Previously started here:
http://www.techsupportforum.com/foru...t-1115953.html
Hi,
I have a Windows 7 computer that is used by others in my house. Over the past few months, the computer has become almost unbearably slow. However, I've noticed that while the computer starts to lag/hang/become slow, an svchost process starts to reach 90+ CPU in task manager. I ran a scan with MBAM but it didn't find any malware.
Here's the DDS result:
------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 10.60.2
Run by Administrator at 12:29:21 on 2016-04-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1993.475 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\ADMINI~1\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nse25A6.tmp\ns3CAF.tmp
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nse25A6.tmp\MBR.DAT
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "c:\users\administrator\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1B34870T05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.113/codebase/DVM_IPCam2.ocx
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{31791B24-0D86-41C0-8896-996142E76561} : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\2456967656251626269647 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\25F6765627370333332323 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\26C65756F62716E6765637 : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-11-13 253704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-2-14 242240]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-3-2 635416]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-14 5097232]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-3-2 2066968]
R2 Update service;Update service;c:\program files\popcorn time\Updater.exe [2015-12-19 339968]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-6-19 604672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-1-29 292816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-3-8 102912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-11 52224]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-3-27 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-11 1343400]
S4 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
.
=============== Created Last 30 ================
.
2016-04-29 16:28:57 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{706df82a-a1ce-4984-8e7a-4622ad664e1d}\offreg.860.dll
2016-04-24 01:03:12 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ebb8ff08-9562-4ab9-8a04-fb6703bca7ec}\gapaengine.dll
2016-04-24 00:44:58 9302992 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{706df82a-a1ce-4984-8e7a-4622ad664e1d}\mpengine.dll
2016-04-22 01:04:42 9302992 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2016-04-21 03:24:26 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-21 03:23:12 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-21 03:23:12 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-21 03:23:12 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-21 03:23:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-15 19:59:23 -------- d-----w- c:\users\administrator\appdata\roaming\Kodi
.
==================== Find3M ====================
.
2016-02-19 18:50:25 34240 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-19 18:41:49 958464 ----a-w- c:\windows\system32\aeinv.dll
2016-02-19 14:07:31 1206784 ----a-w- c:\windows\system32\appraiser.dll
2016-02-12 18:39:55 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:39:55 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:26:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:05:17 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:05:07 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-11 18:44:45 3994560 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-02-11 18:44:45 3938240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-11 18:44:43 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-11 18:44:43 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-02-11 18:41:11 1310232 ----a-w- c:\windows\system32\ntdll.dll
2016-02-11 18:38:07 171520 ----a-w- c:\windows\system32\wdigest.dll
2016-02-11 18:38:00 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-02-11 18:37:54 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-02-11 18:37:53 43008 ----a-w- c:\windows\system32\srclient.dll
2016-02-11 18:37:53 400896 ----a-w- c:\windows\system32\srcore.dll
2016-02-11 18:37:11 22016 ----a-w- c:\windows\system32\secur32.dll
2016-02-11 18:37:09 251392 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:37:06 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2016-02-11 18:35:14 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-02-11 18:35:09 259584 ----a-w- c:\windows\system32\msv1_0.dll
2016-02-11 18:35:06 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-02-11 18:34:26 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-02-11 18:33:37 1060864 ----a-w- c:\windows\system32\lsasrv.dll
2016-02-11 18:33:30 553472 ----a-w- c:\windows\system32\kerberos.dll
2016-02-11 18:31:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-02-11 18:31:25 17408 ----a-w- c:\windows\system32\credssp.dll
2016-02-11 18:30:36 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-02-11 18:30:33 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-02-11 18:30:33 642560 ----a-w- c:\windows\system32\advapi32.dll
2016-02-11 17:43:48 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-02-11 17:37:31 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-02-11 17:32:32 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-02-11 17:32:27 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-02-11 17:32:23 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-02-11 17:31:01 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-02-11 17:30:59 22016 ----a-w- c:\windows\system32\lsass.exe
2016-02-11 17:30:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-02-11 17:30:54 69632 ----a-w- c:\windows\system32\smss.exe
2016-02-11 14:07:26 552960 ----a-w- c:\windows\system32\generaltel.dll
2016-02-09 09:51:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:50:10 21504 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- c:\windows\system32\spwmp.dll
2016-02-08 20:51:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-08 20:51:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-02-08 20:39:06 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-02-08 20:39:06 496640 ----a-w- c:\windows\system32\vbscript.dll
2016-02-08 20:38:29 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-02-08 20:38:20 341504 ----a-w- c:\windows\system32\html.iec
2016-02-08 20:37:31 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-02-08 20:28:58 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-02-08 20:28:52 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-08 20:28:32 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-02-08 20:23:49 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-02-08 20:16:21 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-08 20:10:37 4611072 ----a-w- c:\windows\system32\jscript9.dll
2016-02-08 20:01:48 2050560 ----a-w- c:\windows\system32\inetcpl.cpl
2016-02-08 20:01:43 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-02-08 19:43:04 2121216 ----a-w- c:\windows\system32\wininet.dll
2016-02-05 18:44:42 26112 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:44:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:42:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 17:43:59 299520 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 14:07:43 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-02-05 14:07:43 591872 ----a-w- c:\windows\system32\invagent.dll
2016-02-05 14:07:43 424960 ----a-w- c:\windows\system32\devinv.dll
2016-02-05 04:13:44 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-02-05 04:13:44 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-02-04 18:41:25 296448 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 17:46:43 2387456 ----a-w- c:\windows\system32\win32k.sys
2016-02-03 18:49:27 90624 ----a-w- c:\windows\system32\olepro32.dll
2016-02-03 18:49:27 572416 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:43:12 67584 ----a-w- c:\windows\system32\asycfilt.dll
.
http://www.techsupportforum.com/foru...t-1115953.html
Hi,
I have a Windows 7 computer that is used by others in my house. Over the past few months, the computer has become almost unbearably slow. However, I've noticed that while the computer starts to lag/hang/become slow, an svchost process starts to reach 90+ CPU in task manager. I ran a scan with MBAM but it didn't find any malware.
Here's the DDS result:
------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 10.60.2
Run by Administrator at 12:29:21 on 2016-04-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1993.475 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\ADMINI~1\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nse25A6.tmp\ns3CAF.tmp
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nse25A6.tmp\MBR.DAT
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "c:\users\administrator\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1B34870T05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.113/codebase/DVM_IPCam2.ocx
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{31791B24-0D86-41C0-8896-996142E76561} : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\2456967656251626269647 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\25F6765627370333332323 : DHCPNameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{AC0BD47A-32D3-46D7-B238-EE432A18A444}\26C65756F62716E6765637 : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-11-13 253704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-2-14 242240]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-3-2 635416]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-14 5097232]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-3-2 2066968]
R2 Update service;Update service;c:\program files\popcorn time\Updater.exe [2015-12-19 339968]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-5 266408]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-6-19 604672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-1-29 292816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-3-8 102912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-11 52224]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-3-27 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-11 1343400]
S4 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
.
=============== Created Last 30 ================
.
2016-04-29 16:28:57 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{706df82a-a1ce-4984-8e7a-4622ad664e1d}\offreg.860.dll
2016-04-24 01:03:12 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ebb8ff08-9562-4ab9-8a04-fb6703bca7ec}\gapaengine.dll
2016-04-24 00:44:58 9302992 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{706df82a-a1ce-4984-8e7a-4622ad664e1d}\mpengine.dll
2016-04-22 01:04:42 9302992 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2016-04-21 03:24:26 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-21 03:23:12 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-21 03:23:12 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-21 03:23:12 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-21 03:23:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-15 19:59:23 -------- d-----w- c:\users\administrator\appdata\roaming\Kodi
.
==================== Find3M ====================
.
2016-02-19 18:50:25 34240 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-19 18:41:49 958464 ----a-w- c:\windows\system32\aeinv.dll
2016-02-19 14:07:31 1206784 ----a-w- c:\windows\system32\appraiser.dll
2016-02-12 18:39:55 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:39:55 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:26:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:05:17 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:05:07 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-11 18:44:45 3994560 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-02-11 18:44:45 3938240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-11 18:44:43 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-02-11 18:44:43 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-02-11 18:41:11 1310232 ----a-w- c:\windows\system32\ntdll.dll
2016-02-11 18:38:07 171520 ----a-w- c:\windows\system32\wdigest.dll
2016-02-11 18:38:00 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-02-11 18:37:54 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-02-11 18:37:53 43008 ----a-w- c:\windows\system32\srclient.dll
2016-02-11 18:37:53 400896 ----a-w- c:\windows\system32\srcore.dll
2016-02-11 18:37:11 22016 ----a-w- c:\windows\system32\secur32.dll
2016-02-11 18:37:09 251392 ----a-w- c:\windows\system32\schannel.dll
2016-02-11 18:37:06 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2016-02-11 18:35:14 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-02-11 18:35:09 259584 ----a-w- c:\windows\system32\msv1_0.dll
2016-02-11 18:35:06 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-02-11 18:34:26 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-02-11 18:33:37 1060864 ----a-w- c:\windows\system32\lsasrv.dll
2016-02-11 18:33:30 553472 ----a-w- c:\windows\system32\kerberos.dll
2016-02-11 18:31:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-02-11 18:31:25 17408 ----a-w- c:\windows\system32\credssp.dll
2016-02-11 18:30:36 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-02-11 18:30:33 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-02-11 18:30:33 642560 ----a-w- c:\windows\system32\advapi32.dll
2016-02-11 17:43:48 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-02-11 17:37:31 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-02-11 17:32:32 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-02-11 17:32:27 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-02-11 17:32:23 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-02-11 17:31:01 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-02-11 17:30:59 22016 ----a-w- c:\windows\system32\lsass.exe
2016-02-11 17:30:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-02-11 17:30:54 69632 ----a-w- c:\windows\system32\smss.exe
2016-02-11 14:07:26 552960 ----a-w- c:\windows\system32\generaltel.dll
2016-02-09 09:51:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:50:10 21504 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- c:\windows\system32\spwmp.dll
2016-02-08 20:51:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-08 20:51:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-02-08 20:39:06 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-02-08 20:39:06 496640 ----a-w- c:\windows\system32\vbscript.dll
2016-02-08 20:38:29 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-02-08 20:38:20 341504 ----a-w- c:\windows\system32\html.iec
2016-02-08 20:37:31 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-02-08 20:28:58 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-02-08 20:28:52 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-08 20:28:32 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-02-08 20:23:49 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-02-08 20:16:21 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-08 20:10:37 4611072 ----a-w- c:\windows\system32\jscript9.dll
2016-02-08 20:01:48 2050560 ----a-w- c:\windows\system32\inetcpl.cpl
2016-02-08 20:01:43 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-02-08 19:43:04 2121216 ----a-w- c:\windows\system32\wininet.dll
2016-02-05 18:44:42 26112 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:44:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:42:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 17:43:59 299520 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 14:07:43 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-02-05 14:07:43 591872 ----a-w- c:\windows\system32\invagent.dll
2016-02-05 14:07:43 424960 ----a-w- c:\windows\system32\devinv.dll
2016-02-05 04:13:44 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-02-05 04:13:44 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-02-04 18:41:25 296448 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 17:46:43 2387456 ----a-w- c:\windows\system32\win32k.sys
2016-02-03 18:49:27 90624 ----a-w- c:\windows\system32\olepro32.dll
2016-02-03 18:49:27 572416 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:43:12 67584 ----a-w- c:\windows\system32\asycfilt.dll
.