Hi. My friend asked me to have a look at her laptop as she thought it had a virus. She said that she had been trying to watch a tv program from a streaming website and then after trying a few different ones and following the on-screen instructions, her cursor began to move around the screen itself. I had a look and the first thing I found was no anti-virus. I installed Avast Free and then disconnected wi-fi and did a scan that threw up 7 high threats. It deleted those and then on restart deleted a load of other stuff. I know you the rules request not to remove anything but I didn't want to re-connect wi-fi to come on here with all the viruses still there (3 were trojans). There isn't very much on the laptop so it would necessarily run slow but I am sure that there is bound to be other stuff if Avast Free picked up those viruses. I also ran Trend Micro House Call after Avast and it came back with nothing found.
Please see requested logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Holl at 9:51:52 on 2014-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5924.3535 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=hp&installDate=12/11/2013
uSearch Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uDefault_Page_URL = hxxp://samsung.msn.com
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -
BHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
TB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} -
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C}\35B4950364538354 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C}\35B4953443038383 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll C:\PROGRA~3\Wincert\WIN32C~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&installDate=12/11/2013&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-01-11 23:15; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2014-01-12 21:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-1-11 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-1-11 207904]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-4-25 28992]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-1-11 1034464]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-1-11 422216]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-4-23 13824]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-1-11 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-11 50344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-23 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-23 161560]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-4-23 31624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-23 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-13 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-2-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-2-13 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-2-13 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-2-13 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-2-13 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-2-13 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-2-13 280992]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-2-24 550560]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-15 331264]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-23 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-11 79672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-12 21:49:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61FE86E0-7E6E-466B-8507-665FB7EF3EFF}\offreg.dll
2014-01-12 20:50:00 -------- d-----w- C:\Users\Holl\AppData\Roaming\Malwarebytes
2014-01-12 20:49:47 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-12 20:49:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-12 20:49:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-12 20:49:30 -------- d-----w- C:\Users\Holl\AppData\Local\Programs
2014-01-12 09:35:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-12 09:35:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-12 09:35:05 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2014-01-12 09:35:04 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2014-01-11 23:53:11 335360 ----a-w- C:\windows\System32\msieftp.dll
2014-01-11 23:53:11 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2014-01-11 23:53:09 3155968 ----a-w- C:\windows\System32\win32k.sys
2014-01-11 23:53:04 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2014-01-11 23:53:04 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2014-01-11 23:53:03 81408 ----a-w- C:\windows\System32\imagehlp.dll
2014-01-11 23:53:03 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-01-11 23:51:47 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-01-11 23:50:59 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-01-11 23:50:59 30720 ----a-w- C:\windows\System32\lsass.exe
2014-01-11 23:50:59 28672 ----a-w- C:\windows\System32\sspisrv.dll
2014-01-11 23:50:59 28160 ----a-w- C:\windows\System32\secur32.dll
2014-01-11 23:50:59 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-01-11 23:49:34 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-01-11 23:49:34 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-01-11 23:49:27 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-01-11 23:49:27 830464 ----a-w- C:\windows\System32\nshwfp.dll
2014-01-11 23:49:27 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2014-01-11 23:49:27 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2014-01-11 23:49:27 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2014-01-11 23:43:55 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61FE86E0-7E6E-466B-8507-665FB7EF3EFF}\mpengine.dll
2014-01-11 23:17:17 -------- d-----w- C:\Users\Holl\AppData\Roaming\AVAST Software
2014-01-11 23:15:26 79672 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-01-11 23:15:24 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-01-11 23:15:23 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-01-11 23:15:23 1034464 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-01-11 23:15:21 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-01-11 23:15:19 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-01-11 23:14:57 43152 ----a-w- C:\windows\avastSS.scr
2014-01-11 23:14:15 -------- d-----w- C:\Program Files\AVAST Software
2014-01-11 23:12:38 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-11 23:07:18 2212656 ----a-w- C:\windows\ETDUninst.dll
.
==================== Find3M ====================
.
2014-01-13 01:22:21 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-13 01:22:21 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 12:25:52 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 9:52:06.96 ===============
I don't have access to boot disc as she wouldn't have known to make 1 but I will do a recovery disc once all the problems are definitely eradicated.
Thanks for all help.
Please see requested logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Holl at 9:51:52 on 2014-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5924.3535 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=hp&installDate=12/11/2013
uSearch Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
uDefault_Page_URL = hxxp://samsung.msn.com
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&q={searchTerms}&installDate=12/11/2013
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -
BHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} -
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
TB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} -
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C}\35B4950364538354 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8D34EED1-25A4-402C-8715-BCFF7AB1184C}\35B4953443038383 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll C:\PROGRA~3\Wincert\WIN32C~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=3c00d6f4-a769-337d-7cf7-5e8c8d620535&searchtype=ds&installDate=12/11/2013&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-01-11 23:15; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2014-01-12 21:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Holl\AppData\Roaming\Mozilla\Firefox\Profiles\tfeo8zo8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-1-11 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-1-11 207904]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-4-25 28992]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-1-11 1034464]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-1-11 422216]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-4-23 13824]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-1-11 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-11 50344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-23 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-23 161560]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-4-23 31624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-23 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-13 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-2-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-2-13 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-2-13 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-2-13 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-2-13 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-2-13 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-2-13 280992]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-2-24 550560]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-15 331264]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-23 648808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-11 79672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-12 21:49:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61FE86E0-7E6E-466B-8507-665FB7EF3EFF}\offreg.dll
2014-01-12 20:50:00 -------- d-----w- C:\Users\Holl\AppData\Roaming\Malwarebytes
2014-01-12 20:49:47 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-12 20:49:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-12 20:49:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-12 20:49:30 -------- d-----w- C:\Users\Holl\AppData\Local\Programs
2014-01-12 09:35:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-12 09:35:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-12 09:35:05 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2014-01-12 09:35:04 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2014-01-11 23:53:11 335360 ----a-w- C:\windows\System32\msieftp.dll
2014-01-11 23:53:11 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2014-01-11 23:53:09 3155968 ----a-w- C:\windows\System32\win32k.sys
2014-01-11 23:53:04 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2014-01-11 23:53:04 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2014-01-11 23:53:03 81408 ----a-w- C:\windows\System32\imagehlp.dll
2014-01-11 23:53:03 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-01-11 23:51:47 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-01-11 23:50:59 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-01-11 23:50:59 30720 ----a-w- C:\windows\System32\lsass.exe
2014-01-11 23:50:59 28672 ----a-w- C:\windows\System32\sspisrv.dll
2014-01-11 23:50:59 28160 ----a-w- C:\windows\System32\secur32.dll
2014-01-11 23:50:59 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-01-11 23:49:34 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-01-11 23:49:34 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-01-11 23:49:27 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-01-11 23:49:27 830464 ----a-w- C:\windows\System32\nshwfp.dll
2014-01-11 23:49:27 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2014-01-11 23:49:27 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2014-01-11 23:49:27 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2014-01-11 23:43:55 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61FE86E0-7E6E-466B-8507-665FB7EF3EFF}\mpengine.dll
2014-01-11 23:17:17 -------- d-----w- C:\Users\Holl\AppData\Roaming\AVAST Software
2014-01-11 23:15:26 79672 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-01-11 23:15:24 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-01-11 23:15:23 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-01-11 23:15:23 1034464 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-01-11 23:15:21 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-01-11 23:15:19 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-01-11 23:14:57 43152 ----a-w- C:\windows\avastSS.scr
2014-01-11 23:14:15 -------- d-----w- C:\Program Files\AVAST Software
2014-01-11 23:12:38 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-11 23:07:18 2212656 ----a-w- C:\windows\ETDUninst.dll
.
==================== Find3M ====================
.
2014-01-13 01:22:21 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-13 01:22:21 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 12:25:52 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 9:52:06.96 ===============
I don't have access to boot disc as she wouldn't have known to make 1 but I will do a recovery disc once all the problems are definitely eradicated.
Thanks for all help.