Hi there,
A few weeks back I seemed to acquire some weird adware programs which caused desktop and google chrome popups. The programs were called things like "easyshopper" or "search pro" or something similar. One seemed to install a collection of others.
I thought I rooted out the issues with a powerful uninstall from Iobit uninstaller, but recently I've had some issues with my browser, (and more noticably Steam [the games platform] creates endless ads and popups when i load onto it's store page. The adware also likes changing my google chrome homepage/search engines etc.
I've already tries many adware removers, including Malwarebytes and HitmanPro. My current anti-virus is Avast home edition. I am running Win7 home edition too.
I've done the initial steps, I do have access to my windows CD + key, and I've done the dds scripts. See below.
Thanks in advance.
-Toby
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 11.73.2
Run by Toby at 22:47:49 on 2016-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8141.5179 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [Discord] C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
uRun: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8,8.8.8.4
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8B117D54-1A13-48CF-ABB0-B044415C4C74} : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\5nbq0otx.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-12-30 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-12-30 287016]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-12-30 567216]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-12-30 24496]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2015-12-30 21616]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-2-18 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-12-30 1070904]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-12-30 463744]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-12-30 37656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-12-30 107792]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-12-30 165344]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-2-18 237096]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2016-1-9 2828016]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-30 1156216]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2015-12-30 171688]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-2-17 193656]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-30 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-30 6477432]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-16 426040]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-11-4 221440]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2015-6-11 37408]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\Windows\System32\drivers\LGJoyXlCore.sys [2015-6-11 68384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2015-6-11 26912]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-30 19576]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-30 8185464]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-12-30 50472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2015-12-30 7168]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-2-16 2945312]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2016-2-12 227896]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2016-2-12 5971000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2016-3-8 2104840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-2-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-2-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-2-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-12-30 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-03-25 22:42:39 3599032 ----a-w- C:\ProgramData\cis2D66.exe
2016-03-25 22:41:04 3599032 ----a-w- C:\ProgramData\cisB940.exe
2016-03-25 22:25:32 -------- d-----w- C:\ProgramData\HitmanPro
2016-03-25 22:13:00 -------- d-----w- C:\ProgramData\Malwarebytes
2016-03-25 11:09:47 -------- d-----w- C:\Users\Toby\AppData\Local\Steam
2016-03-25 11:03:33 -------- d-----w- C:\Program Files (x86)\Steam
2016-03-25 10:51:11 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1CE5D6B-A8AA-43AE-9B69-30D201F28374}\mpengine.dll
2016-03-15 14:43:45 -------- d-----w- C:\Users\Toby\AppData\Local\Logitech
2016-03-15 14:43:15 -------- d-----w- C:\Program Files\Logitech Gaming Software
2016-03-15 14:42:40 -------- d-----w- C:\Users\Toby\AppData\Roaming\Logishrd
2016-03-15 11:38:51 -------- d-----w- C:\ProgramData\4365978
2016-03-10 10:52:17 -------- d-----w- C:\Users\Toby\AppData\Local\DAI
2016-03-08 18:24:49 -------- d-----w- C:\Users\Toby\AppData\Local\DAIToolsSuite_Loader
2016-03-08 18:22:38 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2016-03-08 16:39:46 -------- d-----w- C:\Program Files (x86)\Origin Games
2016-03-08 16:37:19 -------- d-----w- C:\Users\Toby\AppData\Roaming\Origin
2016-03-08 16:37:16 -------- d-----w- C:\Users\Toby\AppData\Local\Origin
2016-03-08 16:36:37 -------- d-----w- C:\ProgramData\Origin
2016-03-08 16:36:37 -------- d-----w- C:\ProgramData\Electronic Arts
2016-03-08 16:36:06 -------- d-----w- C:\Program Files (x86)\Origin
2016-03-03 10:31:46 -------- d-----w- C:\Users\Toby\AppData\Local\SUPERHOT_Sp_z_o.o
2016-03-02 13:56:55 -------- d-----w- C:\Users\Toby\AppData\Local\gtk-2.0
2016-03-02 13:56:55 -------- d-----w- C:\Users\Toby\.thumbnails
2016-03-02 13:51:49 -------- d-----w- C:\Users\Toby\AppData\Local\gegl-0.2
2016-03-02 13:51:49 -------- d-----w- C:\Users\Toby\.gimp-2.8
2016-03-02 13:51:09 -------- d-----w- C:\Program Files\GIMP 2
2016-03-02 13:30:07 -------- d-----w- C:\Users\Toby\AppData\Local\fontconfig
2016-03-02 13:29:26 -------- d-----w- C:\Users\Toby\AppData\Roaming\inkscape
2016-03-02 13:28:49 -------- d-----w- C:\Program Files\Inkscape
2016-03-02 13:13:44 -------- d-----w- C:\Windows\SysWow64\spool
.
==================== Find3M ====================
.
2016-03-09 19:05:35 107792 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2016-03-09 19:05:35 1070904 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2016-02-21 11:07:27 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-19 19:02:43 38336 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\Windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\Windows\System32\appraiser.dll
2016-02-18 09:46:35 287016 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2016-02-18 09:46:09 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-02-18 09:46:09 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-02-18 09:46:09 165344 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2016-02-18 09:46:09 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2016-02-18 09:46:07 52184 ----a-w- C:\Windows\avastSS.scr
2016-02-18 09:46:05 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-02-18 09:46:04 478128 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll
2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-02-12 18:18:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-02-12 18:05:17 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-02-11 18:56:28 5572032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-02-11 18:56:26 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-02-11 18:56:26 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-02-11 18:52:52 1733592 ----a-w- C:\Windows\System32\ntdll.dll
2016-02-11 18:49:42 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-02-11 18:49:42 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-02-11 18:49:42 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-02-11 18:49:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2016-02-11 18:49:19 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-02-11 18:49:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-02-11 18:49:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-02-11 18:49:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-02-11 18:48:58 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-02-11 18:48:58 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-02-11 18:48:16 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-02-11 18:48:14 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-02-11 18:48:12 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-02-11 18:47:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-02-11 18:45:59 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-02-11 18:45:56 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2016-02-11 18:45:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-02-11 18:45:35 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-02-11 18:44:45 3994560 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44:45 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44:42 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
2016-02-11 18:44:34 730112 ----a-w- C:\Windows\System32\kerberos.dll
2016-02-11 18:44:34 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2016-02-11 18:42:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2016-02-11 18:42:24 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2016-02-11 18:42:24 22016 ----a-w- C:\Windows\System32\credssp.dll
2016-02-11 18:38:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-02-11 18:38:24 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-02-11 18:38:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-02-11 18:38:23 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-02-11 18:38:07 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-02-11 18:38:00 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-02-11 18:37:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-02-11 18:37:11 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-02-11 18:37:09 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-02-11 18:35:14 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-02-11 18:35:09 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-02-11 18:35:06 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-02-11 18:34:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-02-11 18:33:30 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-02-11 18:31:25 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-02-11 17:48:11 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-02-11 17:43:48 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-02-11 17:41:42 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-02-11 17:40:09 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-02-11 17:34:45 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-02-11 17:34:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-02-11 17:33:54 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-02-11 17:32:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-02-11 17:32:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-02-11 17:32:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-02-11 17:32:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-02-11 17:32:25 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-02-11 17:32:18 112640 ----a-w- C:\Windows\System32\smss.exe
2016-02-11 17:31:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-02-11 17:30:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 17:30:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 17:30:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 17:30:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 14:07:46 689152 ----a-w- C:\Windows\System32\generaltel.dll
2016-02-09 09:57:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2016-02-09 09:55:34 30720 ----a-w- C:\Windows\System32\seclogon.dll
2016-02-09 09:54:38 9728 ----a-w- C:\Windows\System32\spwmp.dll
2016-02-09 09:51:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2016-02-09 05:41:27 6368824 ----a-w- C:\Windows\System32\nvcpl.dll
2016-02-09 05:41:27 2993720 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-02-09 05:41:25 81856 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2016-02-09 05:41:25 69568 ----a-w- C:\Windows\System32\nvshext.dll
.
============= FINISH: 22:48:03.68 ===============
A few weeks back I seemed to acquire some weird adware programs which caused desktop and google chrome popups. The programs were called things like "easyshopper" or "search pro" or something similar. One seemed to install a collection of others.
I thought I rooted out the issues with a powerful uninstall from Iobit uninstaller, but recently I've had some issues with my browser, (and more noticably Steam [the games platform] creates endless ads and popups when i load onto it's store page. The adware also likes changing my google chrome homepage/search engines etc.
I've already tries many adware removers, including Malwarebytes and HitmanPro. My current anti-virus is Avast home edition. I am running Win7 home edition too.
I've done the initial steps, I do have access to my windows CD + key, and I've done the dds scripts. See below.
Thanks in advance.
-Toby
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 11.73.2
Run by Toby at 22:47:49 on 2016-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8141.5179 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [Discord] C:\Users\Toby\AppData\Local\Discord\app-0.0.286\Discord.exe
uRun: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8,8.8.8.4
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8B117D54-1A13-48CF-ABB0-B044415C4C74} : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\5nbq0otx.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-12-30 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-12-30 287016]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-12-30 567216]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-12-30 24496]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2015-12-30 21616]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-2-18 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-12-30 1070904]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-12-30 463744]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-12-30 37656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-12-30 107792]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-12-30 165344]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-2-18 237096]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2016-1-9 2828016]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-30 1156216]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2015-12-30 171688]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-21 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-2-17 193656]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-30 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-30 6477432]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-2-16 426040]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-11-4 221440]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2015-6-11 37408]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\Windows\System32\drivers\LGJoyXlCore.sys [2015-6-11 68384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2015-6-11 26912]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-30 19576]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-30 8185464]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-12-30 50472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2015-12-30 7168]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-2-16 2945312]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2016-2-12 227896]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2016-2-12 5971000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2016-3-8 2104840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-2-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-2-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-2-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-12-30 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-03-25 22:42:39 3599032 ----a-w- C:\ProgramData\cis2D66.exe
2016-03-25 22:41:04 3599032 ----a-w- C:\ProgramData\cisB940.exe
2016-03-25 22:25:32 -------- d-----w- C:\ProgramData\HitmanPro
2016-03-25 22:13:00 -------- d-----w- C:\ProgramData\Malwarebytes
2016-03-25 11:09:47 -------- d-----w- C:\Users\Toby\AppData\Local\Steam
2016-03-25 11:03:33 -------- d-----w- C:\Program Files (x86)\Steam
2016-03-25 10:51:11 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1CE5D6B-A8AA-43AE-9B69-30D201F28374}\mpengine.dll
2016-03-15 14:43:45 -------- d-----w- C:\Users\Toby\AppData\Local\Logitech
2016-03-15 14:43:15 -------- d-----w- C:\Program Files\Logitech Gaming Software
2016-03-15 14:42:40 -------- d-----w- C:\Users\Toby\AppData\Roaming\Logishrd
2016-03-15 11:38:51 -------- d-----w- C:\ProgramData\4365978
2016-03-10 10:52:17 -------- d-----w- C:\Users\Toby\AppData\Local\DAI
2016-03-08 18:24:49 -------- d-----w- C:\Users\Toby\AppData\Local\DAIToolsSuite_Loader
2016-03-08 18:22:38 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2016-03-08 16:39:46 -------- d-----w- C:\Program Files (x86)\Origin Games
2016-03-08 16:37:19 -------- d-----w- C:\Users\Toby\AppData\Roaming\Origin
2016-03-08 16:37:16 -------- d-----w- C:\Users\Toby\AppData\Local\Origin
2016-03-08 16:36:37 -------- d-----w- C:\ProgramData\Origin
2016-03-08 16:36:37 -------- d-----w- C:\ProgramData\Electronic Arts
2016-03-08 16:36:06 -------- d-----w- C:\Program Files (x86)\Origin
2016-03-03 10:31:46 -------- d-----w- C:\Users\Toby\AppData\Local\SUPERHOT_Sp_z_o.o
2016-03-02 13:56:55 -------- d-----w- C:\Users\Toby\AppData\Local\gtk-2.0
2016-03-02 13:56:55 -------- d-----w- C:\Users\Toby\.thumbnails
2016-03-02 13:51:49 -------- d-----w- C:\Users\Toby\AppData\Local\gegl-0.2
2016-03-02 13:51:49 -------- d-----w- C:\Users\Toby\.gimp-2.8
2016-03-02 13:51:09 -------- d-----w- C:\Program Files\GIMP 2
2016-03-02 13:30:07 -------- d-----w- C:\Users\Toby\AppData\Local\fontconfig
2016-03-02 13:29:26 -------- d-----w- C:\Users\Toby\AppData\Roaming\inkscape
2016-03-02 13:28:49 -------- d-----w- C:\Program Files\Inkscape
2016-03-02 13:13:44 -------- d-----w- C:\Windows\SysWow64\spool
.
==================== Find3M ====================
.
2016-03-09 19:05:35 107792 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2016-03-09 19:05:35 1070904 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2016-02-21 11:07:27 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-19 19:02:43 38336 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\Windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\Windows\System32\appraiser.dll
2016-02-18 09:46:35 287016 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2016-02-18 09:46:09 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-02-18 09:46:09 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-02-18 09:46:09 165344 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2016-02-18 09:46:09 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2016-02-18 09:46:07 52184 ----a-w- C:\Windows\avastSS.scr
2016-02-18 09:46:05 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-02-18 09:46:04 478128 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll
2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-02-12 18:18:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-02-12 18:05:17 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-02-11 18:56:28 5572032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-02-11 18:56:26 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-02-11 18:56:26 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-02-11 18:52:52 1733592 ----a-w- C:\Windows\System32\ntdll.dll
2016-02-11 18:49:42 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-02-11 18:49:42 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-02-11 18:49:42 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-02-11 18:49:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2016-02-11 18:49:19 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-02-11 18:49:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-02-11 18:49:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-02-11 18:49:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-02-11 18:48:58 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-02-11 18:48:58 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-02-11 18:48:16 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-02-11 18:48:14 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-02-11 18:48:12 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-02-11 18:47:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-02-11 18:45:59 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-02-11 18:45:56 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2016-02-11 18:45:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-02-11 18:45:35 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-02-11 18:44:45 3994560 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44:45 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44:42 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
2016-02-11 18:44:34 730112 ----a-w- C:\Windows\System32\kerberos.dll
2016-02-11 18:44:34 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2016-02-11 18:42:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2016-02-11 18:42:24 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2016-02-11 18:42:24 22016 ----a-w- C:\Windows\System32\credssp.dll
2016-02-11 18:38:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-02-11 18:38:24 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-02-11 18:38:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-02-11 18:38:23 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-02-11 18:38:07 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-02-11 18:38:00 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-02-11 18:37:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-02-11 18:37:11 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-02-11 18:37:09 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-02-11 18:35:14 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-02-11 18:35:09 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-02-11 18:35:06 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-02-11 18:34:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-02-11 18:33:30 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-02-11 18:31:25 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-02-11 17:48:11 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-02-11 17:43:48 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-02-11 17:41:42 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-02-11 17:40:09 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-02-11 17:34:45 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-02-11 17:34:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-02-11 17:33:54 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-02-11 17:32:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-02-11 17:32:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-02-11 17:32:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-02-11 17:32:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-02-11 17:32:25 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-02-11 17:32:18 112640 ----a-w- C:\Windows\System32\smss.exe
2016-02-11 17:31:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-02-11 17:30:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 17:30:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 17:30:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 17:30:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 14:07:46 689152 ----a-w- C:\Windows\System32\generaltel.dll
2016-02-09 09:57:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2016-02-09 09:55:34 30720 ----a-w- C:\Windows\System32\seclogon.dll
2016-02-09 09:54:38 9728 ----a-w- C:\Windows\System32\spwmp.dll
2016-02-09 09:51:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2016-02-09 05:41:27 6368824 ----a-w- C:\Windows\System32\nvcpl.dll
2016-02-09 05:41:27 2993720 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-02-09 05:41:25 81856 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2016-02-09 05:41:25 69568 ----a-w- C:\Windows\System32\nvshext.dll
.
============= FINISH: 22:48:03.68 ===============