I believe my Windows 7 (SP1) machine has been infected (Dell Precision 370 with ssd). The CPU runs at 100% and fluctuates periodically to 50-60%, then back to 100%. I have applied all windows updates ad checked for driver updates - the machine conttines to run at max cpu. I have run the dds and gmer.exe's and attached the files to this thread. I as run Malwarebytes and Windows Essentials. No trojans/viruses/malware found. Please help.
Thanks,
Chris
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by theParents at 19:51:52 on 2014-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1351 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [AppleIEDAV] c:\program files\common files\apple\internet services\AppleIEDAV.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\thepar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{261596F8-62E6-45B7-B019-8A548F682BFB} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{B6CBB0DD-2035-4FB2-B293-48E250F036FE} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\theparents\appdata\roaming\mozilla\firefox\profiles\9kmq7074.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-6 2046560]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-7 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-7 701512]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-4-19 39272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-14 108032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-7 22856]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-14 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-14 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-23 1343400]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-10-6 27496]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-10-6 27496]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-10-6 27496]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-10-6 27496]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-10-6 27496]
.
=============== Created Last 30 ================
.
2014-04-16 02:28:51 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cbd389f-f9a3-238d-f6da-39412f356f11}\GapaEngine.dll
2014-04-16 02:14:51 -------- d-----w- C:\7666cc4154151b6d4cbe4dd98fbb2f
2014-04-15 03:11:30 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-15 03:11:28 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-15 03:11:14 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-15 03:11:14 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-15 03:11:13 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-15 03:05:27 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-15 03:05:22 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-15 03:05:21 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-15 03:05:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-04-15 03:05:19 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-04-15 03:05:19 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-04-15 03:05:19 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-15 03:05:18 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-04-15 03:05:18 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-04-15 03:05:18 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-04-15 03:05:17 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-04-15 03:05:16 5698048 ----a-w- c:\windows\system32\mstscax.dll
2014-04-15 02:46:43 -------- d-----w- c:\windows\Migration
2014-04-15 02:36:07 8011264 ----a-w- c:\program files\internet explorer\F12Resources.dll
2014-04-15 02:36:01 1064960 ----a-w- c:\program files\internet explorer\networkinspection.dll
2014-04-15 02:36:00 1634304 ----a-w- c:\program files\internet explorer\F12.dll
2014-04-15 02:35:59 470016 ----a-w- c:\program files\internet explorer\ieinstal.exe
2014-04-15 02:35:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2014-04-15 02:35:58 811728 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-04-15 02:35:58 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-15 02:35:57 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-15 02:35:51 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-15 02:16:27 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-15 02:16:26 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-15 01:47:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-04-15 01:47:13 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-15 01:46:13 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-15 01:46:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-04-15 01:34:14 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-15 01:34:13 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-15 01:34:13 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-15 01:34:12 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-15 01:34:11 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-15 01:34:10 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-15 01:34:10 428032 ----a-w- c:\windows\system32\secproc.dll
2014-04-15 01:34:10 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-04-15 01:34:09 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-15 01:26:18 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-15 01:26:18 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-04-15 01:01:29 7969936 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84e14b0f-6b10-4d52-93fd-48948fb3098c}\mpengine.dll
2014-04-13 21:16:28 7969936 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-05 05:07:15 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29b8c23a-c30f-46db-9304-9bc1f256c734}\gapaengine.dll
2014-04-01 00:57:55 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-04-01 00:57:55 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-04-01 00:57:54 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2014-03-25 16:03:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-25 16:03:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:07:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-02-04 02:07:50 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-02-04 02:07:41 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 08:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:56:52.50 ===============
Thanks,
Chris
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by theParents at 19:51:52 on 2014-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1351 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [AppleIEDAV] c:\program files\common files\apple\internet services\AppleIEDAV.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\thepar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{261596F8-62E6-45B7-B019-8A548F682BFB} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{B6CBB0DD-2035-4FB2-B293-48E250F036FE} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\theparents\appdata\roaming\mozilla\firefox\profiles\9kmq7074.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-6 2046560]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-7 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-7 701512]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-4-19 39272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-14 108032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-7 22856]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-14 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-14 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-23 1343400]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-10-6 27496]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-10-6 27496]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-10-6 27496]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-10-6 27496]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-10-6 27496]
.
=============== Created Last 30 ================
.
2014-04-16 02:28:51 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cbd389f-f9a3-238d-f6da-39412f356f11}\GapaEngine.dll
2014-04-16 02:14:51 -------- d-----w- C:\7666cc4154151b6d4cbe4dd98fbb2f
2014-04-15 03:11:30 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-15 03:11:28 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-15 03:11:14 221184 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-15 03:11:14 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-15 03:11:13 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-15 03:05:27 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-15 03:05:22 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-15 03:05:21 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-15 03:05:19 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-04-15 03:05:19 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-04-15 03:05:19 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-04-15 03:05:19 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-15 03:05:18 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-04-15 03:05:18 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-04-15 03:05:18 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-04-15 03:05:17 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-04-15 03:05:16 5698048 ----a-w- c:\windows\system32\mstscax.dll
2014-04-15 02:46:43 -------- d-----w- c:\windows\Migration
2014-04-15 02:36:07 8011264 ----a-w- c:\program files\internet explorer\F12Resources.dll
2014-04-15 02:36:01 1064960 ----a-w- c:\program files\internet explorer\networkinspection.dll
2014-04-15 02:36:00 1634304 ----a-w- c:\program files\internet explorer\F12.dll
2014-04-15 02:35:59 470016 ----a-w- c:\program files\internet explorer\ieinstal.exe
2014-04-15 02:35:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe
2014-04-15 02:35:58 811728 ----a-w- c:\program files\internet explorer\iexplore.exe
2014-04-15 02:35:58 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-15 02:35:57 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-15 02:35:51 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-15 02:16:27 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-15 02:16:26 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-15 01:47:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-04-15 01:47:13 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-15 01:46:13 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-15 01:46:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-04-15 01:34:14 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-15 01:34:13 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-15 01:34:13 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-15 01:34:12 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-15 01:34:11 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-15 01:34:10 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-15 01:34:10 428032 ----a-w- c:\windows\system32\secproc.dll
2014-04-15 01:34:10 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-04-15 01:34:09 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-15 01:26:18 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-15 01:26:18 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-04-15 01:01:29 7969936 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84e14b0f-6b10-4d52-93fd-48948fb3098c}\mpengine.dll
2014-04-13 21:16:28 7969936 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-05 05:07:15 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29b8c23a-c30f-46db-9304-9bc1f256c734}\gapaengine.dll
2014-04-01 00:57:55 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-04-01 00:57:55 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-04-01 00:57:54 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2014-03-25 16:03:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-25 16:03:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:07:53 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-02-04 02:07:50 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-02-04 02:07:41 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 08:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:56:52.50 ===============