Wireless and Bluetooth, but this did not fix the issue.

I am attaching the DDS.txt and Attach.txt files as requested.

Thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.31.2
Run by BenhurL at 13:45:48 on 2015-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5552 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DVDFab Virtual Drive\vdrive.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iolo\System Mechanic Premium\LiveBoost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
mWinlogon: Userinit = userinit.exe,
BHO: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - <orphaned>
uRun: [DVDFab VDrive] "C:\Program Files\DVDFab Virtual Drive\vdrive.exe"
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Amazon Music] "C:\Users\BenhurL\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Google Update] "C:\Users\BenhurL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\BenhurL\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [BingSvc] C:\Users\BenhurL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup] <no file>
dRun: [GoogleChromeAutoLaunch_67136DC00006C313E0F9C2C91771871D] "C:\Users\BenhurL\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
StartupFolder: C:\Users\BenhurL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
TCP: NameServer =
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BCFD227-9C79-4DBC-B339-5F75D4BD61B4} : NameServer =
TCP: Interfaces\{71ABF0AD-1D6D-4A40-92CF-ED0CDD32DDDD} : NameServer =
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC} : NameServer =
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{986F7D26-E1C5-4D7F-AEF3-F919BAAAC8CC}\348627F6D6563616374703639323 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911} : NameServer =
TCP: Interfaces\{AAAFA921-740D-4AB1-8DCC-D923EE1ED911} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{CCB23301-C487-4E5D-A82F-A1EDB8C49645} : NameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\ss-sup~1\assist~1.dll, c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BenhurL\AppData\Roaming\Mozilla\Firefox\Profiles\lcecjq4j.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BenhurL\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\BenhurL\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_aw_14_40_ie&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B&cr=1332878816&ir=&q=
FF - user.js: extensions.astrmndasr.id - 88532E3567FD593E
FF - user.js: extensions.astrmndasr.instlDay - 16342
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 13:10:26
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_aw_14_40_ie
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - SPDY
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 1332878816
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtAyDyCyB0F0DyDzytA0EtN0D0Tzu0StCtDtDtAtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0E0C0CtAzztGyC0DzzyCtGtCyD0D0DtGzyyEyByBtGtCyDtCyC0F0C0A0FyE0AyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEtCyD0D0FzzyCtG0C0FyByDtGyE0DyBzztGzy0D0E0DtG0DtAyB0AyE0D0AyDyE0A0A0B2QtN1B1L1H1Ezu1O2U1M1B
FF - user.js: extensions.astrmndasr.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-2-10 31376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-23 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-23 21616]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2014-9-1 90608]
R1 dvdfabio;dvdfabio;C:\Windows\System32\drivers\dvdfabio.sys [2013-11-18 9976]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-7-21 30752]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-2-10 299848]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2015-9-7 32912]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-12-4 148480]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-1-22 135824]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-22 1148744]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2015-5-28 4682552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-8-8 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-8-8 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124568]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-22 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-22 19439944]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2015-5-22 83224]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-23 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-2-10 410952]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-5 5419792]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-23 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD Smartware\WDBackupEngine.exe [2015-7-20 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-7-20 306552]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-23 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-23 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-23 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-9-23 174168]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-8 24176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-23 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-23 181760]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-22 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-22 38048]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-9-23 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vdrive;vdrive;C:\Windows\System32\drivers\vdrive.sys [2013-11-18 42232]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
S2 4b46e14a;GS-Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/11/18 17:02:51;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2013-4-3 247768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-16 136048]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-23 79360]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-9-16 136048]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-3-26 192072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-10 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-23 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-9-23 121960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-2 19456]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-9-23 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-2 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-23 98208]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-23 79360]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-1-3 5632]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-11-28 17:40:49 -------- d-----w- C:\Users\BenhurL\AppData\Local\Dell Edoc Viewer
2015-11-28 17:02:05 -------- d--h--w- C:\Windows\System32\WLANProfiles
2015-11-24 19:59:29 11138400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FCDFF77-949C-4BED-A1C3-360C09D29248}\mpengine.dll
2015-11-23 18:43:07 11138400 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-21 03:11:24 -------- d-----w- C:\Users\BenhurL\AppData\Roaming\22405
2015-11-21 02:59:27 -------- d-----w- C:\Users\BenhurL\AppData\Roaming\20064
2015-11-04 19:53:52 -------- d-----w- C:\Users\BenhurL\AppData\Local\CEF
.
==================== Find3M ====================
.
2015-11-24 22:32:59 59 ----a-w- C:\Windows\wpd99.drv
2015-11-21 03:00:06 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-11-21 03:00:05 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:48:15.34 ===============

Attached Files

Attach.txt (78.7 KB)

Hi,
I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My bad, I know.
But this yandex is now impossible to get rid of! Yeah, I followed every advice in the internet to disable yandex search bar and so on, but my Firefox is still in Russian only, Extermanite It! finds every time again a file called yandex.ru which is impossible to kill even manually and there is nothing I can do.
Most of the help on the net tries to explain how to get rid of the yandex search bar which is actually just the tip of the iceberg. I also downloaded AdwCleaner which didn't help me at all.
Hence the question - how to get rid of it for real? What am I supposed to do? :confused: