I have some **** in my system i cant get rid of, I think it started a few days ago when MS security essentials warn me about that the system could be unsafe. So i updated and run a full scan but didnt find anything. Later mshta showed up in the UAC and i didnt recognize it so i didnt allowed it. But now i just keeps popping up as soon as i press not allowed. The only way to be able to run the pc is if i click the "link" in the same UAC box "settings how to show these messages", then after two presses the desktop shows and let me do other things while the UAC keeps blinking in the bottom menubar. After a while Adobe Flashruntime also ask permission in the UAC but there i can click not allowed and it will be gone for a minute or something.
I have a couple of mshta.exe running in the processes but i cant kill them, wont let me. I was able to kill them in the spy bot search and destroys tool for running processes, but the popup still coming.
I have updated MS security essentials, super antispyware and malwarebytes antimalware and run all of them both after normal start and in safe mode with not been able to fix this. My ideas are out except for reinstalling the system. This is my last try :)
Heres the DDS text, and i attached the other two. I also have the win 7 install dvd. Thanks.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.65.2
Run by Lucas at 22:12:59 on 2014-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4094.2198 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
D:\Spel\Dead Island helper\Dead Island Helper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Protect\conhost.exe
D:\Program\Zoner Photo Studio 16\Program32\ZPSTray.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
D:\Program\Rainmeter\Rainmeter.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program\ZEngine\Zboard.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
D:\Program\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [mshta] "C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe"
mRun: [GrooveMonitor] "D:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Zboard] D:\Program\ZEngine\Zboard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [CloneCDTray] "d:\Program\CloneCD\CloneCDTray.exe" /s
mRun: [iTunesHelper] "D:\Program\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [LWS] D:\Program\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [KeePass 2 PreLoad] "d:\Program\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\mshta.lnk - C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
StartupFolder: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mshta.lnk.disabled
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - D:\Program\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - D:\Program\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5978A809-D483-4248-8112-19983FC71768} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-1-27 70768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-17 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-17 21055432]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-12 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-12 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-12 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-5 413128]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-28 5024576]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-5 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-5 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;D:\Program\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-15 520416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-16 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-16 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-08-12 20:08:16 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D514DC48-30B6-42D7-B9D3-B6C712C4780D}\offreg.dll
2014-08-12 15:21:39 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-08-12 15:21:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-12 15:21:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-11 17:57:26 -------- d-----w- C:\FRST
2014-08-11 17:40:38 -------- d-----w- C:\Windows\ERUNT
2014-08-11 17:37:06 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-11 17:36:37 -------- d-----w- C:\AdwCleaner
2014-08-11 17:16:01 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D514DC48-30B6-42D7-B9D3-B6C712C4780D}\mpengine.dll
2014-08-11 07:31:23 -------- d-----w- C:\Windows\pss
2014-08-11 07:14:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-11 07:13:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-11 07:13:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-11 07:13:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 15:50:07 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-03 18:52:36 173568 ----a-w- C:\Users\Lucas\AppData\Roaming\Microsoft\Protect\conhost.exe
2014-08-03 13:57:52 2180096 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2014-08-03 11:50:43 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6089BE83-F0FC-4A83-A546-FC42C5255334}\gapaengine.dll
2014-07-18 17:03:27 -------- d-sh--w- C:\Users\Lucas\AppData\Local\EmieUserList
2014-07-18 17:03:27 -------- d-sh--w- C:\Users\Lucas\AppData\Local\EmieSiteList
2014-07-16 16:04:41 -------- d-----w- C:\Users\Lucas\AppData\Local\Adobe
.
==================== Find3M ====================
.
2014-07-13 12:20:27 121003 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2014-07-11 01:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-01 16:26:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-01 16:26:21 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-01 16:26:20 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-20 01:25:38 2560968 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-05-19 23:10:44 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-16 13:57:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-16 13:57:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-16 13:57:52 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-16 13:57:51 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-16 13:57:51 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-16 13:57:51 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-16 13:56:36 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-16 13:56:36 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-16 13:56:36 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-16 13:55:39 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-16 13:55:39 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 22:13:14,17 ===============
I have a couple of mshta.exe running in the processes but i cant kill them, wont let me. I was able to kill them in the spy bot search and destroys tool for running processes, but the popup still coming.
I have updated MS security essentials, super antispyware and malwarebytes antimalware and run all of them both after normal start and in safe mode with not been able to fix this. My ideas are out except for reinstalling the system. This is my last try :)
Heres the DDS text, and i attached the other two. I also have the win 7 install dvd. Thanks.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.65.2
Run by Lucas at 22:12:59 on 2014-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4094.2198 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
D:\Spel\Dead Island helper\Dead Island Helper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Protect\conhost.exe
D:\Program\Zoner Photo Studio 16\Program32\ZPSTray.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
D:\Program\Rainmeter\Rainmeter.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program\ZEngine\Zboard.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
D:\Program\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [mshta] "C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe"
mRun: [GrooveMonitor] "D:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Zboard] D:\Program\ZEngine\Zboard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [CloneCDTray] "d:\Program\CloneCD\CloneCDTray.exe" /s
mRun: [iTunesHelper] "D:\Program\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [LWS] D:\Program\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [KeePass 2 PreLoad] "d:\Program\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\mshta.lnk - C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\IEUpdate\mshta.exe
StartupFolder: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mshta.lnk.disabled
StartupFolder: C:\Users\Lucas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - D:\Program\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - D:\Program\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5978A809-D483-4248-8112-19983FC71768} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-1-27 70768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-17 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-17 21055432]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-12 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-12 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-12 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-5 413128]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-28 5024576]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-5 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-5 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;D:\Program\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-15 520416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-16 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-16 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-08-12 20:08:16 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D514DC48-30B6-42D7-B9D3-B6C712C4780D}\offreg.dll
2014-08-12 15:21:39 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-08-12 15:21:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-08-12 15:21:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-11 17:57:26 -------- d-----w- C:\FRST
2014-08-11 17:40:38 -------- d-----w- C:\Windows\ERUNT
2014-08-11 17:37:06 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-11 17:36:37 -------- d-----w- C:\AdwCleaner
2014-08-11 17:16:01 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D514DC48-30B6-42D7-B9D3-B6C712C4780D}\mpengine.dll
2014-08-11 07:31:23 -------- d-----w- C:\Windows\pss
2014-08-11 07:14:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-11 07:13:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-11 07:13:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-11 07:13:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 15:50:07 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-03 18:52:36 173568 ----a-w- C:\Users\Lucas\AppData\Roaming\Microsoft\Protect\conhost.exe
2014-08-03 13:57:52 2180096 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2014-08-03 11:50:43 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6089BE83-F0FC-4A83-A546-FC42C5255334}\gapaengine.dll
2014-07-18 17:03:27 -------- d-sh--w- C:\Users\Lucas\AppData\Local\EmieUserList
2014-07-18 17:03:27 -------- d-sh--w- C:\Users\Lucas\AppData\Local\EmieSiteList
2014-07-16 16:04:41 -------- d-----w- C:\Users\Lucas\AppData\Local\Adobe
.
==================== Find3M ====================
.
2014-07-13 12:20:27 121003 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2014-07-11 01:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-01 16:26:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-01 16:26:21 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-01 16:26:20 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-20 01:25:38 2560968 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-05-19 23:10:44 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-16 13:57:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-16 13:57:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-16 13:57:52 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-16 13:57:51 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-16 13:57:51 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-16 13:57:51 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-16 13:56:36 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-16 13:56:36 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-16 13:56:36 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-05-16 13:55:39 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-16 13:55:39 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 22:13:14,17 ===============