Hi, I was writing a very important document. Then windows7 wanted to do an update. So i did the update. Then my machine rebooted. Then there was an unusual blank screen with just the cursor top right hanging for quiet a while. About a minute latter the pc started to boot. I noticed the HDD making a noise, this is not usual. The HDD activity light on. Noise is grind 1 second long then grind 1 second long then grind 1 second long then 2 quick grinds 1 second long each. The HDD has been active constantly. Repeating this noise. My eset smart secuirty wont open just locks up. I downloaded malwear bytes that wont even open even after reboot. I tried kaspersky online scan CPU goes off so does HDD but sits on 0% for 20 minutes or so so i rebooted. I tried to go safe mode both without & with networking as soon as i boot up the HDD noise comes back. Still malwear bytes wont open. I am certain i was hacked while writing this document in open office writer.
The DDS file took about 20 minutes to boot up. I had to save to documents. The GMER file wouldnt complete. Both quick & in just C: gets stuck on a file last part says ....(series of hexadecimal)policy. I can see this is one nasty peice of malwear/virus.
Thanks for reading & your help.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Gary at 3:13:50 on 2014-06-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4095.1442 [GMT 8:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Serviio\bin\ServiioConsole.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
uRun: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe"
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2D58A2CB-708B-42F5-A9EE-8A9A586BF610} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{3648C94C-571B-4217-A170-5BA36FE383F1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6C180ABB-3D48-404F-AA22-1C6906757A72} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DFD11378-F819-422B-9F85-14A2836ADBEA} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DFD11378-F819-422B-9F85-14A2836ADBEA} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\c9uwjb6s.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f076f72600000000000000ff73394a4b&q=
FF - user.js: extensions.BabylonToolbar.id - f076f72600000000000000ff73394a4b
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15751
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.102:02:53
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-12 178728]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-18 50464]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-2 41704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-20 240640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-3 476016]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-3 387440]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-12 860472]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-21 359936]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-4-28 1801240]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-22 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-22 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-12 63704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S1 PCC_DSCP;Personal Communicator DSCP Driver;C:\Windows\System32\drivers\PCC_DSCP_x64.sys [2013-2-21 21152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-4-10 38080]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-4-10 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-4-10 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-4-10 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-4-10 158024]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-11 18:56:25 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8548374A-426D-4A4E-B31B-6E58627DA4FD}\offreg.dll
2014-06-11 18:29:59 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-11 17:58:51 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-11 17:58:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-11 17:58:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-11 17:58:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-11 17:58:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-11 04:49:20 -------- d-----w- C:\Users\Gary\AppData\Local\{84028A73-2533-40CF-822A-A94B366E4921}
2014-06-11 04:38:25 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 04:38:25 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 04:38:23 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 04:38:23 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 04:38:17 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 04:38:17 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 04:38:17 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 04:38:17 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 04:38:13 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-06-11 04:33:29 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8548374A-426D-4A4E-B31B-6E58627DA4FD}\mpengine.dll
2014-06-11 04:33:11 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 04:33:11 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 09:53:39 -------- d-----w- C:\Users\Gary\AppData\Local\{50882644-DADC-437C-A2F2-2F9D72876A73}
2014-06-09 16:05:27 -------- d-----w- C:\Users\Gary\AppData\Local\{C51EBFE4-9CE5-4555-8170-0733C7CA4480}
2014-06-09 09:22:37 -------- d-----w- C:\Users\Gary\AppData\Local\{D92FE288-9192-4F6E-9DEB-8FC29B1B496D}
2014-06-09 05:02:17 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-06-09 04:18:00 -------- d-----w- C:\Users\Gary\AppData\Local\{6558444A-72C0-4F70-9691-F7AB64BBCA66}
2014-06-09 04:17:14 -------- d-----w- C:\Users\Gary\AppData\Local\{37D36EFA-7E7D-412B-B102-BC48799364F6}
2014-06-08 18:38:13 -------- d-----w- C:\Users\Gary\AppData\Local\{2F70F57F-64DA-4D35-B9F8-3FD7E8FCF399}
2014-06-08 04:27:12 -------- d-----w- C:\Users\Gary\AppData\Local\{39583977-AA69-4D5B-B45C-ECC95CED16E4}
2014-06-07 08:51:15 -------- d-----w- C:\Users\Gary\AppData\Local\{BA109B7F-E68F-4D75-82DC-0050EBD02EA2}
2014-06-06 04:28:46 -------- d-----w- C:\Users\Gary\AppData\Local\{8EF858CB-B3A2-4DB4-AC0D-EB274FA2C057}
2014-06-05 04:01:30 -------- d-----w- C:\Users\Gary\AppData\Local\{2525D8E4-D865-48A5-9357-BCE7DC4DFFC8}
2014-06-04 05:09:56 -------- d-----w- C:\Users\Gary\AppData\Local\{6CB10517-93CB-4E72-9CC5-A4DD25DFCB24}
2014-06-03 03:17:30 -------- d-----w- C:\Users\Gary\AppData\Local\{DE27B77F-C806-4FA9-AC9B-425FE18A4632}
2014-06-02 08:00:14 -------- d-----w- C:\Users\Gary\AppData\Local\{0ACE77B9-6666-4D52-B147-86BF010A54F6}
2014-06-01 16:05:00 -------- d-----w- C:\Users\Gary\AppData\Local\{F9929A86-38E3-4E49-A4F0-D1D131F202A0}
2014-06-01 04:04:27 -------- d-----w- C:\Users\Gary\AppData\Local\{40B6C2E7-C3C8-4972-B0CE-49DB2772890D}
2014-05-31 18:38:56 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2014-05-31 15:48:25 -------- d-----w- C:\Users\Gary\AppData\Local\{D207572A-C0A8-40EC-9301-61EE5682178A}
2014-05-30 12:26:11 -------- d-----w- C:\Users\Gary\AppData\Local\{B0581FF5-1EE3-4555-87D4-A11D2B0A00FA}
2014-05-29 07:17:27 -------- d-----w- C:\Users\Gary\AppData\Local\{074B3994-306B-4D4D-9641-66E8FA494C51}
2014-05-29 06:17:24 -------- d-----w- C:\Users\Gary\AppData\Local\{367C7777-C0AF-4DE3-859A-B39FA56A7F6B}
2014-05-29 04:23:02 -------- d-----w- C:\Users\Gary\AppData\Local\{9B2DF7A3-BBA6-4221-B1B4-8341FC169E5A}
2014-05-28 12:18:02 -------- d-----w- C:\Users\Gary\AppData\Local\{A5F55F70-7607-4B52-913C-735AC2566308}
2014-05-27 12:09:00 -------- d-----w- C:\Users\Gary\AppData\Local\{23E3A895-7D7F-48E2-B5BB-30F956AE7B30}
2014-05-27 03:41:17 -------- d-----w- C:\Users\Gary\AppData\Local\{CD75230C-AFF9-40E1-BC33-7CBCC0E36E73}
2014-05-26 05:12:37 -------- d-----w- C:\Users\Gary\AppData\Local\{6D78FE34-D1B4-498C-BEA4-19AD2CEDB2A0}
2014-05-25 13:24:29 -------- d-----w- C:\Users\Gary\AppData\Local\{98550756-D95B-4BCC-9AF1-9EA8F4CBA4AE}
2014-05-25 09:06:59 -------- d-----w- C:\Users\Gary\AppData\Local\{34A18646-F973-42ED-A8F4-9BF69F05FCF6}
2014-05-25 05:01:18 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-05-25 05:01:11 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-25 05:01:11 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-24 18:04:08 -------- d-----w- C:\Users\Gary\AppData\Local\{FCF082AE-3732-4952-BBA3-84E5E83F7579}
2014-05-24 04:13:13 -------- d-----w- C:\Users\Gary\AppData\Local\{71B86DFC-D5AE-44AC-B010-1864582FB671}
2014-05-23 10:50:22 -------- d-----w- C:\Users\Gary\AppData\Local\{049C2274-7E82-42E0-973D-3959C773919E}
2014-05-23 05:56:16 -------- d-----w- C:\Users\Gary\AppData\Local\{C1570DFD-2D92-4C83-AE6C-B4B70B2C58BB}
2014-05-23 04:28:17 -------- d-----w- C:\Users\Gary\AppData\Local\{10A95D32-6C20-48CF-9F79-88D4F78AB231}
2014-05-22 05:25:54 -------- d-----w- C:\Users\Gary\AppData\Local\{72844028-B799-4082-9907-1401562E5539}
2014-05-21 18:46:37 -------- d-----w- C:\Users\Gary\AppData\Local\{0F5A07AC-C38D-4AE0-910B-A11B80F1D215}
2014-05-21 17:12:42 -------- d-----w- C:\Users\Gary\AppData\Local\{46A3764B-52F2-47D8-B574-996792592352}
2014-05-21 04:12:26 -------- d-----w- C:\Users\Gary\AppData\Local\{0B7FBC8A-A8BE-42FD-8407-2EF4BE632B19}
2014-05-20 17:51:29 -------- d-----w- C:\Users\Gary\AppData\Local\{0890AA21-BDA8-4E98-B8FE-9B927C6F57FE}
2014-05-20 06:17:26 -------- d-----w- C:\Users\Gary\DxReport
2014-05-20 06:17:04 -------- d-----w- C:\Users\Gary\AppData\Roaming\LaunchPad
2014-05-20 03:50:43 -------- d-----w- C:\Users\Gary\AppData\Local\{EC22DF13-2BC7-4F7B-9F50-D71D240C2240}
2014-05-19 15:49:14 -------- d-----w- C:\Users\Gary\AppData\Local\{DD47BED2-98B6-4B5B-9EAE-B247941700B7}
2014-05-19 07:34:23 -------- d-----w- C:\Users\Gary\AppData\Local\{0C98D4E6-78E9-423E-BE5A-83AA7B1AA653}
2014-05-19 04:02:03 -------- d-----w- C:\Users\Gary\AppData\Local\{DEA779ED-C32A-4CFF-9356-1EE5D0B703A2}
2014-05-18 06:25:25 -------- d-----w- C:\Users\Gary\AppData\Local\{1EDBE397-C540-4E0F-9463-98CBE24CC5B0}
2014-05-17 18:00:12 -------- d-----w- C:\Users\Gary\AppData\Local\{1A6EC1CB-38D8-4010-B91E-D6E957B943BE}
2014-05-17 04:13:14 -------- d-----w- C:\Users\Gary\AppData\Local\{5A50512E-FBC2-4DE2-A746-B3054C2AD11F}
2014-05-16 10:43:33 -------- d-----w- C:\Users\Gary\AppData\Local\{1A610624-90D5-4586-9257-D4DC0C89994C}
2014-05-15 15:23:37 -------- d-----w- C:\Users\Gary\AppData\Local\{59AB612E-0EDC-402B-B655-6ABBFCB5D8F3}
2014-05-14 17:33:45 -------- d-----w- C:\Users\Gary\AppData\Local\{7EA1D2B8-1A02-44B5-A46B-A676F32FC461}
2014-05-14 08:49:12 -------- d-----w- C:\Users\Gary\AppData\Local\{9EFEC236-68FB-4999-9B44-9A985E7432A8}
2014-05-13 15:45:12 -------- d-----w- C:\Users\Gary\AppData\Local\{DCCA5CC7-E782-4A02-BF31-D6D1512EC88B}
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-28 08:15:28 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-04-14 12:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 01:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 3:14:16.09 ===============
The DDS file took about 20 minutes to boot up. I had to save to documents. The GMER file wouldnt complete. Both quick & in just C: gets stuck on a file last part says ....(series of hexadecimal)policy. I can see this is one nasty peice of malwear/virus.
Thanks for reading & your help.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Gary at 3:13:50 on 2014-06-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4095.1442 [GMT 8:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Serviio\bin\ServiioConsole.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
uRun: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe"
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2D58A2CB-708B-42F5-A9EE-8A9A586BF610} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{3648C94C-571B-4217-A170-5BA36FE383F1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{6C180ABB-3D48-404F-AA22-1C6906757A72} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DFD11378-F819-422B-9F85-14A2836ADBEA} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DFD11378-F819-422B-9F85-14A2836ADBEA} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\c9uwjb6s.default\
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f076f72600000000000000ff73394a4b&q=
FF - user.js: extensions.BabylonToolbar.id - f076f72600000000000000ff73394a4b
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15751
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.102:02:53
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-12 178728]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-18 50464]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-2 41704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-20 240640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-3 476016]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-3 387440]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-12 860472]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-21 359936]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-4-28 1801240]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-22 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-22 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-12 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-12 63704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S1 PCC_DSCP;Personal Communicator DSCP Driver;C:\Windows\System32\drivers\PCC_DSCP_x64.sys [2013-2-21 21152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2013-4-10 38080]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-4-10 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2013-4-10 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2013-4-10 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2013-4-10 158024]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-11 18:56:25 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8548374A-426D-4A4E-B31B-6E58627DA4FD}\offreg.dll
2014-06-11 18:29:59 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-06-11 17:58:51 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-11 17:58:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-11 17:58:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-11 17:58:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-11 17:58:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-11 04:49:20 -------- d-----w- C:\Users\Gary\AppData\Local\{84028A73-2533-40CF-822A-A94B366E4921}
2014-06-11 04:38:25 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 04:38:25 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 04:38:23 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 04:38:23 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 04:38:17 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 04:38:17 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 04:38:17 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 04:38:17 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 04:38:17 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 04:38:13 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-06-11 04:33:29 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8548374A-426D-4A4E-B31B-6E58627DA4FD}\mpengine.dll
2014-06-11 04:33:11 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 04:33:11 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 09:53:39 -------- d-----w- C:\Users\Gary\AppData\Local\{50882644-DADC-437C-A2F2-2F9D72876A73}
2014-06-09 16:05:27 -------- d-----w- C:\Users\Gary\AppData\Local\{C51EBFE4-9CE5-4555-8170-0733C7CA4480}
2014-06-09 09:22:37 -------- d-----w- C:\Users\Gary\AppData\Local\{D92FE288-9192-4F6E-9DEB-8FC29B1B496D}
2014-06-09 05:02:17 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-06-09 04:18:00 -------- d-----w- C:\Users\Gary\AppData\Local\{6558444A-72C0-4F70-9691-F7AB64BBCA66}
2014-06-09 04:17:14 -------- d-----w- C:\Users\Gary\AppData\Local\{37D36EFA-7E7D-412B-B102-BC48799364F6}
2014-06-08 18:38:13 -------- d-----w- C:\Users\Gary\AppData\Local\{2F70F57F-64DA-4D35-B9F8-3FD7E8FCF399}
2014-06-08 04:27:12 -------- d-----w- C:\Users\Gary\AppData\Local\{39583977-AA69-4D5B-B45C-ECC95CED16E4}
2014-06-07 08:51:15 -------- d-----w- C:\Users\Gary\AppData\Local\{BA109B7F-E68F-4D75-82DC-0050EBD02EA2}
2014-06-06 04:28:46 -------- d-----w- C:\Users\Gary\AppData\Local\{8EF858CB-B3A2-4DB4-AC0D-EB274FA2C057}
2014-06-05 04:01:30 -------- d-----w- C:\Users\Gary\AppData\Local\{2525D8E4-D865-48A5-9357-BCE7DC4DFFC8}
2014-06-04 05:09:56 -------- d-----w- C:\Users\Gary\AppData\Local\{6CB10517-93CB-4E72-9CC5-A4DD25DFCB24}
2014-06-03 03:17:30 -------- d-----w- C:\Users\Gary\AppData\Local\{DE27B77F-C806-4FA9-AC9B-425FE18A4632}
2014-06-02 08:00:14 -------- d-----w- C:\Users\Gary\AppData\Local\{0ACE77B9-6666-4D52-B147-86BF010A54F6}
2014-06-01 16:05:00 -------- d-----w- C:\Users\Gary\AppData\Local\{F9929A86-38E3-4E49-A4F0-D1D131F202A0}
2014-06-01 04:04:27 -------- d-----w- C:\Users\Gary\AppData\Local\{40B6C2E7-C3C8-4972-B0CE-49DB2772890D}
2014-05-31 18:38:56 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2014-05-31 15:48:25 -------- d-----w- C:\Users\Gary\AppData\Local\{D207572A-C0A8-40EC-9301-61EE5682178A}
2014-05-30 12:26:11 -------- d-----w- C:\Users\Gary\AppData\Local\{B0581FF5-1EE3-4555-87D4-A11D2B0A00FA}
2014-05-29 07:17:27 -------- d-----w- C:\Users\Gary\AppData\Local\{074B3994-306B-4D4D-9641-66E8FA494C51}
2014-05-29 06:17:24 -------- d-----w- C:\Users\Gary\AppData\Local\{367C7777-C0AF-4DE3-859A-B39FA56A7F6B}
2014-05-29 04:23:02 -------- d-----w- C:\Users\Gary\AppData\Local\{9B2DF7A3-BBA6-4221-B1B4-8341FC169E5A}
2014-05-28 12:18:02 -------- d-----w- C:\Users\Gary\AppData\Local\{A5F55F70-7607-4B52-913C-735AC2566308}
2014-05-27 12:09:00 -------- d-----w- C:\Users\Gary\AppData\Local\{23E3A895-7D7F-48E2-B5BB-30F956AE7B30}
2014-05-27 03:41:17 -------- d-----w- C:\Users\Gary\AppData\Local\{CD75230C-AFF9-40E1-BC33-7CBCC0E36E73}
2014-05-26 05:12:37 -------- d-----w- C:\Users\Gary\AppData\Local\{6D78FE34-D1B4-498C-BEA4-19AD2CEDB2A0}
2014-05-25 13:24:29 -------- d-----w- C:\Users\Gary\AppData\Local\{98550756-D95B-4BCC-9AF1-9EA8F4CBA4AE}
2014-05-25 09:06:59 -------- d-----w- C:\Users\Gary\AppData\Local\{34A18646-F973-42ED-A8F4-9BF69F05FCF6}
2014-05-25 05:01:18 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-05-25 05:01:11 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-25 05:01:11 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-24 18:04:08 -------- d-----w- C:\Users\Gary\AppData\Local\{FCF082AE-3732-4952-BBA3-84E5E83F7579}
2014-05-24 04:13:13 -------- d-----w- C:\Users\Gary\AppData\Local\{71B86DFC-D5AE-44AC-B010-1864582FB671}
2014-05-23 10:50:22 -------- d-----w- C:\Users\Gary\AppData\Local\{049C2274-7E82-42E0-973D-3959C773919E}
2014-05-23 05:56:16 -------- d-----w- C:\Users\Gary\AppData\Local\{C1570DFD-2D92-4C83-AE6C-B4B70B2C58BB}
2014-05-23 04:28:17 -------- d-----w- C:\Users\Gary\AppData\Local\{10A95D32-6C20-48CF-9F79-88D4F78AB231}
2014-05-22 05:25:54 -------- d-----w- C:\Users\Gary\AppData\Local\{72844028-B799-4082-9907-1401562E5539}
2014-05-21 18:46:37 -------- d-----w- C:\Users\Gary\AppData\Local\{0F5A07AC-C38D-4AE0-910B-A11B80F1D215}
2014-05-21 17:12:42 -------- d-----w- C:\Users\Gary\AppData\Local\{46A3764B-52F2-47D8-B574-996792592352}
2014-05-21 04:12:26 -------- d-----w- C:\Users\Gary\AppData\Local\{0B7FBC8A-A8BE-42FD-8407-2EF4BE632B19}
2014-05-20 17:51:29 -------- d-----w- C:\Users\Gary\AppData\Local\{0890AA21-BDA8-4E98-B8FE-9B927C6F57FE}
2014-05-20 06:17:26 -------- d-----w- C:\Users\Gary\DxReport
2014-05-20 06:17:04 -------- d-----w- C:\Users\Gary\AppData\Roaming\LaunchPad
2014-05-20 03:50:43 -------- d-----w- C:\Users\Gary\AppData\Local\{EC22DF13-2BC7-4F7B-9F50-D71D240C2240}
2014-05-19 15:49:14 -------- d-----w- C:\Users\Gary\AppData\Local\{DD47BED2-98B6-4B5B-9EAE-B247941700B7}
2014-05-19 07:34:23 -------- d-----w- C:\Users\Gary\AppData\Local\{0C98D4E6-78E9-423E-BE5A-83AA7B1AA653}
2014-05-19 04:02:03 -------- d-----w- C:\Users\Gary\AppData\Local\{DEA779ED-C32A-4CFF-9356-1EE5D0B703A2}
2014-05-18 06:25:25 -------- d-----w- C:\Users\Gary\AppData\Local\{1EDBE397-C540-4E0F-9463-98CBE24CC5B0}
2014-05-17 18:00:12 -------- d-----w- C:\Users\Gary\AppData\Local\{1A6EC1CB-38D8-4010-B91E-D6E957B943BE}
2014-05-17 04:13:14 -------- d-----w- C:\Users\Gary\AppData\Local\{5A50512E-FBC2-4DE2-A746-B3054C2AD11F}
2014-05-16 10:43:33 -------- d-----w- C:\Users\Gary\AppData\Local\{1A610624-90D5-4586-9257-D4DC0C89994C}
2014-05-15 15:23:37 -------- d-----w- C:\Users\Gary\AppData\Local\{59AB612E-0EDC-402B-B655-6ABBFCB5D8F3}
2014-05-14 17:33:45 -------- d-----w- C:\Users\Gary\AppData\Local\{7EA1D2B8-1A02-44B5-A46B-A676F32FC461}
2014-05-14 08:49:12 -------- d-----w- C:\Users\Gary\AppData\Local\{9EFEC236-68FB-4999-9B44-9A985E7432A8}
2014-05-13 15:45:12 -------- d-----w- C:\Users\Gary\AppData\Local\{DCCA5CC7-E782-4A02-BF31-D6D1512EC88B}
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-28 08:15:28 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-04-14 12:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 01:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 3:14:16.09 ===============