This episode started with a pop-up that claimed my copy of Windows is invalid. It came installed on the machine and has been updated regularly for two years. (ACER NETBOOK D260 Win 7 64)
I ran Malwarbytes (free) found some "non-malware", and on the restart after the welcome screen it stopped on solid blue screen for 1-2 minutes, then went on to the desktop.
Neither Firefox, Chrome nor Thunderbird can access any site because "the proxy server is refusing connections" .
Also the "Ctrl Prnt Screen" function does not work.
The machine runs, to play games, but is slower than it should be.
dds and GMER were downloaded on different machine, carried over on amemory stick and the logs carried back.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.60.2
Run by Diana at 16:59:04 on 2015-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1035 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uProxyServer = hxxp=127.0.0.1:49418;https=127.0.0.1:49418
uProxyOverride = <-loopback>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\Users\Diana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-10-21 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-9 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-25 50344]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-6 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-18 2151744]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 969016]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-6 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-6 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-6 171416]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-02-08 15:58:37 -------- d-----w- C:\Windows\SysWow64\Adobe
2015-02-07 01:58:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7392F0BC-DC9A-4A50-9F77-2A9B2EC7C02E}\mpengine.dll
2015-01-21 22:58:43 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2015-01-21 18:12:05 -------- d-----w- C:\Users\Diana\Dropbox (Old)
2015-01-21 15:46:07 -------- d-----w- C:\Users\Diana\AppData\Local\Help
2015-01-21 13:18:34 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-21 00:15:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-20 23:00:55 -------- d-----w- C:\ProgramData\TweakBit
2015-01-20 23:00:29 -------- d-----w- C:\Program Files (x86)\TweakBit
2015-01-20 17:39:18 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-20 17:39:15 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-20 17:34:55 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-20 17:34:49 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-20 00:46:18 -------- d-----w- C:\Users\Diana\AppData\Local\LogMeIn Rescue Applet
2015-01-19 21:55:27 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-19 21:55:16 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-01-19 21:55:06 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-19 21:55:06 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-19 21:55:05 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-19 21:54:59 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-01-19 21:54:58 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-01-19 21:54:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-01-19 21:54:58 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-01-19 21:54:58 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-01-19 21:54:57 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-01-19 21:54:57 420864 ----a-w- C:\Windows\System32\wksprt.exe
2015-01-19 21:54:56 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-01-19 21:54:56 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-01-19 21:54:52 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-01-19 21:54:51 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-01-19 21:51:27 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-19 21:51:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-19 21:51:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-19 21:51:10 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-01-19 21:01:33 -------- d-----w- C:\Users\Diana\AppData\Local\HP
2015-01-14 04:41:12 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 04:40:56 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 04:40:55 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 04:40:53 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 04:40:43 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 04:39:57 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 04:39:48 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 04:39:42 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 04:39:37 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 04:39:36 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 04:39:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 04:39:28 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-10 03:32:46 0 ----a-w- C:\Windows\SysWow64\FAP916A.tmp
.
==================== Find3M ====================
.
Attachment 218177
Attachment 218185
I ran Malwarbytes (free) found some "non-malware", and on the restart after the welcome screen it stopped on solid blue screen for 1-2 minutes, then went on to the desktop.
Neither Firefox, Chrome nor Thunderbird can access any site because "the proxy server is refusing connections" .
Also the "Ctrl Prnt Screen" function does not work.
The machine runs, to play games, but is slower than it should be.
dds and GMER were downloaded on different machine, carried over on amemory stick and the logs carried back.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.60.2
Run by Diana at 16:59:04 on 2015-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1035 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uProxyServer = hxxp=127.0.0.1:49418;https=127.0.0.1:49418
uProxyOverride = <-loopback>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\Users\Diana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-10-21 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-9 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-25 50344]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-6 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-18 2151744]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 969016]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-6 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-6 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-6 171416]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-02-08 15:58:37 -------- d-----w- C:\Windows\SysWow64\Adobe
2015-02-07 01:58:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7392F0BC-DC9A-4A50-9F77-2A9B2EC7C02E}\mpengine.dll
2015-01-21 22:58:43 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2015-01-21 18:12:05 -------- d-----w- C:\Users\Diana\Dropbox (Old)
2015-01-21 15:46:07 -------- d-----w- C:\Users\Diana\AppData\Local\Help
2015-01-21 13:18:34 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-21 00:15:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-20 23:00:55 -------- d-----w- C:\ProgramData\TweakBit
2015-01-20 23:00:29 -------- d-----w- C:\Program Files (x86)\TweakBit
2015-01-20 17:39:18 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-20 17:39:15 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-20 17:34:55 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-20 17:34:49 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-20 00:46:18 -------- d-----w- C:\Users\Diana\AppData\Local\LogMeIn Rescue Applet
2015-01-19 21:55:27 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-19 21:55:16 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-01-19 21:55:06 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-19 21:55:06 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-19 21:55:05 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-19 21:54:59 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-01-19 21:54:58 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-01-19 21:54:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-01-19 21:54:58 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-01-19 21:54:58 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-01-19 21:54:57 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-01-19 21:54:57 420864 ----a-w- C:\Windows\System32\wksprt.exe
2015-01-19 21:54:56 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-01-19 21:54:56 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-01-19 21:54:52 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-01-19 21:54:51 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-01-19 21:51:27 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-19 21:51:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-19 21:51:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-19 21:51:10 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-01-19 21:01:33 -------- d-----w- C:\Users\Diana\AppData\Local\HP
2015-01-14 04:41:12 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 04:40:56 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 04:40:55 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 04:40:53 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 04:40:43 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 04:39:57 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 04:39:48 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 04:39:42 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 04:39:37 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 04:39:36 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 04:39:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 04:39:28 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-10 03:32:46 0 ----a-w- C:\Windows\SysWow64\FAP916A.tmp
.
==================== Find3M ====================
.
Attachment 218177
Attachment 218185