I bought a new laptop which has windows 8.1. I couldn't run DDS, it gives an error "DDS is not meant to run in 'compatibility mode' the program shall now exit." I ran GMER, but upon startup, an error showed up "C:\windows\system32\config\system: The process cannot access the file because it is being used by another process." It ran for about 5 minutes? and the same error popped up twice and it finished. The log is attached. Thank you!

Attached Files

Attach.zip (10.4 KB)

Hi,

Ok so I had a virus on my old computer so I did my standard fix of wiping and re installing windows. And after installing windows on initial start up, randomly my middle and left mouse button would spam/ghost press extremely fast. This would cause anything my mouse came across to open x10+ instances of whatever my mouse came across, cause all my tabs in browser to open in new tab and close when i click on them, also it would happen in game. So after trying a lot of things I was told on here i had the money and wanted to upgrade so I built a new computer. I bought all new parts (didn't use any pieces from my old pc, not even keyboard or mouse), installed windows, installed drivers, then the first time i connected to the internet BAM there it goes same thing as the old computer middle and left click button being spammed/ghost clicked rapidly. I am using a new mouse.keyboard, I moved so now i have a new internet service provider (had charter now have at&t), and a whole new pc. I can't do anything on my computer, sometimes i can't even turn it off with out pulling the plug. I have no idea what it is or how its possible I've been told by everyone i asked that they have no idea what it is. Every time i put this out there all i get is "stop trolling" and "this is not possible Noob". I'm beginning to think is some kind of something allowing someone to mess with my computer but i have no idea. By the way I'm Using Windows 7 64. Hope someone can help. Thanks


Not sure if this is allowed, if not sorry I'll delete it. The link is to a youtube video i just posted of what happens when it "goes crazy". It's kinda hard to see since soo much is happening. So what happens is the mouse starts ghost clicking and I don't touch anything just move the mouse around. What happens is it opens 100+ tabs of google chrome, 25+ tabs for the file icon. and a bunch of others. The screen keeps going black because it keeps loading Diablo 3. Hope this helps.

Virus I can't get rid of. - YouTube

Hello, My laptop runs only on safe mode, when i try to open windows normally it stays stuck at starting windows.. When i chkdsk it says volume is clean but nothing happens afterwards. Restarts and runs chkdsk again. And something keeps turning off my antivirus and disabling my mouse scroll. It has been happening for the past 4 days with different results..

day1 : Runs only on safe mode. After chkdsk it did boot normally
Day2 : Runs only on safe mode but chkdsk keeps on looping and doesnt load normally at all
day 3 : Doesnt run on safe mode even. Doesnt run at all
day 4: I did a windows repair and everything was working fine but then it all started again.

Help me.


DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by User at 22:32:03 on 2015-02-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8044.6823 [GMT 6:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Disabled/Outdated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{E3A5A~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{E3A5A~1\reboot.ini -l0x0009
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 8.8.8.8 172.16.172.13
TCP: Interfaces\{04E403A4-9B06-4778-9A69-48BABD8B2FB3} : DHCPNameServer = 8.8.8.8 172.16.172.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4tnniex.default\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2015-2-17 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-2-17 107080]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2015-2-17 262544]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2015-2-16 2472136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-20 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-20 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-2-16 906968]
S0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2015-2-17 1306464]
S1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2015-2-17 76944]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2015-2-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-1 204288]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2015-2-17 2375168]
S2 rpcnetp;rpcnetp;C:\Windows\System32\rpcnetp.exe [2013-7-16 17408]
S2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2015-2-17 67320]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2015-2-17 677104]
S3 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2015-2-17 78144]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2015-2-17 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2015-2-17 82824]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2015-2-17 155912]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2015-2-17 337000]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S4 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2015-2-17 94624]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-02-17 15:51:44 -------- d-----w- C:\Program Files\Common Files\Intel
2015-02-17 15:51:43 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-02-17 15:51:27 -------- d-----w- C:\Program Files (x86)\AMD APP
2015-02-17 15:48:31 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2015-02-17 15:48:18 -------- d-----w- C:\Program Files\ATI Technologies
2015-02-17 15:48:16 -------- d-----w- C:\Program Files\ATI
2015-02-17 15:14:37 18129584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-02-17 15:12:49 -------- d-----w- C:\ProgramData\Ralink Driver
2015-02-17 15:07:39 -------- d-----w- C:\Users\User\AppData\Local\Google
2015-02-17 15:02:03 -------- d-----w- C:\Program Files\Synaptics
2015-02-17 15:00:23 -------- d-----w- C:\Windows\SysWow64\sda
2015-02-17 14:59:58 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2015-02-17 14:59:58 337000 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2015-02-17 14:59:58 -------- d-----w- C:\Program Files (x86)\Realtek
2015-02-17 14:54:26 -------- d-----w- C:\Windows\LastGood.Tmp
2015-02-17 14:54:15 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2015-02-17 14:52:41 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2015-02-17 14:50:58 220160 ----a-w- C:\Windows\System32\staco64.dll
2015-02-17 14:50:56 652288 ------w- C:\Windows\System32\stapi64.dll
2015-02-17 14:50:56 521728 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2015-02-17 14:50:56 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2015-02-17 14:50:56 1500672 ----a-w- C:\Windows\System32\stapo64.dll
2015-02-17 14:50:47 -------- d-----w- C:\Program Files\IDT
2015-02-17 14:50:36 -------- d-----w- C:\swsetup
2015-02-17 14:39:52 -------- d-----w- C:\Program Files (x86)\Hp
2015-02-17 14:37:45 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2015-02-17 14:37:45 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2015-02-17 14:34:52 74000 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2015-02-17 14:34:39 677104 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-02-17 14:23:29 1894551 ----a-w- C:\ProgramData\1424182813.bdinstall.bin
2015-02-17 14:22:54 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2015-02-17 14:22:51 -------- d-----w- C:\ProgramData\BDLogging
2015-02-17 14:22:47 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2015-02-17 14:22:46 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2015-02-17 14:22:46 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2015-02-17 14:22:46 74000 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2015-02-17 14:22:46 511328 ----a-w- C:\Windows\capicom.dll
2015-02-17 14:22:45 262544 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-02-17 14:22:45 1306464 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-02-17 14:22:21 -------- d-----w- C:\Users\User\AppData\Roaming\Bitdefender
2015-02-17 14:22:20 3271472 ---ha-w- C:\bdr-bz01
2015-02-17 14:20:22 84848 ----a-w- C:\Windows\System32\bdsandboxuiskin.dll
2015-02-17 14:20:22 33360 ----a-w- C:\Windows\System32\bdsandboxuh.dll
2015-02-17 14:20:22 -------- d-----w- C:\ProgramData\Bitdefender
2015-02-17 14:20:21 155912 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-02-17 14:20:19 452040 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-02-17 14:20:19 -------- d-----w- C:\Program Files\Bitdefender
2015-02-17 14:20:12 -------- d-----w- C:\Users\User\AppData\Roaming\QuickScan
2015-02-17 14:20:09 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2015-02-17 12:46:46 -------- d-----w- C:\Windows\System32\appmgmt
2015-02-17 10:18:56 -------- d-----w- C:\Users\User\AppData\Roaming\AVAST Software
2015-02-17 10:18:14 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2015-02-17 10:17:23 -------- d-----w- C:\ProgramData\AVAST Software
2015-02-16 11:27:00 0 ----a-w- C:\Windows\ativpsrm.bin
2015-02-16 11:26:11 -------- d-----w- C:\Intel
2015-02-16 11:25:31 116224 ----a-w- C:\Windows\System32\igfxCoIn_v3517.dll
2015-02-16 11:25:30 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2015-02-16 11:25:27 390144 ----a-w- C:\Windows\System32\igfxdev.dll
2015-02-16 11:25:27 375808 ----a-w- C:\Windows\System32\igfxpph.dll
2015-02-16 11:25:26 575488 ----a-w- C:\Windows\System32\igfx11cmrt64.dll
2015-02-16 11:25:26 542720 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll
2015-02-16 11:25:26 3511296 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2015-02-16 11:25:26 3121152 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2015-02-16 11:25:03 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2015-02-16 11:25:02 110080 ----a-w- C:\Windows\System32\hccutils.dll
2015-02-16 11:24:59 279024 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2015-02-16 11:24:56 272928 ----a-w- C:\Windows\SysWow64\igvpkrng600.bin
2015-02-16 11:24:56 272928 ----a-w- C:\Windows\System32\igvpkrng600.bin
2015-02-16 11:24:55 963452 ----a-w- C:\Windows\SysWow64\igcodeckrng600.bin
2015-02-16 11:24:55 963452 ----a-w- C:\Windows\System32\igcodeckrng600.bin
2015-02-16 11:17:53 81920 ----a-w- C:\Windows\System32\nusb3co3.dll
2015-02-16 11:17:27 2472136 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2015-02-16 11:17:18 332080 ----a-w- C:\Windows\System32\RaCoInstx.dll
2015-02-16 11:16:47 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2015-02-16 11:16:47 -------- d-----w- C:\Program Files\AMD
2015-02-16 11:16:21 91136 ----a-w- C:\Windows\System32\mantleaxl64.dll
2015-02-16 11:16:21 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2015-02-16 11:16:21 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2015-02-16 11:16:21 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2015-02-16 11:16:21 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2015-02-16 11:16:21 274656 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2015-02-16 11:16:21 127488 ----a-w- C:\Windows\System32\mantle64.dll
2015-02-16 11:16:21 118784 ----a-w- C:\Windows\System32\atibtmon.exe
2015-02-16 11:16:21 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2015-02-16 11:15:35 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2015-02-16 11:15:26 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2015-02-16 11:15:12 5442048 ----a-w- C:\Windows\System32\amdmantle64.dll
2015-02-16 11:15:12 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2015-02-16 11:15:12 4358656 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2015-02-16 11:15:12 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2015-02-16 11:15:02 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2015-02-16 11:15:02 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2015-02-16 11:15:02 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2015-02-16 11:15:02 806912 ----a-w- C:\Windows\System32\coinst_14.100.dll
2015-02-16 11:15:02 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2015-02-16 11:14:57 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2015-02-16 11:14:57 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-02-16 11:14:55 28685824 ----a-w- C:\Windows\System32\amdocl64.dll
2015-02-16 11:14:50 24107520 ----a-w- C:\Windows\SysWow64\amdocl.dll
2015-02-16 11:14:41 231424 ----a-w- C:\Windows\System32\clinfo.exe
2015-02-16 11:14:37 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2015-02-16 11:14:37 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2015-02-16 11:14:37 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2015-02-16 11:14:37 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2015-02-16 11:14:11 906968 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2015-02-16 11:14:11 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2015-02-16 11:14:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2015-02-16 11:13:54 9889352 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
.
==================== Find3M ====================
.
2015-02-17 16:26:55 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2015-02-17 16:26:55 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2015-02-17 15:15:48 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-17 15:15:48 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-17 14:16:58 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
.
============= FINISH: 22:32:32.72 ===============

Attached Files

	attach.txt (9.5 KB)
	ark.txt (2.0 KB)

This episode started with a pop-up that claimed my copy of Windows is invalid. It came installed on the machine and has been updated regularly for two years. (ACER NETBOOK D260 Win 7 64)

I ran Malwarbytes (free) found some "non-malware", and on the restart after the welcome screen it stopped on solid blue screen for 1-2 minutes, then went on to the desktop.

Neither Firefox, Chrome nor Thunderbird can access any site because "the proxy server is refusing connections" .

Also the "Ctrl Prnt Screen" function does not work.

The machine runs, to play games, but is slower than it should be.

dds and GMER were downloaded on different machine, carried over on amemory stick and the logs carried back.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.60.2
Run by Diana at 16:59:04 on 2015-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1035 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uProxyServer = hxxp=127.0.0.1:49418;https=127.0.0.1:49418
uProxyOverride = <-loopback>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\Users\Diana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-10-21 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-9 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-25 50344]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-6 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-18 2151744]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 969016]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-6 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-6 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-6 171416]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-02-08 15:58:37 -------- d-----w- C:\Windows\SysWow64\Adobe
2015-02-07 01:58:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7392F0BC-DC9A-4A50-9F77-2A9B2EC7C02E}\mpengine.dll
2015-01-21 22:58:43 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2015-01-21 18:12:05 -------- d-----w- C:\Users\Diana\Dropbox (Old)
2015-01-21 15:46:07 -------- d-----w- C:\Users\Diana\AppData\Local\Help
2015-01-21 13:18:34 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-21 00:15:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-20 23:00:55 -------- d-----w- C:\ProgramData\TweakBit
2015-01-20 23:00:29 -------- d-----w- C:\Program Files (x86)\TweakBit
2015-01-20 17:39:18 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-20 17:39:15 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-20 17:34:55 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-20 17:34:49 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-20 00:46:18 -------- d-----w- C:\Users\Diana\AppData\Local\LogMeIn Rescue Applet
2015-01-19 21:55:27 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-19 21:55:16 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-01-19 21:55:06 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-19 21:55:06 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-19 21:55:05 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-19 21:54:59 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-01-19 21:54:58 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-01-19 21:54:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-01-19 21:54:58 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-01-19 21:54:58 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-01-19 21:54:57 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-01-19 21:54:57 420864 ----a-w- C:\Windows\System32\wksprt.exe
2015-01-19 21:54:56 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-01-19 21:54:56 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-01-19 21:54:52 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-01-19 21:54:51 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-01-19 21:51:27 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-19 21:51:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-19 21:51:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-19 21:51:10 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-01-19 21:01:33 -------- d-----w- C:\Users\Diana\AppData\Local\HP
2015-01-14 04:41:12 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 04:40:56 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 04:40:55 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 04:40:53 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 04:40:43 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 04:39:57 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 04:39:48 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 04:39:42 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 04:39:37 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 04:39:36 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 04:39:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 04:39:28 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-10 03:32:46 0 ----a-w- C:\Windows\SysWow64\FAP916A.tmp
.
==================== Find3M ====================
.

Attachment 218177

Attachment 218185

Attached Files

	attach.zip (2.7 KB)
	ark.zip (9.1 KB)

I stream soccer through a web site called firstrowsports.eu. There are copies of this site and I was inadvertently directed to a copy site where I was instructed to down load a viewing app to speed up streaming. That was the mistake. Strange adverts started appearing. Now my browser has been hijacked by a browser named mystartsearch which redirects my browsing and is generally messing around in my computer. I am constantly getting Server Error in Application "DEFAULT WEB SITE" on all the web pages I open. I have tried Spybot search & distroy and malwarebytes but they can't shift it. I have not done any banking on line since the problem started. I have prepared the logs which are attached. However I do not have an on board windows zip utility. I downloaded winzip from File Hippo but when I open the zip folder it open the folder with Win Rar , I do not understand why it does not open with winzip? I do not have access to a windows install disc or a boot cd.
Can you please help.
Following is the dds log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16609
Run by ian at 22:45:30 on 2015-02-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1013 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\ian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Users\ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Users\ian\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\conime.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
C:\Program Files\Reimage\Reimage Repair\Reimage.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WiTopia] c:\program files\witopia\WiTopia.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\ian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [Adobe Speed Launcher] 1424190643
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe
mRun: [PDFProHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe
mRun: [PdfProInboxMonitor] c:\program files\nuance\pdf professional 7\InboxMonitor.exe /Run
mRun: [InboxMonitor] "c:\program files\nuance\pdf professional 7\InboxMonitor.exe" /run
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CanonQuickMenu] c:\program files\canon\quick menu\CNQMMAIN.EXE /logon
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\firstr~1.lnk - c:\programdata\{416bbbd2-cede-a4ec-416b-bbbd2cedef4b}\FirstRow, P2P4U, MYP2P Firstrowsports,First Row,First Row Sports, Coolsports, Wa.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{0D229174-C2BB-4E3C-A1D7-6B8356529503} : DHCPNameServer = 10.118.0.1
TCP: Interfaces\{A8DAB4B8-5D30-4758-B48D-FCCEB4557EAF} : DHCPNameServer = 192.168.1.50
TCP: Interfaces\{BC4BC220-238A-4EFC-9CAA-477A66280E3F} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{F0014D43-12AD-4861-9CFF-DF8307FFA8E1} : DHCPNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.93\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-11-19 68352]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-25 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-11-15 239224]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-7-5 101720]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2012-2-17 135016]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\reimage\reimage protector\ReiGuard.exe [2015-1-14 6079848]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2228008]
S2 Change Modem Device Service;Change Modem Device Service;"c:\windows\system32\chgservice.exe" -service --> c:\windows\system32\ChgService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S2 WiTopiaService;WiTopia Service;c:\program files\witopia\WiTopiaService.exe [2014-10-19 70432]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 348352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-11-23 103424]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-21 24064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-1-30 284472]
S3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [2013-9-5 33160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-17 19968]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-3-23 75776]
.
=============== Created Last 30 ================
.
2015-02-17 20:29:11 -------- d-----w- c:\programdata\Reimage Protector
2015-02-17 20:28:21 -------- d-----w- c:\program files\Reimage
2015-02-17 20:28:08 -------- d-----w- C:\rei
2015-02-17 16:54:18 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cba0eac-8bf1-414f-abe3-7ca0a35caab6}\gapaengine.dll
2015-02-17 16:52:58 9041640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f07cda06-0260-40ac-8784-732ac09c2129}\mpengine.dll
2015-02-15 09:24:16 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-15 09:22:35 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-15 09:21:00 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-15 09:20:35 9054624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-02-15 09:13:36 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-15 09:11:44 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-12 17:26:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-02-10 09:03:01 -------- d-sh--w- C:\$RECYCLE.BIN
2015-02-09 11:30:09 20 ----a-w- c:\users\ian\appdata\roaming\appdataFr3.bin
2015-02-09 11:04:35 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3524e089-ca14-4524-b7ba-5a355e07949f}\gapaengine.dll
2015-01-31 09:15:24 -------- d-----w- c:\program files\Instair
2015-01-31 09:09:12 -------- d-----w- c:\programdata\{416bbbd2-cede-a4ec-416b-bbbd2cedef4b}
.
==================== Find3M ====================
.
2015-02-12 19:13:27 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 19:13:27 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-14 01:49:16 367104 ----a-w- c:\windows\system32\html.iec
2015-01-14 01:47:30 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-01-14 01:42:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-01-14 01:42:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-14 01:41:28 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 01:41:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-14 01:40:35 11776 ----a-w- c:\windows\system32\mshta.exe
2015-01-14 01:40:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-31 11:13:47 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 00:25:17 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14:51 153600 ----a-w- c:\windows\system32\profsvc.dll
2014-12-06 03:14:36 48640 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 03:14:36 174080 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:14:34 93184 ----a-w- c:\windows\system32\ncsi.dll
2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
2013-09-20 18:26:57 4454952 ----a-w- c:\program files\ccsetup405.exe
2011-12-11 16:18:50 3552208 ----a-w- c:\program files\ccsetup313.exe
2008-09-10 07:00:09 1724416 ----a-w- c:\program files\gdiplus.dll
.
============= FINISH: 22:46:39.95 ===============

Attached Files

	dds.txt (19.6 KB)
	NewZip.zip (8.5 KB)

I have not been able to use google.com or any search that utilizes the google search engine for some time now. I am redirected to a page that says google.com at the top but just lists a bunch of ad sites below. I am redirected to that same page when I try to use different online retailers such as Shutterfly, Barnes & Noble and several others. I have uninstalled all antivirus/malware programs except Malwarebytes. I have tried running it several times but it doesn't come up with the infected files. This has happened in the past as well but we were able to get it corrected. I tried to download DDS from the link in your instructions but it isn't opening for me. I did get gmer downloaded and have attached the log from that. I believe I have the Windows re-install disc.

Attached Files

ark.zip (1.6 KB)

Hey there.

To set a history how all the crazy things happened, I came by one of those '' naughty '' sites . But boy I messed up.

The moment I visited the site it automatically downloaded some file in my temp folder *without my conscent* Please note I had Norton Premium up to date on updates, and all, so I did not understand how it could allowed it. What happened afterwards was a ton of requests to allow the file to make changes in my windows folder, which I tried to decline again, and again. Problem is that it kept asking for the same request, and no matter if I tried to use task manager, it just would ask for it again making me look at the forced request screen thing.

Well I ended up saying yes, thinking that Norton likely would prevent it downloading the Trojan, or whatever. It did, but it kept trying to download it again, and again. I got warnings again, and again of


25-01-2015 17:03:33

High Risk

An attempt fromHOMEPC have been blocked.

System Infected: Trojan.Ransomlock.G,

"HOMEPC (192.168.0.14, 50420)","109.200.5.91, 443",192.168.0.14 (192.168.0.14),"TCP, Port 50420"

Attack is due to \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\RUNDLL32.EXE.

I knew the file was a windows file, and also the fact it would replace itself if deleted. I did end up getting to that part after Norton Support Center did jack **** to help me, mostly doing things I already knew myself (sfc /scannow, power eraser, msconfig ) and so forth.

In the end I found a nasty little file starting up on boot after looking in msconfig, but still I kept getting UDP (17) traffic, and I still am. So right now I am wondering if I got something on my PC that is getting me traffic sent to me, as Norton/Malwarebytes cannot detect it, I assume so.

Anyway I hope someone can help me, because I do not have a clue why it keeps going on.

Also my Security Center will not start up anymore, so I assume it is thanks to that file.

And to add to that, I got about 12 different svhost.exe processors going at the time, which only adds me to think something is going on.


Here is the UDP (17) wall of spam I am getting in my Norton record.

Categori: Firewall – activities

26-01-2015 19:12:58

Rule prevented UDP(17) -traffic with (192.168.0.1 Port ssdp(1900)

Fund, no actions required.

<br> Rule: Default Block UPnP Discovery<br> Rule action: rejected<br>

Rule risk: normal<br> <br> Traffic information:<br> Protokol: UDP(17) <br>

Direction: inbound<br> Lokal vært: <br> Local IP: 239.255.255.250<br>

Lokal service: Port ssdp(1900) <br>
Exstern vært: <br> Ekstern IP: 192.168.0.1<br>
Exstern tjeneste: Port ssdp(1900) <br>
Exstern MAC: -- <br> Adapter-oversigt: 3<br> <br>

Procesinformation:<br> Proces-id: 2476<br>

Processpath: C:\Windows\System32\svchost.exe<br>

A few days ago, my McAfee was expiring and I, based on the advice of a friend, chose to purchase a different antivirus- Webroot. Soon after downloading, I began to experience frozen pages and pages becoming unresponsive. I contacted Webroot and asked to be reimbursed and removed it from my computer. Upon another friends advice, I turned on windows defender, which scanned my computer- finding no issues. I currently have this turned on and am still having the same issues. I appreciate any help.'
Thanks, Dawn

Hi guys,

My computer isn't exactly new, but I know it is capable of running much quicker and more smoothly than it already is. I have ESET anti-virus installed, which updates regularly, and I run CCleaner quite regularly (just the cleaning, not the registry fixes), but I am noticing that my computer is slowly becoming more and more uncooperative.

It often freezes, forcing me to manually shut it down. Very often are programs "Non-responsive", freezing up the whole system for a while, and it takes a couple of minutes for the system to get back to functioning correctly.

I'm not completely sure it's a virus issues, but I'd like to be sure.

I am working on my sister's new Dell Inspiron 3847 running Windows 8. Last month she had some infections which I removed. One of them was yt downloader which changed her auto detect to a proxy server. It took a lot of surfing to find a fix for her registry but I thought I had it fixed. A month later it showed up again. I changed the setting just now and it seems to be stable but I am sure it will change it again. I tried revo uninstaller but it does not find the yt downloder now.
Thanks for the help in advance.

So earlier I posted that something on my computer is taking up a lot of space and I made a post(below) and while some programs have helped I still wanted to make sure that my computer is clear or if there is a virus/malware problem.

Can I please get some help.
-Thank you!


http://www.techsupportforum.com/foru...-962073-2.html






DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16609 BrowserJavaVersion: 11.31.2
Run by Ania at 18:55:12 on 2015-02-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.853 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca
mStart Page = hxxp://searchou.com/?affil=7&uid=9e4dec57-8ac3-11e2-aa8c-00a0d187d85d
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
uProxyOverride = <-loopback>;*.local
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] c:\program files\daemon tools lite\daemon.exe -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E835AFF3-8243-4C30-9182-AEA11563E940} : DHCPNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ania\appdata\roaming\mozilla\firefox\profiles\8948li1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN24258048271175528&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\winamp detect\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112245682172798-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=9eaf20110000000000000016441e7eef&q=
FF - user.js: extensions.zonealarm.id - 9eaf20110000000000000016441e7eef
FF - user.js: extensions.zonealarm.instlDay - 15419
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.38:10:07
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112245682172798-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-2-7 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-2-7 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2015-2-7 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2015-2-7 423784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-2-7 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2015-2-7 73480]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-2-7 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-3-19 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-21 655944]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-2-7 218192]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-2-7 3192344]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-9-2 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-21 22344]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2015-1-23 23456]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-30 27192]
.
=============== Created Last 30 ================
.
2015-02-20 23:10:23 -------- d-----w- c:\program files\CCleaner
2015-02-20 22:21:34 -------- d-----w- c:\users\ania\appdata\roaming\SUPERAntiSpyware.com
2015-02-20 22:20:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-02-20 22:20:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-02-20 07:32:31 9041640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8b5e071b-107b-4731-9a9b-377b633c7eee}\mpengine.dll
2015-02-12 06:42:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 18:32:36 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 18:30:31 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 18:27:57 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 18:16:51 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-11 18:16:14 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-02-09 17:03:42 73816 ----a-w- c:\program files\mozilla firefox\wow_helper.exe
2015-02-08 02:31:15 -------- d-----w- c:\windows\system32\vbox
2015-02-08 02:28:13 -------- d-----w- c:\users\ania\appdata\roaming\AVAST Software
2015-02-08 02:25:15 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-08 02:25:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-08 02:25:12 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-08 02:25:11 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-08 02:25:08 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-08 02:24:59 43152 ----a-w- c:\windows\avastSS.scr
2015-02-08 02:21:26 -------- d-----w- c:\program files\AVAST Software
2015-01-30 16:31:59 -------- d-----w- c:\program files\iPod
2015-01-30 16:31:47 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-30 16:31:47 -------- d-----w- c:\program files\iTunes
2015-01-25 22:50:42 -------- d-----w- c:\program files\Lame For Audacity
2015-01-24 00:06:55 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2015-01-24 00:06:54 -------- d-----w- c:\users\ania\appdata\local\eSupport.com
2015-01-24 00:06:50 -------- d-----w- c:\program files\eSupport.com
2015-01-24 00:03:01 -------- d-----w- c:\programdata\SystemRequirementsLab
2015-01-24 00:03:01 -------- d-----w- c:\program files\SystemRequirementsLab
2015-01-22 22:01:59 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2015-01-22 21:21:52 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-01-22 21:21:52 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-01-22 21:21:48 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2015-01-22 21:21:47 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-01-22 21:21:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-01-22 21:21:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-01-22 21:21:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2015-01-22 21:21:43 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2015-01-22 21:21:42 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2015-01-22 21:21:42 62744 ----a-w- c:\windows\system32\xinput1_2.dll
.
==================== Find3M ====================
.
2015-02-09 16:57:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-09 16:49:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49:53 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-14 01:49:16 367104 ----a-w- c:\windows\system32\html.iec
2015-01-14 01:42:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-01-14 01:42:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-14 01:41:28 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 01:41:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-14 01:40:35 11776 ----a-w- c:\windows\system32\mshta.exe
2015-01-14 01:40:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-23 05:50:16 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 00:25:17 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14:51 153600 ----a-w- c:\windows\system32\profsvc.dll
2014-12-06 03:14:36 48640 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 03:14:36 174080 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:14:34 93184 ----a-w- c:\windows\system32\ncsi.dll
2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 18:58:14.16 ===============

Attached Files

attach.zip (6.1 KB)

We are getting pop up ads that are making using the internet virtually impossible. I read the sticky on the instructions on what to do first but I can not run dds it says it is meant to run in compatibility mode and then exits. Can you help me? Thanks.

I'm in the works of upgrading from XP Tablet to Win 7 but before I can do it I need to clear out the issue with AVG & HELP_DECRYPT files that showed up...

I'd appreciated all help on these issues.

Doug

Attached Thumbnails

 

I got Windows 7 Ultimate 64bit installed everything was going great, I was playing Dying Light and it was buttery smooth. Then I accidentally got malware and everything hit rock bottom. I tried to clean up everything with Avast, Malwarebytes and CCleaner but i am still experiencing horrible performance. What can I do to fix this? Help is much appreciated!!! Thank you!

I do have access to windows install disk :smile:

Here are my specs :dance:

CPU: Intel Core i5-4690K 3.5GHz Quad-Core Processor
Motherboard: Gigabyte GA-Z97-HD3 ATX LGA1150 Motherboard
Memory: G.Skill Ripjaws Series 8GB (2 x 4GB) DDR3-1600 Memory
Storage: Sandisk Solid State Drive 128GB 2.5" Solid State Drive
Video Card: Zotac GeForce GTX 970 4GB Video Card
Power Supply: Corsair CX 600W 80+ Bronze Certified Semi-Modular ATX Power Supply

Attached Files

ark.zip (6.5 KB)

Recently pop-ups, usually from "Roll around ads" keep showing up all over my browser, when I click on any link it will re-direct to roll around ads in a new tab before going to the actual page and several ads pop up all over the screen, especially if I visit Amazon. When I ran DDS and GMER, DDS worked fine but my system crashed halfway through GMER so I did a scan with only Sections and C:\.
Thanks in advance for any help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Arun at 13:37:17 on 2015-02-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6035.3618 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\rundll32.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Arun\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxpers.exe
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\plugin.exe
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\plugin.exe
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5\plugin.exe
C:\Users\Arun\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\plugin.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=52eddfd27d5c4a5c949347154488a8d3&tu=11JL0008C2B000s&sku=&tstsId=&ver=&
uDefault_Page_URL = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Roll Around: {83c0e288-8fa0-43d3-acc7-c1e839d85abc} - C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Arun\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\Arun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Arun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Arun\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3DF34757-F5A1-4117-9A25-E7074E7760F3} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3EA7873C-D3F5-4B59-A8C1-76986C8627AC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3EA7873C-D3F5-4B59-A8C1-76986C8627AC}\1435B4430275962756C6563737 : DHCPNameServer = 10.138.208.1
TCP: Interfaces\{3EA7873C-D3F5-4B59-A8C1-76986C8627AC}\1435B4430275962756C65637370282830323E2138792 : DHCPNameServer = 10.138.208.1
TCP: Interfaces\{3EA7873C-D3F5-4B59-A8C1-76986C8627AC}\14E6962757468602960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3EA7873C-D3F5-4B59-A8C1-76986C8627AC}\E45464142594F45535 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4EFC3541-9449-4BBC-A444-D2535C03A83E} : DHCPNameServer = 172.31.139.17 172.30.139.17
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arun\AppData\Roaming\Mozilla\Firefox\Profiles\udeloguq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Arun\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=52eddfd27d5c4a5c949347154488a8d3&tu=11JL0008C2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=52eddfd27d5c4a5c949347154488a8d3&tu=11JL0008C2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=52eddfd27d5c4a5c949347154488a8d3&tu=11JL0008C2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=52eddfd27d5c4a5c949347154488a8d3&tu=11JL0008C2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 54c5727d00000000000072b7c3182e2d
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15848
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1614:44:39
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118175294138873-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-28 13824]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-28 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-28 127320]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-28 164184]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 124560]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-7-3 31624]
R2 Service Mgr RollAround;Service Mgr RollAround;C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe [2015-2-21 577264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-28 362840]
R2 Update Mgr RollAround;Update Mgr RollAround;C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe [2015-2-21 384752]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-9 163456]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-9 551552]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-28 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 HtcVCom32;HTC Diagnostic Port;C:\windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 libusb0;libusb-win32 - Kernel Driver 03/15/2014 0.0.0.0;C:\windows\System32\drivers\libusb0.sys [2014-3-15 52832]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2012-10-14 117520]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-24 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2012-5-28 314472]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-24 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-6 1255736]
S3 WsAudio_Device(1);WsAudio_Device(1);C:\windows\System32\drivers\VirtualAudio1.sys [2014-1-18 31080]
S3 WsAudio_Device(2);WsAudio_Device(2);C:\windows\System32\drivers\VirtualAudio2.sys [2014-1-18 31080]
S3 WsAudio_Device(3);WsAudio_Device(3);C:\windows\System32\drivers\VirtualAudio3.sys [2014-1-18 31080]
S3 WsAudio_Device(4);WsAudio_Device(4);C:\windows\System32\drivers\VirtualAudio4.sys [2014-1-18 31080]
S3 WsAudio_Device(5);WsAudio_Device(5);C:\windows\System32\drivers\VirtualAudio5.sys [2014-1-18 31080]
S3 WsAudio_Device;WsAudio_Device;C:\windows\System32\drivers\VirtualAudio.sys [2015-2-20 31080]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-22 00:06:38 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DB34E3E-0235-452C-B0B5-CEFE35852D02}\gapaengine.dll
2015-02-22 00:06:17 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F419DE7-A07F-4D16-898A-4DE7BE3DA09E}\mpengine.dll
2015-02-21 22:20:08 -------- d-----w- C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf
2015-02-21 22:20:07 -------- d-----w- C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
2015-02-21 22:20:06 -------- d-----w- C:\Program Files (x86)\Roll Around
2015-02-21 22:19:55 -------- d-----w- C:\Users\Arun\AppData\Roaming\RHEng
2015-02-21 01:01:14 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-20 17:17:55 -------- d-----w- C:\Users\Arun\AppData\Roaming\Aimersoft Video Converter Ultimate
2015-02-20 17:17:55 -------- d-----w- C:\Users\Arun\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2015-02-20 17:17:36 -------- d-----w- C:\Users\Arun\AppData\Local\Aimersoft
2015-02-20 17:17:35 -------- d-----w- C:\Program Files\Common Files\Aimersoft
2015-02-20 17:17:25 31080 ----a-w- C:\windows\System32\drivers\VirtualAudio.sys
2015-02-20 17:17:11 -------- d-----w- C:\ProgramData\Aimersoft Video Converter Ultimate
2015-02-20 17:17:06 -------- d-----w- C:\Program Files (x86)\Aimersoft
2015-02-20 17:10:51 -------- d-----w- C:\Users\Arun\AppData\Roaming\GetRightToGo
2015-02-18 19:12:05 950272 ----a-w- C:\windows\System32\perftrack.dll
2015-02-18 19:12:05 29696 ----a-w- C:\windows\System32\powertracker.dll
2015-02-18 19:12:04 91136 ----a-w- C:\windows\System32\wdi.dll
2015-02-18 19:12:04 76800 ----a-w- C:\windows\SysWow64\wdi.dll
2015-02-12 17:38:42 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2015-02-12 17:38:41 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2015-02-12 17:38:41 6041600 ----a-w- C:\windows\System32\jscript9.dll
2015-02-12 17:38:41 4300800 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-02-11 15:04:11 609280 ----a-w- C:\windows\System32\generaltel.dll
2015-02-11 15:04:10 894976 ----a-w- C:\windows\System32\appraiser.dll
2015-02-11 15:04:10 1098752 ----a-w- C:\windows\System32\aeinv.dll
2015-02-11 15:04:09 762368 ----a-w- C:\windows\System32\invagent.dll
2015-02-11 15:04:08 414720 ----a-w- C:\windows\System32\devinv.dll
2015-02-11 15:04:08 1239720 ----a-w- C:\windows\System32\aitstatic.exe
2015-02-11 15:04:06 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-02-11 15:04:05 192000 ----a-w- C:\windows\System32\aepic.dll
2015-02-11 15:01:37 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2015-02-11 15:00:26 406528 ----a-w- C:\windows\System32\scesrv.dll
2015-02-11 15:00:26 308224 ----a-w- C:\windows\SysWow64\scesrv.dll
2015-02-11 15:00:20 5554112 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-11 15:00:19 3972544 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 15:00:19 3917760 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-11 15:00:18 503808 ----a-w- C:\windows\System32\srcore.dll
2015-02-11 15:00:17 50176 ----a-w- C:\windows\System32\srclient.dll
2015-02-11 15:00:17 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-02-11 15:00:17 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-02-04 22:53:20 5070512 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-31 14:20:01 -------- d-----w- C:\GAMS
2015-01-26 00:14:28 -------- d-----w- C:\Users\Arun\AppData\Local\BBC
.
==================== Find3M ====================
.
2015-02-04 22:53:36 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:53:36 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 23:36:21 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\windows\System32\drivers\cng.sys
2015-01-13 02:49:19 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-01-09 02:03:01 3201536 ----a-w- C:\windows\System32\win32k.sys
2014-12-31 11:14:31 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-12-11 17:47:16 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2014-11-26 03:53:59 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-11-26 03:32:05 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
.
============= FINISH: 13:54:23.18 ===============

Attached Files

Attach.zip (4.8 KB)

Hi there, I posted over in the gaming section of this forum and I uncovered a virus and was redirected here. I unfortunately wasn't able to get an ark.log file as every time I opened Gmer my computer crashed, however, I did get a FRST log and did a scan with Malwarebytes. I don't know if I should post that log here though. Any help is greatly appreciated!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by James (administrator) on JAMES-PC on 22-02-2015 18:40:54
Running from C:\Users\James\Desktop
Loaded Profiles: James (Available profiles: James & Frank)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [392192 2012-02-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKU\S-1-5-21-3556746721-668108127-888055330-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-31] (Electronic Arts)
HKU\S-1-5-21-3556746721-668108127-888055330-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3556746721-668108127-888055330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://avg.nation.com/avgtbavg/search/home?cid={FAE434E1-E7AA-435B-803A-60A03068B0D9}&mid=8f086d21370047d39d2a3de12d89e4c0-7b27429adb206c6cce9d3932c6fbb5484f39b316&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-29 20:52:09&v=17.0.1.7&pid=nation&sg=&sap=hp
HKU\S-1-5-21-3556746721-668108127-888055330-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3556746721-668108127-888055330-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Delta Search
Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US
HKU\S-1-5-21-3556746721-668108127-888055330-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-3556746721-668108127-888055330-1001 -> DefaultScope {6D5D628A-026C-4A42-8C7C-0728161CA316} URL =
SearchScopes: HKU\S-1-5-21-3556746721-668108127-888055330-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6AAF74E5432E470E&affID=120523&tsp=5006
SearchScopes: HKU\S-1-5-21-3556746721-668108127-888055330-1001 -> {6D5D628A-026C-4A42-8C7C-0728161CA316} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3556746721-668108127-888055330-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3556746721-668108127-888055330-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-19]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06]
CHR Extension: (Adblock Plus) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-26]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06]
CHR Extension: (Avast Online Security) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-06]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-05-10] (BioWare)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:40 - 2015-02-22 18:41 - 00017119 _____ () C:\Users\James\Desktop\FRST.txt
2015-02-22 18:40 - 2015-02-22 18:40 - 00000000 ____D () C:\FRST
2015-02-22 18:37 - 2015-02-22 18:37 - 02087424 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2015-02-22 18:29 - 2015-02-22 18:29 - 00000000 ____D () C:\Users\James\Desktop\gmer
2015-02-22 18:26 - 2015-02-22 18:26 - 00370943 _____ () C:\Users\James\Desktop\gmer.zip
2015-02-22 17:57 - 2015-02-22 17:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 17:56 - 2015-02-22 17:56 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-22 17:56 - 2015-02-22 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-22 17:56 - 2015-02-22 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 17:56 - 2015-02-22 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-22 17:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-22 17:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-22 17:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-22 17:55 - 2015-02-22 17:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-19 20:59 - 2015-02-19 21:35 - 00000000 ____D () C:\Users\James\Documents\Witcher 2
2015-02-19 20:59 - 2015-02-19 20:59 - 00000000 ____D () C:\Users\James\AppData\Local\The Witcher 2
2015-02-19 20:28 - 2015-02-19 20:28 - 00000000 ____D () C:\Users\James\AppData\Local\Steam
2015-02-12 17:45 - 2014-09-02 20:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-12 17:45 - 2014-09-02 20:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-12 17:41 - 2015-02-12 17:41 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-10 20:48 - 2015-02-10 20:48 - 00000000 ____D () C:\Users\James\Documents\SavedGames
2015-02-10 20:45 - 2015-02-10 20:45 - 00002160 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-02-10 20:45 - 2015-02-05 17:57 - 00621384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-02-10 20:44 - 2015-02-05 21:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-10 20:44 - 2015-02-05 21:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00833680 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00100496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-02-10 20:44 - 2015-02-05 21:01 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-02-04 23:46 - 2015-02-04 23:46 - 00000000 ____D () C:\Users\James\Documents\OpenOffice 4.1.1 (en-US) Installation Files
2015-02-04 23:45 - 2015-02-04 23:45 - 00000000 ____D () C:\Users\James\Desktop\Servers
2015-01-24 19:28 - 2015-01-13 04:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-01-24 19:28 - 2015-01-10 08:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-24 19:28 - 2015-01-10 08:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll
2015-01-23 23:10 - 2015-01-23 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:21 - 2014-05-31 17:29 - 01447055 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 18:17 - 2013-09-17 16:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-22 18:06 - 2012-12-25 13:30 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3556746721-668108127-888055330-1001
2015-02-22 18:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-22 17:55 - 2014-06-10 19:59 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8A973C53-AAE3-412D-A61F-052E620E479A}
2015-02-22 17:53 - 2014-07-06 16:09 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 17:53 - 2014-07-06 16:09 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 17:52 - 2014-05-31 15:12 - 00000392 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-02-22 17:52 - 2014-05-31 15:12 - 00000392 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-02-22 17:52 - 2014-05-31 14:33 - 00000000 ____D () C:\ProgramData\Origin
2015-02-22 17:52 - 2014-05-31 14:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-22 02:12 - 2014-04-25 10:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-21 19:05 - 2014-07-06 16:10 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 20:59 - 2012-12-28 18:20 - 00629607 _____ () C:\WINDOWS\DirectX.log
2015-02-19 20:56 - 2012-09-18 09:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-19 20:54 - 2012-09-18 09:38 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-19 20:53 - 2012-09-18 09:39 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-19 20:53 - 2012-09-18 09:34 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-19 20:46 - 2013-08-08 12:35 - 00000000 ____D () C:\ProgramData\Nero
2015-02-19 20:41 - 2013-09-15 19:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\Opera Software
2015-02-19 20:41 - 2013-09-15 19:56 - 00000000 ____D () C:\Users\James\AppData\Local\Opera Software
2015-02-19 20:41 - 2013-09-15 19:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-19 20:41 - 2012-09-18 09:38 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2015-02-19 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-19 20:30 - 2012-09-18 09:38 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-19 20:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 20:28 - 2012-12-25 13:21 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2015-02-12 17:50 - 2014-03-18 10:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 17:43 - 2014-05-31 17:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 17:43 - 2014-03-18 09:54 - 00016802 _____ () C:\WINDOWS\PFRO.log
2015-02-12 17:43 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 17:43 - 2013-08-22 14:44 - 00393520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 17:41 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-12 17:41 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-12 17:41 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-12 17:41 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-12 17:41 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-12 17:40 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-12 17:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-12 17:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-02-12 17:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-02-12 17:40 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-02-10 20:45 - 2014-04-24 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-10 20:45 - 2013-08-22 14:46 - 00331203 _____ () C:\WINDOWS\setupact.log
2015-02-09 19:11 - 2014-05-31 14:34 - 00000000 ____D () C:\Users\James\AppData\Roaming\Origin
2015-02-06 19:43 - 2014-04-27 16:04 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-06 17:48 - 2014-07-06 16:09 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 17:48 - 2014-07-06 16:09 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 21:01 - 2014-09-20 01:16 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-02-05 21:01 - 2014-04-24 12:30 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-05 21:01 - 2014-04-24 12:30 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-05 21:01 - 2014-04-24 12:30 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-05 21:01 - 2014-04-24 12:30 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-05 21:01 - 2014-04-24 12:30 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-05 19:07 - 2014-05-31 17:29 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 19:07 - 2014-05-31 17:29 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 19:07 - 2014-05-31 17:29 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 19:07 - 2014-05-31 17:29 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 19:07 - 2014-05-31 17:29 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 19:06 - 2014-05-31 17:29 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 12:50 - 2014-05-31 17:29 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-04 22:17 - 2013-09-17 16:56 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-23 23:09 - 2014-05-31 14:44 - 00000000 ____D () C:\Program Files (x86)\Origin Games

==================== Files in the root of some directories =======

2013-08-07 16:43 - 2013-08-07 16:43 - 0001310 _____ () C:\Users\James\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\James\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\James\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\James\AppData\Local\Temp\nvStInst.exe
C:\Users\James\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\James\AppData\Local\Temp\_isD58E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-21 22:55

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by James at 2015-02-22 18:41:43
Running from C:\Users\James\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Breath of Death VII (HKLM-x32\...\Steam App 107300) (Version: - Zeboyd Games)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-3556746721-668108127-888055330-1001\...\Diablo II) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
Fallout (HKLM-x32\...\Steam App 38400) (Version: - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios)
Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version: - 14° East)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version: - )
Heroes of Might and Magic 4 (HKLM-x32\...\{7669B968-670B-4E43-AFDD-5965612A3555}) (Version: 1.00.000 - Ubisoft)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version: - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2792 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.03 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (x32 Version: 1.03 - Lenovo) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Rayman Legends (HKLM-x32\...\Steam App 242550) (Version: - )
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version: - Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Space Hulk (HKLM-x32\...\Steam App 242570) (Version: - Full Control Studios)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Unity Web Player (HKU\S-1-5-21-3556746721-668108127-888055330-1001\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

10-02-2015 20:53:10 Installed DirectX
19-02-2015 20:29:14 Removed Amazon Browser App

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A56F0E-7EA7-4FD4-88DD-95ED8445363F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {1DE55C70-08D2-4EAA-8092-CDD32305E2A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {2AD92E25-5F4F-4904-93B2-8A1E9C08120F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06] (Google Inc.)
Task: {3FF45792-36F8-4095-8418-C18094062B47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06] (Google Inc.)
Task: {8F67E4A0-0A4C-4732-A79B-CB7F373CA714} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-31] ()
Task: {BC63F59F-D104-4AD8-B3DA-D039651606DD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-31] ()
Task: {E7047719-B500-422A-86C4-77152059980B} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-31 15:12 - 2014-05-31 15:12 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-05-31 17:29 - 2015-02-05 19:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-16 07:49 - 2012-07-16 07:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2014-07-06 16:09 - 2014-07-06 16:09 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-21 18:30 - 2015-02-21 18:30 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
2015-02-22 17:59 - 2015-02-22 17:59 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022201\algo.dll
2012-09-18 09:33 - 2012-06-25 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-26 16:07 - 2012-11-20 15:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-06-26 16:07 - 2013-11-12 08:57 - 00098304 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-05-31 14:34 - 2015-01-31 23:14 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2011-11-03 18:48 - 2011-11-03 18:48 - 00056320 _____ () C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2014-07-06 16:09 - 2014-07-06 16:09 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\James\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3556746721-668108127-888055330-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3556746721-668108127-888055330-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0414c"

==================== Accounts: =============================

Administrator (S-1-5-21-3556746721-668108127-888055330-500 - Administrator - Disabled)
Frank (S-1-5-21-3556746721-668108127-888055330-1004 - Limited - Enabled) => C:\Users\Frank
Guest (S-1-5-21-3556746721-668108127-888055330-501 - Limited - Disabled)
James (S-1-5-21-3556746721-668108127-888055330-1001 - Administrator - Enabled) => C:\Users\James

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 06:30:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1040

Start Time: 01d04ec8f5c1302a

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: ce5f53e7-bac0-11e4-bec1-eca86b6d0d33

Faulting package full name:

Faulting package-relative application ID:

Error: (02/22/2015 02:08:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyrimLauncher.exe, version: 1.3.22.0, time stamp: 0x4f3956c2
Faulting module name: EasyHook32.dll, version: 0.0.0.0, time stamp: 0x49b2707b
Exception code: 0xc0000005
Fault offset: 0x0000cc2f
Faulting process id: 0x26c
Faulting application start time: 0xSkyrimLauncher.exe0
Faulting application path: SkyrimLauncher.exe1
Faulting module path: SkyrimLauncher.exe2
Report Id: SkyrimLauncher.exe3
Faulting package full name: SkyrimLauncher.exe4
Faulting package-relative application ID: SkyrimLauncher.exe5

Error: (01/24/2015 02:21:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SaintsRowTheThird_DX11.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1374

Start Time: 01d037639ddc3c38

Termination Time: 83

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe

Report Id: afc8a35a-a36f-11e4-bec0-eca86b6d0d33

Faulting package full name:

Faulting package-relative application ID:

Error: (01/20/2015 03:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: game.exe, version: 4.5.3.26353, time stamp: 0x53e49509
Faulting module name: game.exe, version: 4.5.3.26353, time stamp: 0x53e49509
Exception code: 0xc0000005
Fault offset: 0x00592fc0
Faulting process id: 0xe60
Faulting application start time: 0xgame.exe0
Faulting application path: game.exe1
Faulting module path: game.exe2
Report Id: game.exe3
Faulting package full name: game.exe4
Faulting package-relative application ID: game.exe5

Error: (01/20/2015 00:48:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msiexec.exe version 5.0.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4fc

Start Time: 01d034af4629928e

Termination Time: 4294967295

Application Path: C:\WINDOWS\SysWOW64\msiexec.exe

Report Id: aa8efdd5-a0a2-11e4-bec0-eca86b6d0d33

Faulting package full name:

Faulting package-relative application ID:

Error: (01/01/2015 03:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyrimLauncher.exe, version: 1.3.22.0, time stamp: 0x4f3956c2
Faulting module name: EasyHook32.dll, version: 0.0.0.0, time stamp: 0x49b2707b
Exception code: 0xc0000005
Fault offset: 0x0000cc2f
Faulting process id: 0x12e0
Faulting application start time: 0xSkyrimLauncher.exe0
Faulting application path: SkyrimLauncher.exe1
Faulting module path: SkyrimLauncher.exe2
Report Id: SkyrimLauncher.exe3
Faulting package full name: SkyrimLauncher.exe4
Faulting package-relative application ID: SkyrimLauncher.exe5

Error: (01/01/2015 03:11:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyrimLauncher.exe, version: 1.3.22.0, time stamp: 0x4f3956c2
Faulting module name: EasyHook32.dll, version: 0.0.0.0, time stamp: 0x49b2707b
Exception code: 0xc0000005
Fault offset: 0x0000cc2f
Faulting process id: 0x870
Faulting application start time: 0xSkyrimLauncher.exe0
Faulting application path: SkyrimLauncher.exe1
Faulting module path: SkyrimLauncher.exe2
Report Id: SkyrimLauncher.exe3
Faulting package full name: SkyrimLauncher.exe4
Faulting package-relative application ID: SkyrimLauncher.exe5

Error: (12/27/2014 01:21:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (12/26/2014 09:45:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: James-PC)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/26/2014 11:19:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_NcdAutoSetup, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ncdautosetup.dll, version: 6.3.9600.16384, time stamp: 0x5215d6ca
Exception code: 0xc0000005
Fault offset: 0x0000000000002b25
Faulting process id: 0x700
Faulting application start time: 0xsvchost.exe_NcdAutoSetup0
Faulting application path: svchost.exe_NcdAutoSetup1
Faulting module path: svchost.exe_NcdAutoSetup2
Report Id: svchost.exe_NcdAutoSetup3
Faulting package full name: svchost.exe_NcdAutoSetup4
Faulting package-relative application ID: svchost.exe_NcdAutoSetup5


System errors:
=============
Error: (02/22/2015 06:06:56 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/22/2015 02:01:01 AM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/22/2015 02:00:31 AM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/19/2015 11:00:08 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/19/2015 10:59:38 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/19/2015 08:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/19/2015 08:28:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/12/2015 08:15:25 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/12/2015 08:15:25 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/12/2015 07:09:23 PM) (Source: DCOM) (EventID: 10010) (User: James-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (02/22/2015 06:30:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711104001d04ec8f5c1302a4294967295C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exece5f53e7-bac0-11e4-bec1-eca86b6d0d33

Error: (02/22/2015 02:08:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyrimLauncher.exe1.3.22.04f3956c2EasyHook32.dll0.0.0.049b2707bc00000050000cc2f26c01d04e445cf989afC:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exeC:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dllb1d3e86a-ba37-11e4-bec1-eca86b6d0d33

Error: (01/24/2015 02:21:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SaintsRowTheThird_DX11.exe1.0.0.1137401d037639ddc3c3883C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exeafc8a35a-a36f-11e4-bec0-eca86b6d0d33

Error: (01/20/2015 03:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: game.exe4.5.3.2635353e49509game.exe4.5.3.2635353e49509c000000500592fc0e6001d034c6f11d1af2C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exeC:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe65831f3c-a0ba-11e4-bec0-eca86b6d0d33

Error: (01/20/2015 00:48:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msiexec.exe5.0.9600.163844fc01d034af4629928e4294967295C:\WINDOWS\SysWOW64\msiexec.exeaa8efdd5-a0a2-11e4-bec0-eca86b6d0d33

Error: (01/01/2015 03:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyrimLauncher.exe1.3.22.04f3956c2EasyHook32.dll0.0.0.049b2707bc00000050000cc2f12e001d025d5484854f9C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exeC:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll8e77812c-91c8-11e4-bec0-eca86b6d0d33

Error: (01/01/2015 03:11:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyrimLauncher.exe1.3.22.04f3956c2EasyHook32.dll0.0.0.049b2707bc00000050000cc2f87001d025d51ee22f4fC:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exeC:\Program Files (x86)\Razer\Razer Game Booster\EasyHook32.dll65853f85-91c8-11e4-bec0-eca86b6d0d33

Error: (12/27/2014 01:21:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]

Error: (12/26/2014 09:45:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: James-PC)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (10/26/2014 11:19:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_NcdAutoSetup6.3.9600.163845215dfe3ncdautosetup.dll6.3.9600.163845215d6cac00000050000000000002b2570001cfa7792dd24ce2C:\WINDOWS\system32\svchost.exec:\windows\system32\ncdautosetup.dllf00d1a43-5d01-11e4-bec0-eca86b6d0d33


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 21%
Total physical RAM: 8147.12 MB
Available physical RAM: 6428.09 MB
Total Pagefile: 9427.12 MB
Available Pagefile: 7432.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:1836.32 GB) (Free:1535.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 37642244)

Partition: GPT Partition Type.

==================== End Of Log ============================

I have recently experienced a loss of some icons in the notification area of my Task Bar. (Eset and Catalyst Control)

Also have some weird things going on with my two Disk Drives opening and being asked to supply an install disk for PhotoImpact against an unrelated action.

I re-installed Eset and CCC programs to see if If they would autostart in the Task Bar but this didn't work.

The programs appeared to be running in services, and would appear in the Notification area of Task Bar if I manually started them, but would not automatically appear on a restart.

I ran a complete ESET custom scan on C: Drive and it found some potentially unwanted app : IOBIT Toolbar items (4) in asc7-setup.exe of which was in my downloads folder of which program I had uninstalled a long time ago, but that was it.

I ran malwarebytes mbar and it identified -->

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot.

mbar also displayed following action in syslog :

Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\BazisVirtualCD.sys --> [Forged file]
File C:\WINDOWS\SYSTEM32\drivers\BazisVirtualCD.sys will be destroyed
Done!

(I know it is requested that CD Emulation software be disabled before running GMER, but I am not sure how/if the BazisVirtualCD.sys can be disabled.)
( I have attached a snapshot of where/what a search on the .sys file resulted in)

After a restart I also ran ESETPoweliksCleaner and it indicated Threat Not Found, so mbar must have done an adequate job of the initial removal.

I have run the ESETPowerliksCleaner utility again a few days after some minimal computer use/surfing and still no threat found.

I have tried to get some information about what this particular Trojan could have done on my PC since I am not sure how long I have had it, and also if my Antivirus/Firewall would have most likely prevented any additional progress the Trojan could have made.

I figured it might not be a bad idea to also inquire as to what I should do (if anything) to check to see if there might be any other utilities I should run for safe measure since this is the computer I use for personal banking.

Thanks in advance for your suggestions.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16609 BrowserJavaVersion: 11.31.2
Run by RCL at 15:39:49 on 2015-02-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3053.1547 [GMT -5:00]
.
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5636E
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\rcl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\rcl\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\oemreset.lnk - c:\windows\options\OemReset.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:227
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{961F8D49-B2E8-49C7-B6A1-8FEFF9B20338} : NameServer = 216.106.184.6,64.105.202.138
TCP: Interfaces\{961F8D49-B2E8-49C7-B6A1-8FEFF9B20338} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: sacore - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rcl\appdata\roaming\mozilla\firefox\profiles\s4j9n00x.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\rcl\appdata\local\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\users\rcl\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rcl\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1211151.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2014-9-18 51288]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2014-8-18 191928]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2014-8-18 135296]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2014-8-18 37928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-6 209408]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2014-9-3 216576]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2014-10-1 1349576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-3 21504]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2013-7-5 75264]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2013-9-14 9344]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2014-10-14 161288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2014-4-11 772296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 gupdate1ca0252f69b7019;Google Update Service (gupdate1ca0252f69b7019);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 107912]
S3 BazisVirtualCD;Virtual CD driver;c:\windows\system32\drivers\BazisVirtualCD.sys [2009-5-25 53248]
S3 Chroma;Chroma;c:\windows\system32\drivers\Chroma.sys [2007-3-6 44344]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2015-2-20 15968]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2015-2-20 10208]
S3 i1;i1 Pro;c:\windows\system32\drivers\i1.sys [2003-11-27 26045]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-6-25 5504]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2012-11-8 174176]
S3 VirtDiskBus;Virtual disk Enumerator;c:\windows\system32\drivers\VirtDiskBus.sys [2009-5-25 55808]
.
=============== File Associations ===============
.
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-02-21 17:46:59 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-21 17:45:35 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-21 17:45:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-20 05:46:29 88160 ----a-w- c:\windows\system32\setupempdrv03.exe
2015-02-20 05:46:29 2502240 ----a-w- c:\windows\system32\BootMan.exe
2015-02-20 05:46:29 21088 ----a-w- c:\windows\system32\EuEpmGdi.dll
2015-02-20 05:46:29 15968 ----a-w- c:\windows\system32\epmntdrv.sys
2015-02-20 05:46:29 10208 ----a-w- c:\windows\system32\EuGdiDrv.sys
2015-02-20 05:38:26 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 13:09:03 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 13:08:57 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 13:08:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-27 13:41:09 73816 ----a-w- c:\program files\mozilla firefox\wow_helper.exe
2015-01-27 01:25:03 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2015-02-06 13:08:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 13:08:10 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-23 11:41:36 875472 ----a-w- c:\windows\system32\msvcr110.dll
2015-01-23 11:41:36 535008 ----a-w- c:\windows\system32\msvcp110.dll
2015-01-15 04:13:11 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-14 01:49:16 367104 ----a-w- c:\windows\system32\html.iec
2015-01-14 01:42:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-01-14 01:42:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-14 01:41:28 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 01:41:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-14 01:40:35 11776 ----a-w- c:\windows\system32\mshta.exe
2015-01-14 01:40:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-19 00:25:17 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-08 01:59:34 306176 ----a-w- c:\windows\system32\scesrv.dll
2014-12-06 03:14:51 153600 ----a-w- c:\windows\system32\profsvc.dll
2014-12-06 03:14:36 48640 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 03:14:36 174080 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:14:34 93184 ----a-w- c:\windows\system32\ncsi.dll
2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 15:40:22.71 ===============

Attached Files

Attach.zip (11.1 KB)

Recently, I have been unable to do anything that requires the Microsoft Account. I took this issue to Microsoft Support and they said, based on an error code that I was seeing, that my registry was corrupted due to a virus on my PC.
1 - When I try to switch to a Microsoft Account on my PC, I get the error code 0x800c0008 "We're sorry but something went wrong. Your account wasn't changed to this Microsoft Account."
2 - I cannot set up and use Microsoft Live Mail 2012. It times out trying to download folders.
3 - I cannot connect to the Store "We cannot connect you to the store..." The error code reported is 0x80072f8f".

Search the web revealed no valid help for this problem.

Since this is a Windows 8.1 OS, I had to run FRST. The results shown below. Running the GMER, failed so I do not have results from it. I tried several times including one after rebooting the PC.

FRST text:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Administrator (administrator) on HOMELAPTOP on 22-02-2015 10:53:27
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Paul & Administrator (Available profiles: Paul & Administrator)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe
(Dell) C:\Users\Paul\AppData\Local\Apps\2.0\LZKHAC5E.TAQ\1WP15C89.9ET\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
(Motorola Mobility Inc.) C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
(Dropbox, Inc.) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
() C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FARNLAE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FARNLAE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FARNLAE.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [LTCM Client] => C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM\...\Run: [OEM02Mon.exe] => C:\WINDOWS\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [Amazon Cloud Player] => C:\Users\Paul\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [DELL Webcam Manager] => C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [118784 2007-06-07] (Creative Technology Ltd.)
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-26] ()
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [36202560 2014-09-01] (ooVoo LLC)
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [MotoCast] => C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk [2025 2014-12-14] ()
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\Run: [DellSystemDetect] => C:\Users\Paul\AppData\Local\Apps\2.0\LZKHAC5E.TAQ\1WP15C89.9ET\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-01] (Dell)
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\MountPoints2: {f1d75717-78a8-11e4-afd9-001d09dbeb43} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\MountPoints2: {f47c7cf6-fd95-11e3-afc7-c9ae9772d22c} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-839522115-1682526488-725345543-1004\...\MountPoints2: {f65c66ed-f221-11e2-afab-001d09dbeb43} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\Run: [DellSystemDetect] => C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILAE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\Run: [Amazon Cloud Player] => C:\Users\Administrator\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\Run: [DELL Webcam Manager] => C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe [118784 2007-06-07] (Creative Technology Ltd.)
HKU\S-1-5-21-839522115-1682526488-725345543-500\...\MountPoints2: {f65c66ed-f221-11e2-afab-001d09dbeb43} - "F:\LaunchU3.exe" -a
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKU\S-1-5-21-839522115-1682526488-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
SearchScopes: HKU\S-1-5-21-839522115-1682526488-725345543-500 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\S-1-5-21-839522115-1682526488-725345543-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={996D8884-1E0E-41EF-B77D-E292FEAFEDA9}&mid=3d570f58562647d38c0dd1544f3f02b0-6c8982b9f7c2757dcb6814dd69b9b895ac4bc867&lang=en&ds=sf011&coid=avgtbdissf&pr=sa&d=2013-12-08 08:18:24&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-11-15]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-05-01] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-11-15] (Macrovision Europe Ltd.) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280296 2013-10-30] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2013-10-30] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2013-10-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2013-08-21] (Microsoft Corporation)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63l.sys [4715008 2013-07-01] (Broadcom Corporation)
R2 giveio; C:\WINDOWS\system32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 MpKsl84b6b704; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B353D267-3F98-4DD6-8FE9-62BABA0AF63C}\MpKsl84b6b704.sys [39464 2015-02-22] (Microsoft Corporation)
R2 speedfan; C:\WINDOWS\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [34336 2010-05-07] (The OpenVPN Project)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [93016 2013-10-30] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-21] (Microsoft Corporation)
U3 pwloykow; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pwloykow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:44 - 2015-02-22 10:44 - 00370943 _____ () C:\Users\Administrator\Downloads\gmer.zip
2015-02-22 10:44 - 2015-02-22 10:44 - 00370943 _____ () C:\Users\Administrator\Desktop\gmer.zip
2015-02-22 10:43 - 2015-02-22 10:53 - 00017701 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-02-22 10:42 - 2015-02-22 10:53 - 00000000 ____D () C:\FRST
2015-02-22 10:42 - 2015-02-22 10:42 - 01126912 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2015-02-22 10:42 - 2015-02-22 10:42 - 01126912 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-02-22 10:38 - 2015-02-22 10:38 - 00688992 _____ (Swearware) C:\Users\Administrator\Downloads\dds.scr
2015-02-22 10:35 - 2015-02-22 10:34 - 00688992 _____ (Swearware) C:\Users\Paul\Desktop\dds.scr
2015-02-22 10:35 - 2015-02-22 10:34 - 00370943 _____ () C:\Users\Paul\Desktop\gmer.zip
2015-02-22 10:34 - 2015-02-22 10:48 - 00036576 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 10:34 - 2015-02-22 10:34 - 00370943 _____ () C:\Users\Paul\Downloads\gmer.zip
2015-02-22 10:33 - 2015-02-22 10:34 - 00688992 _____ (Swearware) C:\Users\Paul\Downloads\dds.scr
2015-02-22 10:20 - 2015-02-22 10:20 - 00003180 _____ () C:\Users\Paul\Desktop\cc_20150222_102010.reg
2015-02-22 09:59 - 2015-02-22 10:15 - 00000000 ____D () C:\Program Files\LogMeIn Rescue RC - 4e79fb14-e1b0-408c-bccc-92db84a64adf
2015-02-22 09:18 - 2013-10-30 16:38 - 00202584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-02-22 09:18 - 2013-10-30 16:38 - 00093016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-02-22 09:18 - 2013-10-30 16:36 - 00030224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-02-22 08:45 - 2014-05-07 22:52 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-22 08:45 - 2014-05-07 21:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-22 08:45 - 2014-04-18 23:49 - 18644072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-22 08:45 - 2014-03-10 01:43 - 01673048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-02-22 08:45 - 2014-03-10 01:43 - 00283992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-02-22 08:43 - 2015-02-22 08:43 - 00002222 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2015-02-22 08:42 - 2015-02-22 10:37 - 00000000 ____D () C:\Users\Paul\AppData\Local\LogMeIn Rescue Applet
2015-02-22 08:42 - 2015-02-22 08:42 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Paul\Downloads\Support-LogMeInRescue.exe
2015-02-08 10:35 - 2015-02-08 10:36 - 05487040 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\Windows8-Setup.exe
2015-02-08 10:33 - 2015-02-08 10:34 - 06431728 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\OSGS14-WindowsSetupBox-32bitand64bit-English-4141408.exe
2015-02-08 09:29 - 2015-02-08 09:29 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-02-08 09:29 - 2015-02-08 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Motorola Mobility
2015-02-08 08:58 - 2015-02-08 08:58 - 00143357 _____ () C:\Users\Paul\Downloads\microsoftaccountdiagnostic (1).diagcab
2015-02-08 08:47 - 2015-02-08 08:47 - 01239752 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\wlsetup-web (1).exe
2015-02-08 08:46 - 2015-02-08 08:46 - 01239752 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\wlsetup-web.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:44 - 2013-09-11 17:44 - 00000941 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Update {E9566DDA-B1B5-457A-849F-F99DA95D0B89}.job
2015-02-22 10:44 - 2013-09-11 17:44 - 00000755 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {E9566DDA-B1B5-457A-849F-F99DA95D0B89}.job
2015-02-22 10:37 - 2013-04-06 15:53 - 00000000 ____D () C:\TEMP
2015-02-22 10:37 - 2013-04-04 09:55 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 10:32 - 2013-12-28 09:01 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-22 10:14 - 2013-04-04 09:55 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 10:05 - 2014-06-09 20:05 - 00000941 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Update {16BF628B-63BC-464D-9395-B4E4B1CC2238}.job
2015-02-22 10:05 - 2014-06-09 20:05 - 00000755 _____ () C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {16BF628B-63BC-464D-9395-B4E4B1CC2238}.job
2015-02-22 10:02 - 2014-12-14 12:32 - 00000000 ____D () C:\Users\Paul\.gstreamer-0.10
2015-02-22 10:02 - 2014-12-14 12:27 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\MotoCast
2015-02-22 10:02 - 2014-07-20 19:11 - 00000000 ___RD () C:\Users\Paul\Dropbox
2015-02-22 10:01 - 2014-07-20 19:01 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2015-02-22 10:00 - 2013-08-22 01:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-22 09:58 - 2013-08-22 00:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-22 09:57 - 2013-08-21 23:13 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-22 09:56 - 2013-08-22 01:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-22 09:56 - 2013-08-22 01:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-22 09:56 - 2013-08-22 01:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-22 09:56 - 2013-08-22 01:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-22 09:36 - 2013-04-04 09:56 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-22 09:34 - 2012-07-25 23:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-22 09:31 - 2013-10-05 06:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-22 09:31 - 2013-09-08 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-22 09:20 - 2013-08-22 01:17 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-02-22 09:18 - 2013-08-22 01:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-22 08:44 - 2014-11-16 08:18 - 00000000 ____D () C:\Users\Paul\Desktop\Pam
2015-02-14 10:43 - 2013-10-30 22:24 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 08:25 - 2014-07-20 19:11 - 00001026 _____ () C:\Users\Paul\Desktop\Dropbox.lnk
2015-02-14 08:25 - 2014-07-20 19:04 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 10:22 - 2013-08-22 01:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-08 09:37 - 2013-08-22 01:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 09:29 - 2013-10-30 22:12 - 00000000 ____D () C:\Users\Administrator
2015-02-08 09:01 - 2014-06-09 19:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-08 09:01 - 2014-06-09 19:10 - 00001267 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-02-08 09:00 - 2013-04-04 10:40 - 00002448 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-02-08 09:00 - 2013-04-04 10:40 - 00001336 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-02-08 08:59 - 2013-04-04 10:40 - 00001420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

==================== Files in the root of some directories =======

2013-04-06 15:53 - 2013-08-18 15:55 - 0008065 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjvmgtc.dll
C:\Users\Paul\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-21 10:01

==================== End Of Log ============================

Additions.txt uploaded as Additions.zip

I downloaded the original version of Windows 8 when it first came out after a special offer from Microsoft. I have upgraded to 8.1 since then. So, I do not have access to an installation disk.

Attached Files

Addition.zip (10.8 KB)

I have been unable to remove 'ads be edeals' as well as stop occassional browser pop-ups for 'pc cleaners.' I have run scans using adwcleaner, hitman pro, and spyhunter, and none have removed the problem. I reset Chrome, and removed 'edeals' using the program uninstall area of the control panel, and the edeal hyperlinks are still occurring, and sometimes the pop-ups.

I tried downloading dds and gmer, but neither would work. dds said 'DDS is not meant to run in 'Compatibility Mode'. The program shall now exit.' and gmer says 'C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process.' gmer will open stay open for a few seconds after this, but it will start to not responded and will automatically shut down, with no error code provided. I had already removed bittorrent and daemon tools, as well as the malware programs I mentioned in the first paragraph, before trying to run dds and gmer.

Any tips for where else I can start? It's greatly appreciated, thank you.

Hi Tech Support Forum, my PC Has been playing up and not sure what's going on CPU was running hot and busy with no programs open. '
Changed from MSE to Norton 360 and tried power eraser. it found TMP3C7.TMP but failed to remove it.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Daryl at 17:09:22 on 2015-02-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.7609.4185 [GMT 11:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\Hpservice.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\Daryl\Downloads\PCMeterV4\PCMeterV0.4.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\RtsCM64.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe
C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7epasrv64x.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\PNIOMGR.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
c:\Windows\SysWOW64\flcdlock.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\pniopcac.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: HP File Sanitizer: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [S7UB Start] "C:\Program Files (x86)\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DBAB0DFE-BE29-4948-B9B9-BFC81AA99B7D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBAB0DFE-BE29-4948-B9B9-BFC81AA99B7D}\37B697373616E6 : DHCPNameServer = 10.2.36.79 10.2.36.76
TCP: Interfaces\{DBAB0DFE-BE29-4948-B9B9-BFC81AA99B7D}\44162797C62E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [RtsCM] RTSCM64.EXE
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [Thunderbolt] c:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-8 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-8 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-6-18 20464]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-2-3 31376]
R0 PinFile;PinFile;C:\Windows\System32\drivers\PinFile.sys [2013-8-22 49856]
R0 SDDisk2K;SDDisk2K;C:\Windows\System32\drivers\SDDisk2K.sys [2013-8-22 228544]
R0 SDDToki;SDDToki;C:\Windows\System32\drivers\SDDToki.sys [2013-8-22 131264]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\SymDS64.sys [2015-2-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\SymEFA64.sys [2015-2-10 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [2015-2-3 1622744]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccSetx64.sys [2015-2-10 162392]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2014-1-16 90608]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150221.001\IDSviA64.sys [2015-2-23 669400]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-2-3 299152]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2015-2-23 108216]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\Ironx64.sys [2015-2-10 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2015-2-10 593112]
R2 almservice;Automation License Manager Service;C:\Program Files\Common Files\Siemens\sws\almsrv\almsrv64x.exe [2011-10-28 1542792]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-6-26 1132920]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-4-24 1366392]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-4-24 1153400]
R2 FLCDLOCK;HP Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2013-3-5 556856]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPFSService;HP File Sanitizer;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-3-7 1730776]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2014-5-16 683296]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-6-21 43320]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-8 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-6-25 318568]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-1-16 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-1-16 169432]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [2015-2-10 265040]
R2 NVWMI;NVIDIA WMI Provider;C:\Windows\System32\nvwmi64.exe [2015-2-3 2693448]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-9-28 1143432]
R2 s7hspsvx;S7 HSP Service;C:\Program Files (x86)\Siemens\Step7\S7BIN\s7hspsvx.exe [2011-10-31 61493]
R2 s7oiehsx64;SIMATIC IEPG Help Service;C:\Program Files\Common Files\Siemens\Automation\Simatic OAM\bin\s7oiehsx64.exe [2011-11-3 139864]
R2 s7ousbu64x;SIMATIC USB Service;C:\Windows\System32\drivers\s7ousbu64x.sys [2011-9-29 193024]
R2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;C:\Windows\System32\drivers\s7sn2srtx.sys [2011-6-16 83032]
R2 S7TraceServiceX;S7TraceServiceX;C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceService64x.exe [2011-11-3 229976]
R2 SynoDrService;SynoDrService;C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [2014-6-26 384072]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2014-2-25 248736]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2013-2-12 3165232]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-9-23 3820960]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-4-24 132920]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-8-9 1385272]
R3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2013-2-19 65752]
R3 dpmconv;SIMATIC NET DP Driver;C:\Windows\System32\drivers\dpmconv.sys [2011-4-19 259072]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2015-2-1 489752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-2-10 142640]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2014-4-9 1448248]
R3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-6-14 113096]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-6-18 369648]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-6-18 790512]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-7-27 25528]
R3 rtsuvc;HP HD Webcam [Fixed];C:\Windows\System32\drivers\rtsuvc.sys [2014-1-16 8243528]
R3 s7odpx2x64;SIMATIC Knotentaufe;C:\Windows\System32\drivers\s7odpx2x64.sys [2011-10-20 71168]
R3 s7oppinx64;SIMATIC PPI Transport;C:\Windows\System32\drivers\s7oppinx64.sys [2011-10-20 107520]
R3 s7oserix64;Siemens PC Serial Cable;C:\Windows\System32\drivers\s7oserix64.sys [2011-5-6 121344]
R3 s7osmcax64;SIMATIC PC Adapter RS232;C:\Windows\System32\drivers\s7osmcax64.sys [2011-9-29 195584]
R3 s7osobux64;SIMATIC SoftBus;C:\Windows\System32\drivers\s7osobux64.sys [2011-5-6 152576]
R3 s7otmcd64x;SIMATIC Memory Cards;C:\Windows\System32\drivers\s7otmcd64x.sys [2011-5-6 199680]
R3 s7otranx64;SIMATIC Transport;C:\Windows\System32\drivers\s7otranx64.sys [2011-5-6 260096]
R3 s7otsadx64;SIMATIC TS Adapter RS232;C:\Windows\System32\drivers\s7otsadx64.sys [2011-9-29 192000]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2015-2-3 34544]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-21 206744]
R3 vsnl2ada;SIMATIC NET FDL Driver;C:\Windows\System32\drivers\vsnl2ada.sys [2011-4-19 120832]
S2 CLKMSVC10_99E320F5;CyberLink Product - 2014/01/16 04:33:26;C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [2013-5-10 240392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btmlehid;Intel Bluetooth Low Energy HID Service;C:\Windows\System32\drivers\btmlehid.sys [2013-1-22 76088]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2014-12-29 58368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-7-27 35256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-9-23 268192]
S3 nhi;Thunderbolt(TM) Controller;C:\Windows\System32\drivers\trw70x.sys [2013-6-12 73016]
S3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2014-1-16 476888]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-6-12 30448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-02-23 05:07:52 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2015-02-23 03:36:55 -------- d-----w- C:\NPE
2015-02-16 09:33:43 -------- d-----w- C:\Users\Daryl\AppData\Local\NPE
2015-02-12 06:52:27 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-12 06:52:27 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-12 06:52:27 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-12 06:52:27 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-11 08:19:03 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-11 08:19:03 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-11 08:19:03 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-11 08:19:03 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-11 08:19:03 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-02-11 08:19:03 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-02-11 08:19:02 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-11 08:19:02 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-11 08:19:01 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-02-11 08:19:00 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-02-11 08:19:00 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-02-11 08:19:00 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-02-11 08:17:42 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-11 08:16:36 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-02-11 08:15:32 187904 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-02-11 08:15:32 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-02-11 08:15:31 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-02-11 08:15:31 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-02-11 08:15:31 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-02-11 08:15:31 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-02-11 08:14:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-11 08:14:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-11 08:14:20 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-11 08:14:20 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-11 07:52:15 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-11 07:52:14 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-11 07:52:14 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-11 07:52:14 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-11 07:52:14 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 07:52:14 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 07:52:14 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-11 07:51:29 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-10 00:29:45 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2015-02-10 00:02:22 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-02-10 00:02:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2015-02-10 00:01:58 876248 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2015-02-10 00:01:58 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2015-02-10 00:01:58 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymDS64.sys
2015-02-10 00:01:58 37592 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2015-02-10 00:01:58 266968 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\Ironx64.sys
2015-02-10 00:01:58 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys
2015-02-10 00:01:58 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccSetx64.sys
2015-02-10 00:01:58 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymEFA64.sys
2015-02-10 00:01:51 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2015-02-10 00:01:51 -------- d-----w- C:\Windows\System32\drivers\N360x64
2015-02-10 00:01:50 -------- d-----w- C:\Program Files (x86)\Norton 360
2015-02-09 23:58:57 -------- d-----w- C:\ProgramData\NortonInstaller
2015-02-09 23:58:57 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2015-02-09 23:55:35 -------- d-----w- C:\ProgramData\Norton
2015-02-07 04:21:47 -------- d-----w- C:\Program Files (x86)\Hp
2015-02-07 03:34:06 -------- d-----w- C:\Users\Daryl\AppData\Local\LogMeIn Rescue Applet
2015-02-03 12:40:58 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-02-03 11:41:41 -------- d-----w- C:\Users\Daryl\AppData\Local\NVIDIA
2015-02-03 11:39:58 -------- d-----w- C:\Windows\SysWow64\NV
2015-02-03 11:39:58 -------- d-----w- C:\Windows\System32\NV
2015-02-03 11:38:11 2693448 ----a-w- C:\Windows\System32\nvwmi64.exe
2015-02-03 11:21:58 723184 ----a-w- C:\Windows\System32\SynCOM.dll
2015-02-03 11:21:58 556272 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2015-02-03 11:21:58 422640 ----a-w- C:\Windows\System32\SynTPCo19.dll
2015-02-03 11:21:58 400624 ----a-w- C:\Windows\SysWow64\SynCom.dll
2015-02-03 11:21:58 34544 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2015-02-03 11:21:58 252144 ----a-w- C:\Windows\System32\SynTPAPI.dll
2015-02-03 11:21:58 169712 ----a-w- C:\Windows\SysWow64\SynTPCom.dll
2015-02-03 11:13:25 -------- d-----w- C:\Program Files\Common Files\Intel
2015-02-03 11:13:21 -------- d-----w- C:\Program Files (x86)\Cisco
2015-02-01 08:56:41 85808 ----a-w- C:\Windows\System32\NicInstD.dll
2015-02-01 08:56:41 73512 ----a-w- C:\Windows\System32\e1dmsg.dll
2015-02-01 08:56:41 489752 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2015-02-01 08:56:41 125728 ----a-w- C:\Windows\System32\NicCo4.dll
2015-02-01 08:52:51 100312 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
.
==================== Find3M ====================
.
2015-02-07 01:31:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-07 01:31:13 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-03 11:40:42 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-02-03 11:01:38 734720 ----a-w- C:\Windows\System32\MetroIntelGenericUIFramework.dll
2015-02-01 08:52:43 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2015-01-26 12:12:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-11-26 16:03:50 6783304 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-26 16:03:50 3521224 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-26 16:03:44 933192 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-26 16:03:44 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-26 16:03:44 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-26 16:03:43 385352 ----a-w- C:\Windows\System32\nvmctray.dll
.
============= FINISH: 17:10:25.68 ===============

Attached Files

Attach.zip (13.6 KB)