Hello
My computer is stuck on the "Shutting Down" screen. I had some adware and viruses that I had removed prior to reading about this group. I do not have the names of the removed viruses or adware and I do not have easy access to a windows install disc or boot disc.
Here is my 2 dds logs...thanks for any help
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18205
Run by Jen at 16:17:34 on 2016-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.5996 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\AVG\Av\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
C:\windows\system32\schtasks.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
C:\windows\system32\taskhost.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\taskeng.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
mWinlogon: Userinit = userinit.exe,
BHO: HP File Sanitizer: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CF7D46E1-3CF2-49E2-9C56-8096C197A162} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Jen\AppData\Local\Citrix\Plugins\104\npappdetector.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2016-1-26 272304]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2016-3-7 246560]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2015-12-4 42416]
R0 avguniva;AVG Universal Driver;C:\windows\System32\drivers\avguniva.sys [2016-3-8 71456]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-20 630632]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-20 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 PinFile;PinFile;C:\windows\System32\drivers\PinFile.sys [2013-8-22 49856]
R0 SDDisk2K;SDDisk2K;C:\windows\System32\drivers\SDDisk2K.sys [2013-8-22 228544]
R0 SDDToki;SDDToki;C:\windows\System32\drivers\SDDToki.sys [2013-8-22 131264]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2016-2-16 162592]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2016-3-8 306976]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2015-10-8 302000]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-3-24 90608]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-4-6 3993088]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-3-23 1074448]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-4-6 593880]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-23 2828016]
R2 CreoService;HP Trust Circles Service;C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [2013-10-2 1390552]
R2 CtAgentService;Absolute Software Agent Service;C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [2013-8-14 7168]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2014-3-24 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2014-3-24 298760]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HpDamServiceHost;HP Device Access Manager Usage Service;C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [2013-11-15 18232]
R2 HPFSService;HP File Sanitizer;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-9-17 1758936]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2014-3-24 1143432]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-12-9 1248256]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-3-24 246488]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-1-22 5261584]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-3-3 1215560]
R3 IceKore;IceKore;C:\windows\System32\drivers\IceKore.sys [2013-9-30 401368]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-3-24 881880]
R3 RtlWlanu;AC1200 Dual Band USB Adapter;C:\windows\System32\drivers\RTWlanU.sys [2016-4-4 2341448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-8-29 92160]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-24 131544]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-24 169432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-4-6 638456]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2013-10-7 65752]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2013-11-20 567608]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [2015-3-12 610888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-2-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-1-22 1255736]
S4 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2016-4-4 36864]
S4 vToolbarUpdater40.2.6;vToolbarUpdater40.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [2016-2-22 1949768]
S4 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [2016-4-4 167936]
.
=============== Created Last 30 ================
.
2016-04-15 18:10:44 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1408.dll
2016-04-15 17:53:36 -------- d-----w- C:\ProgramData\Avg_Update_0216piz
2016-04-15 17:42:41 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.816.dll
2016-04-15 17:29:34 -------- d-----w- C:\Users\Jen\AppData\Local\ElevatedDiagnostics
2016-04-15 17:24:25 6871040 ----a-w- C:\Program Files (x86)\GUTCCE2.tmp
2016-04-15 17:24:25 -------- d-----w- C:\Program Files (x86)\GUMCCE1.tmp
2016-04-15 17:10:59 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1004.dll
2016-04-15 15:22:44 6871040 ----a-w- C:\Program Files (x86)\GUT3275.tmp
2016-04-15 15:22:44 -------- d-----w- C:\Program Files (x86)\GUM3274.tmp
2016-04-06 11:45:01 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.972.dll
2016-04-06 11:44:44 -------- d-----w- C:\AVG_Remover
2016-04-05 23:47:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.948.dll
2016-04-04 12:47:35 36864 ----a-w- C:\windows\runSW.exe
2016-04-04 12:47:34 430080 ----a-w- C:\windows\SwUSB.exe
2016-04-04 12:47:34 2341448 ----a-w- C:\windows\System32\drivers\RTWlanU.sys
2016-04-04 12:47:34 -------- d-----w- C:\Program Files\TRENDnet
2016-04-04 11:59:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.992.dll
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Deployment
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Apps
2016-03-18 17:12:24 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05280EBA-D7C7-40DA-8E55-D71B773CDEC2}\gapaengine.dll
2016-03-18 17:12:09 11249080 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\mpengine.dll
.
==================== Find3M ====================
.
2016-04-15 18:08:51 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2016-03-10 18:09:06 64896 ----a-w- C:\windows\System32\drivers\mwac.sys
2016-03-10 18:08:58 140672 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2016-03-10 18:08:54 27008 ----a-w- C:\windows\System32\drivers\mbam.sys
2016-03-08 21:12:26 71456 ----a-w- C:\windows\System32\drivers\avguniva.sys
2016-03-08 21:12:06 306976 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2016-03-07 18:39:02 246560 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2016-02-19 19:02:43 38336 ----a-w- C:\windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\windows\System32\appraiser.dll
2016-02-16 20:07:34 162592 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2016-02-16 20:05:56 360736 ----a-w- C:\windows\System32\drivers\avgloga.sys
2016-02-11 14:07:46 689152 ----a-w- C:\windows\System32\generaltel.dll
2016-02-06 10:32:57 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-02-06 10:10:21 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-02-06 09:54:50 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37:23 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-02-05 14:07:51 696832 ----a-w- C:\windows\System32\invagent.dll
2016-02-05 14:07:51 499200 ----a-w- C:\windows\System32\devinv.dll
2016-02-05 14:07:50 76800 ----a-w- C:\windows\System32\acmigration.dll
2016-01-26 16:04:26 272304 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2016-01-22 06:56:05 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-01-22 06:41:35 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-01-22 06:40:50 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-01-22 06:40:43 417792 ----a-w- C:\windows\System32\html.iec
2016-01-22 06:40:13 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-01-22 06:40:12 571904 ----a-w- C:\windows\System32\vbscript.dll
2016-01-22 06:29:43 6052352 ----a-w- C:\windows\System32\jscript9.dll
2016-01-22 06:27:40 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-01-22 06:27:24 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-01-22 06:27:10 5573056 ----a-w- C:\windows\System32\ntoskrnl.exe
2016-01-22 06:27:08 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-01-22 06:27:08 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-01-22 06:24:12 1733592 ----a-w- C:\windows\System32\ntdll.dll
2016-01-22 06:20:53 362496 ----a-w- C:\windows\System32\wow64win.dll
2016-01-22 06:20:53 243712 ----a-w- C:\windows\System32\wow64.dll
2016-01-22 06:20:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2016-01-22 06:20:36 215040 ----a-w- C:\windows\System32\winsrv.dll
2016-01-22 06:20:33 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-01-22 06:20:31 210432 ----a-w- C:\windows\System32\wdigest.dll
2016-01-22 06:20:20 86528 ----a-w- C:\windows\System32\TSpkg.dll
2016-01-22 06:20:10 28672 ----a-w- C:\windows\System32\sspisrv.dll
2016-01-22 06:20:10 135680 ----a-w- C:\windows\System32\sspicli.dll
2016-01-22 06:20:08 503808 ----a-w- C:\windows\System32\srcore.dll
2016-01-22 06:20:08 50176 ----a-w- C:\windows\System32\srclient.dll
2016-01-22 06:19:06 28160 ----a-w- C:\windows\System32\secur32.dll
2016-01-22 06:19:04 344064 ----a-w- C:\windows\System32\schannel.dll
2016-01-22 06:19:02 1214464 ----a-w- C:\windows\System32\rpcrt4.dll
2016-01-22 06:18:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
2016-01-22 06:18:49 723968 ----a-w- C:\windows\System32\EncDec.dll
2016-01-22 06:18:32 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2016-01-22 06:17:03 312320 ----a-w- C:\windows\System32\ncrypt.dll
2016-01-22 06:17:01 159744 ----a-w- C:\windows\System32\mtxoci.dll
2016-01-22 06:17:00 315392 ----a-w- C:\windows\System32\msv1_0.dll
2016-01-22 06:16:55 60416 ----a-w- C:\windows\System32\msobjs.dll
2016-01-22 06:16:39 146432 ----a-w- C:\windows\System32\msaudite.dll
2016-01-22 06:16:00 1461248 ----a-w- C:\windows\System32\lsasrv.dll
2016-01-22 06:15:31 730112 ----a-w- C:\windows\System32\kerberos.dll
2016-01-22 06:15:31 422400 ----a-w- C:\windows\System32\KernelBase.dll
2016-01-22 06:15:01 1866752 ----a-w- C:\windows\System32\ExplorerFrame.dll
2016-01-22 06:13:15 3993536 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13:15 3938752 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13:06 43520 ----a-w- C:\windows\System32\csrsrv.dll
2016-01-22 06:13:04 43520 ----a-w- C:\windows\System32\cryptbase.dll
2016-01-22 06:13:03 22016 ----a-w- C:\windows\System32\credssp.dll
2016-01-22 06:09:40 1314328 ----a-w- C:\windows\SysWow64\ntdll.dll
2016-01-22 06:09:06 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-01-22 06:06:50 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-01-22 06:06:50 665088 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-01-22 06:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2016-01-22 06:06:50 275456 ----a-w- C:\windows\SysWow64\KernelBase.dll
2016-01-22 06:06:30 171520 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-01-22 06:06:19 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-01-22 06:06:11 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2016-01-22 06:05:27 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-01-22 06:05:20 251392 ----a-w- C:\windows\SysWow64\schannel.dll
2016-01-22 06:04:36 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04:36 535040 ----a-w- C:\windows\SysWow64\EncDec.dll
2016-01-22 06:02:58 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-01-22 06:02:56 114176 ----a-w- C:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02:55 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-01-22 06:02:52 176128 ----a-w- C:\windows\SysWow64\msorcl32.dll
2016-01-22 06:02:49 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-01-22 06:02:26 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-01-22 06:02:01 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-01-22 06:02:01 496640 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-01-22 06:02:00 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-01-22 06:01:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-01-22 06:01:17 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-01-22 06:00:45 1498624 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 06:00:26 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-01-22 05:51:37 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-01-22 05:46:10 2123264 ----a-w- C:\windows\System32\inetcpl.cpl
2016-01-22 05:46:00 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-01-22 05:39:38 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-01-22 05:35:15 4611072 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-01-22 05:31:43 2597376 ----a-w- C:\windows\System32\wininet.dll
2016-01-22 05:24:59 2050560 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-01-22 05:24:40 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-01-22 05:19:39 3231232 ----a-w- C:\windows\explorer.exe
.
============= FINISH: 16:24:23.02 ===============
My computer is stuck on the "Shutting Down" screen. I had some adware and viruses that I had removed prior to reading about this group. I do not have the names of the removed viruses or adware and I do not have easy access to a windows install disc or boot disc.
Here is my 2 dds logs...thanks for any help
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18205
Run by Jen at 16:17:34 on 2016-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.5996 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\AVG\Av\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
C:\windows\system32\schtasks.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
C:\windows\system32\taskhost.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\taskeng.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
mWinlogon: Userinit = userinit.exe,
BHO: HP File Sanitizer: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CF7D46E1-3CF2-49E2-9C56-8096C197A162} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Jen\AppData\Local\Citrix\Plugins\104\npappdetector.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2016-1-26 272304]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2016-3-7 246560]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2015-12-4 42416]
R0 avguniva;AVG Universal Driver;C:\windows\System32\drivers\avguniva.sys [2016-3-8 71456]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-20 630632]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-20 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 PinFile;PinFile;C:\windows\System32\drivers\PinFile.sys [2013-8-22 49856]
R0 SDDisk2K;SDDisk2K;C:\windows\System32\drivers\SDDisk2K.sys [2013-8-22 228544]
R0 SDDToki;SDDToki;C:\windows\System32\drivers\SDDToki.sys [2013-8-22 131264]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2016-2-16 162592]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2016-3-8 306976]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2015-10-8 302000]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-3-24 90608]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-4-6 3993088]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-3-23 1074448]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-4-6 593880]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-23 2828016]
R2 CreoService;HP Trust Circles Service;C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [2013-10-2 1390552]
R2 CtAgentService;Absolute Software Agent Service;C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [2013-8-14 7168]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2014-3-24 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2014-3-24 298760]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HpDamServiceHost;HP Device Access Manager Usage Service;C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [2013-11-15 18232]
R2 HPFSService;HP File Sanitizer;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-9-17 1758936]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2014-3-24 1143432]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-12-9 1248256]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-3-24 246488]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-1-22 5261584]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-3-3 1215560]
R3 IceKore;IceKore;C:\windows\System32\drivers\IceKore.sys [2013-9-30 401368]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-3-24 881880]
R3 RtlWlanu;AC1200 Dual Band USB Adapter;C:\windows\System32\drivers\RTWlanU.sys [2016-4-4 2341448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-8-29 92160]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-24 131544]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-24 169432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-4-6 638456]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2013-10-7 65752]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2013-11-20 567608]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [2015-3-12 610888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-2-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-1-22 1255736]
S4 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2016-4-4 36864]
S4 vToolbarUpdater40.2.6;vToolbarUpdater40.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [2016-2-22 1949768]
S4 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [2016-4-4 167936]
.
=============== Created Last 30 ================
.
2016-04-15 18:10:44 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1408.dll
2016-04-15 17:53:36 -------- d-----w- C:\ProgramData\Avg_Update_0216piz
2016-04-15 17:42:41 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.816.dll
2016-04-15 17:29:34 -------- d-----w- C:\Users\Jen\AppData\Local\ElevatedDiagnostics
2016-04-15 17:24:25 6871040 ----a-w- C:\Program Files (x86)\GUTCCE2.tmp
2016-04-15 17:24:25 -------- d-----w- C:\Program Files (x86)\GUMCCE1.tmp
2016-04-15 17:10:59 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1004.dll
2016-04-15 15:22:44 6871040 ----a-w- C:\Program Files (x86)\GUT3275.tmp
2016-04-15 15:22:44 -------- d-----w- C:\Program Files (x86)\GUM3274.tmp
2016-04-06 11:45:01 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.972.dll
2016-04-06 11:44:44 -------- d-----w- C:\AVG_Remover
2016-04-05 23:47:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.948.dll
2016-04-04 12:47:35 36864 ----a-w- C:\windows\runSW.exe
2016-04-04 12:47:34 430080 ----a-w- C:\windows\SwUSB.exe
2016-04-04 12:47:34 2341448 ----a-w- C:\windows\System32\drivers\RTWlanU.sys
2016-04-04 12:47:34 -------- d-----w- C:\Program Files\TRENDnet
2016-04-04 11:59:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.992.dll
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Deployment
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Apps
2016-03-18 17:12:24 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05280EBA-D7C7-40DA-8E55-D71B773CDEC2}\gapaengine.dll
2016-03-18 17:12:09 11249080 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\mpengine.dll
.
==================== Find3M ====================
.
2016-04-15 18:08:51 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2016-03-10 18:09:06 64896 ----a-w- C:\windows\System32\drivers\mwac.sys
2016-03-10 18:08:58 140672 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2016-03-10 18:08:54 27008 ----a-w- C:\windows\System32\drivers\mbam.sys
2016-03-08 21:12:26 71456 ----a-w- C:\windows\System32\drivers\avguniva.sys
2016-03-08 21:12:06 306976 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2016-03-07 18:39:02 246560 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2016-02-19 19:02:43 38336 ----a-w- C:\windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\windows\System32\appraiser.dll
2016-02-16 20:07:34 162592 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2016-02-16 20:05:56 360736 ----a-w- C:\windows\System32\drivers\avgloga.sys
2016-02-11 14:07:46 689152 ----a-w- C:\windows\System32\generaltel.dll
2016-02-06 10:32:57 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-02-06 10:10:21 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-02-06 09:54:50 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37:23 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-02-05 14:07:51 696832 ----a-w- C:\windows\System32\invagent.dll
2016-02-05 14:07:51 499200 ----a-w- C:\windows\System32\devinv.dll
2016-02-05 14:07:50 76800 ----a-w- C:\windows\System32\acmigration.dll
2016-01-26 16:04:26 272304 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2016-01-22 06:56:05 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-01-22 06:41:35 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-01-22 06:40:50 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-01-22 06:40:43 417792 ----a-w- C:\windows\System32\html.iec
2016-01-22 06:40:13 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-01-22 06:40:12 571904 ----a-w- C:\windows\System32\vbscript.dll
2016-01-22 06:29:43 6052352 ----a-w- C:\windows\System32\jscript9.dll
2016-01-22 06:27:40 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-01-22 06:27:24 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-01-22 06:27:10 5573056 ----a-w- C:\windows\System32\ntoskrnl.exe
2016-01-22 06:27:08 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-01-22 06:27:08 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-01-22 06:24:12 1733592 ----a-w- C:\windows\System32\ntdll.dll
2016-01-22 06:20:53 362496 ----a-w- C:\windows\System32\wow64win.dll
2016-01-22 06:20:53 243712 ----a-w- C:\windows\System32\wow64.dll
2016-01-22 06:20:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2016-01-22 06:20:36 215040 ----a-w- C:\windows\System32\winsrv.dll
2016-01-22 06:20:33 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-01-22 06:20:31 210432 ----a-w- C:\windows\System32\wdigest.dll
2016-01-22 06:20:20 86528 ----a-w- C:\windows\System32\TSpkg.dll
2016-01-22 06:20:10 28672 ----a-w- C:\windows\System32\sspisrv.dll
2016-01-22 06:20:10 135680 ----a-w- C:\windows\System32\sspicli.dll
2016-01-22 06:20:08 503808 ----a-w- C:\windows\System32\srcore.dll
2016-01-22 06:20:08 50176 ----a-w- C:\windows\System32\srclient.dll
2016-01-22 06:19:06 28160 ----a-w- C:\windows\System32\secur32.dll
2016-01-22 06:19:04 344064 ----a-w- C:\windows\System32\schannel.dll
2016-01-22 06:19:02 1214464 ----a-w- C:\windows\System32\rpcrt4.dll
2016-01-22 06:18:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
2016-01-22 06:18:49 723968 ----a-w- C:\windows\System32\EncDec.dll
2016-01-22 06:18:32 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2016-01-22 06:17:03 312320 ----a-w- C:\windows\System32\ncrypt.dll
2016-01-22 06:17:01 159744 ----a-w- C:\windows\System32\mtxoci.dll
2016-01-22 06:17:00 315392 ----a-w- C:\windows\System32\msv1_0.dll
2016-01-22 06:16:55 60416 ----a-w- C:\windows\System32\msobjs.dll
2016-01-22 06:16:39 146432 ----a-w- C:\windows\System32\msaudite.dll
2016-01-22 06:16:00 1461248 ----a-w- C:\windows\System32\lsasrv.dll
2016-01-22 06:15:31 730112 ----a-w- C:\windows\System32\kerberos.dll
2016-01-22 06:15:31 422400 ----a-w- C:\windows\System32\KernelBase.dll
2016-01-22 06:15:01 1866752 ----a-w- C:\windows\System32\ExplorerFrame.dll
2016-01-22 06:13:15 3993536 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13:15 3938752 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13:06 43520 ----a-w- C:\windows\System32\csrsrv.dll
2016-01-22 06:13:04 43520 ----a-w- C:\windows\System32\cryptbase.dll
2016-01-22 06:13:03 22016 ----a-w- C:\windows\System32\credssp.dll
2016-01-22 06:09:40 1314328 ----a-w- C:\windows\SysWow64\ntdll.dll
2016-01-22 06:09:06 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-01-22 06:06:50 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-01-22 06:06:50 665088 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-01-22 06:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2016-01-22 06:06:50 275456 ----a-w- C:\windows\SysWow64\KernelBase.dll
2016-01-22 06:06:30 171520 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-01-22 06:06:19 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-01-22 06:06:11 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2016-01-22 06:05:27 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-01-22 06:05:20 251392 ----a-w- C:\windows\SysWow64\schannel.dll
2016-01-22 06:04:36 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04:36 535040 ----a-w- C:\windows\SysWow64\EncDec.dll
2016-01-22 06:02:58 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-01-22 06:02:56 114176 ----a-w- C:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02:55 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-01-22 06:02:52 176128 ----a-w- C:\windows\SysWow64\msorcl32.dll
2016-01-22 06:02:49 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-01-22 06:02:26 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-01-22 06:02:01 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-01-22 06:02:01 496640 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-01-22 06:02:00 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-01-22 06:01:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-01-22 06:01:17 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-01-22 06:00:45 1498624 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 06:00:26 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-01-22 05:51:37 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-01-22 05:46:10 2123264 ----a-w- C:\windows\System32\inetcpl.cpl
2016-01-22 05:46:00 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-01-22 05:39:38 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-01-22 05:35:15 4611072 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-01-22 05:31:43 2597376 ----a-w- C:\windows\System32\wininet.dll
2016-01-22 05:24:59 2050560 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-01-22 05:24:40 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-01-22 05:19:39 3231232 ----a-w- C:\windows\explorer.exe
.
============= FINISH: 16:24:23.02 ===============