hello,
for a few days/weeks, my computer (Win 7 Pro SP1) has been booting up and shutting down very slowly. Sometimes I will get a black screen especially when switching from admin acccount to standard account. Firefox loads very slowly and generally does things very slowly on this computer - but others in my home are fine. Also I get some little noise sometimes like the noise you get when a device attaches or disconnects, except I'm not plugging in any devices.
By the way I have several routers which is something I did to try to protect my stuff a bit against a not very obedient tween who surfs a lot. So this computer is on a different router than anything my child accesses though all off same modem.
Kaspersky scan is clean, Kaspersky scans 4million plus files. I have one exclusion which is a program I installed maybe 5 years ago.
Today I installed and ran Malwarebytes and deleted the 118 PUP but no "threats" as per its instructions. By the way Malwarebytes scanned many fewer files than what is on here, or than Kaspersky lists, well under 1 million. Some of the Potentially Unwanted Programs it removed were Microsoft. I have a log and have attached that (hope that is ok, please accept apologies if not).
Now Scotty WinPatrol is flagging userinit.exe as a First Detected Today program, but the program is dated 2010 similar to most of what is in sys32 on this computer which is kind of old. I am being forced to accept userinit.ext as a Startup program in WinPatrol .
So I am here, thank you all very much.
dds output
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.19104
Run by saraAdminHPdktp at 4:21:31 on 2016-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8184.6161 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\AQNetClient\NMSAccess32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mStart Page = about:blank
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mWinlogon: Userinit = userinit.exe,
BHO: Kaspersky Protection: {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Kaspersky Protection Toolbar: {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AQIQUI~1.LNK - C:\AQi\bin\AQiQuickStarter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Cab-package - hxxp://uphsnet.uphs.upenn.edu/medview/prod/chartone/activex/mv_cert.cab
DPF: {6FE450DC-AD32-48D4-A366-01EE7E0B1374} - hxxp://uphsnet.uphs.upenn.edu/medview/prod/chartone/activex/capicom.cab
DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} - hxxp://cenweb.uphs.upenn.edu/ami/install/amiviewer.cab
DPF: {734F0ACB-CB01-4426-A8AB-A496C2583A40} - hxxp://uphsrad.uphs.upenn.edu/imagecast/integration/ICAPI/ImagecastInterface.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} - hxxp://cenweb.uphs.upenn.edu/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CDD83018-10D5-41E0-AA14-4E31DCC6B590} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Kaspersky Protection: {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Kaspersky Protection Toolbar: {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\saraAdminHPdktp\AppData\Roaming\Mozilla\Firefox\Profiles\djvz8oa4.default-1466537018061\
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-7-26 280144]
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\Windows\System32\drivers\cm_km.sys [2015-7-6 389816]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2015-12-1 79240]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2015-12-5 237480]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-4-29 50776]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2015-12-7 45960]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2015-6-11 65208]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2015-12-3 112520]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2015-12-3 194440]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 AVP16.0.1;Kaspersky Anti-Virus Service 16.0.1;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [2015-12-22 236928]
R2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-8-10 90136]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-9-20 654400]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-10-14 144560]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-31 1148560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2015-12-2 78200]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-31 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-31 19823248]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-12-15 410952]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2016-7-16 182152]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [2016-7-17 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2015-11-11 52608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-26 77824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-26 180224]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-31 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-31 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-26 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-26 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-8-11 1514464]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-8-11 1136608]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-10-8 68096]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2014-8-20 30072]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2011-4-19 45352]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [2015-12-22 152488]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-8-11 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-8-11 64896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-31 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-31 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-12-31 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]
.
=============== Created Last 30 ================
.
2016-08-12 02:57:53 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-08-12 02:56:59 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-08-12 02:56:59 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-08-12 02:56:50 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-08-12 02:56:50 -------- d-----w- C:\ProgramData\Malwarebytes
2016-08-12 02:56:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-05 20:00:21 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-05 18:46:03 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E30888E1-EC0D-417D-BE8B-4C4441DCF7CF}\mpengine.dll
2016-08-05 18:21:42 892936 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-08-05 18:21:42 51144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2016-08-05 18:21:42 191432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-07-28 17:55:59 -------- d-----w- C:\Users\saraAdminHPdktp\Tracing
2016-07-16 16:58:33 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-16 16:58:33 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-07-16 16:58:33 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-07-16 16:58:33 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-07-16 16:58:32 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-07-16 16:58:32 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-07-16 16:58:32 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-07-16 16:58:32 38912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2016-07-16 16:58:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-07-16 16:58:32 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-07-16 16:58:32 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-07-16 16:58:22 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-16 16:52:56 182152 ----a-w- C:\Windows\System32\drivers\klflt.sys
.
==================== Find3M ====================
.
2016-08-05 18:29:25 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-08-05 18:29:25 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-26 18:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-22 13:06:29 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 18:51:28 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-06-10 18:51:28 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-06-10 15:20:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-06-10 15:05:49 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-06-10 14:58:54 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-06-10 14:58:21 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-06-10 14:58:19 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-06-10 14:57:37 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-06-10 14:57:34 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-06-10 14:52:44 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-06-06 16:50:35 228864 ----a-w- C:\Windows\System32\wintrust.dll
2016-06-06 16:50:16 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2016-06-06 16:50:16 1483264 ----a-w- C:\Windows\System32\crypt32.dll
2016-06-06 16:50:16 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2016-06-06 15:23:20 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2016-06-06 15:23:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2016-06-06 15:23:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2016-06-06 15:23:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2016-05-24 08:18:06 237480 ----a-w- C:\Windows\System32\drivers\klhk.sys
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-16 23:22:36 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-05-16 23:19:32 706280 ----a-w- C:\Windows\System32\winload.efi
2016-05-16 23:19:31 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-16 23:18:39 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-05-16 23:18:39 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-05-16 23:17:39 1732888 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-16 23:16:18 1314136 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-05-16 21:23:50 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-16 21:23:46 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-16 21:23:46 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-16 21:19:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-05-16 21:19:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-16 21:14:55 112640 ----a-w- C:\Windows\System32\smss.exe
2016-05-16 21:10:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-05-16 21:10:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-05-16 21:10:27 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-05-16 21:10:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-05-16 21:09:32 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-05-16 21:09:32 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-16 21:09:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-16 21:09:32 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 4:22:10.83 ===============
for a few days/weeks, my computer (Win 7 Pro SP1) has been booting up and shutting down very slowly. Sometimes I will get a black screen especially when switching from admin acccount to standard account. Firefox loads very slowly and generally does things very slowly on this computer - but others in my home are fine. Also I get some little noise sometimes like the noise you get when a device attaches or disconnects, except I'm not plugging in any devices.
By the way I have several routers which is something I did to try to protect my stuff a bit against a not very obedient tween who surfs a lot. So this computer is on a different router than anything my child accesses though all off same modem.
Kaspersky scan is clean, Kaspersky scans 4million plus files. I have one exclusion which is a program I installed maybe 5 years ago.
Today I installed and ran Malwarebytes and deleted the 118 PUP but no "threats" as per its instructions. By the way Malwarebytes scanned many fewer files than what is on here, or than Kaspersky lists, well under 1 million. Some of the Potentially Unwanted Programs it removed were Microsoft. I have a log and have attached that (hope that is ok, please accept apologies if not).
Now Scotty WinPatrol is flagging userinit.exe as a First Detected Today program, but the program is dated 2010 similar to most of what is in sys32 on this computer which is kind of old. I am being forced to accept userinit.ext as a Startup program in WinPatrol .
So I am here, thank you all very much.
dds output
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.19104
Run by saraAdminHPdktp at 4:21:31 on 2016-08-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8184.6161 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\AQNetClient\NMSAccess32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe
C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\SmartHookTestApp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mStart Page = about:blank
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
mWinlogon: Userinit = userinit.exe,
BHO: Kaspersky Protection: {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: D-Link Toolbar: {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll
TB: Kaspersky Protection Toolbar: {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AQIQUI~1.LNK - C:\AQi\bin\AQiQuickStarter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALSM~1.LNK - C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\Dual Smart Solution.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Cab-package - hxxp://uphsnet.uphs.upenn.edu/medview/prod/chartone/activex/mv_cert.cab
DPF: {6FE450DC-AD32-48D4-A366-01EE7E0B1374} - hxxp://uphsnet.uphs.upenn.edu/medview/prod/chartone/activex/capicom.cab
DPF: {707DCF60-DBEB-4ACA-84C8-367041894585} - hxxp://cenweb.uphs.upenn.edu/ami/install/amiviewer.cab
DPF: {734F0ACB-CB01-4426-A8AB-A496C2583A40} - hxxp://uphsrad.uphs.upenn.edu/imagecast/integration/ICAPI/ImagecastInterface.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8B9D77B2-39C0-4674-AF42-BBD50FF71781} - hxxp://cenweb.uphs.upenn.edu/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CDD83018-10D5-41E0-AA14-4E31DCC6B590} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Kaspersky Protection: {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Kaspersky Protection Toolbar: {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\saraAdminHPdktp\AppData\Roaming\Mozilla\Firefox\Profiles\djvz8oa4.default-1466537018061\
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-7-26 280144]
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\Windows\System32\drivers\cm_km.sys [2015-7-6 389816]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2015-12-1 79240]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2015-12-5 237480]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2016-4-29 50776]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2015-12-7 45960]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2015-6-11 65208]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\Windows\System32\drivers\klwtp.sys [2015-12-3 112520]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2015-12-3 194440]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 AVP16.0.1;Kaspersky Anti-Virus Service 16.0.1;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [2015-12-22 236928]
R2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-8-10 90136]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2013-9-20 654400]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-10-14 144560]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-31 1148560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2015-12-2 78200]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-31 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-31 19823248]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-12-15 410952]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2016-7-16 182152]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [2016-7-17 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2015-11-11 52608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-26 77824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-26 180224]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-31 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-31 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-26 412776]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-26 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-8-11 1514464]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-8-11 1136608]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-5-23 324224]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-10-8 68096]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\System32\drivers\jnprva.sys [2014-8-20 30072]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\System32\drivers\jnprvamgr.sys [2011-4-19 45352]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [2015-12-22 152488]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-8-11 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-8-11 64896]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-31 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-31 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-12-31 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]
.
=============== Created Last 30 ================
.
2016-08-12 02:57:53 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-08-12 02:56:59 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-08-12 02:56:59 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-08-12 02:56:50 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-08-12 02:56:50 -------- d-----w- C:\ProgramData\Malwarebytes
2016-08-12 02:56:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-05 20:00:21 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-05 18:46:03 12007136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E30888E1-EC0D-417D-BE8B-4C4441DCF7CF}\mpengine.dll
2016-08-05 18:21:42 892936 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-08-05 18:21:42 51144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2016-08-05 18:21:42 191432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-07-28 17:55:59 -------- d-----w- C:\Users\saraAdminHPdktp\Tracing
2016-07-16 16:58:33 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-16 16:58:33 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-07-16 16:58:33 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-07-16 16:58:33 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-07-16 16:58:32 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-07-16 16:58:32 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-07-16 16:58:32 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-07-16 16:58:32 38912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2016-07-16 16:58:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-07-16 16:58:32 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-07-16 16:58:32 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-07-16 16:58:22 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-07-16 16:52:56 182152 ----a-w- C:\Windows\System32\drivers\klflt.sys
.
==================== Find3M ====================
.
2016-08-05 18:29:25 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-08-05 18:29:25 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-26 18:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-22 13:06:29 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-10 18:51:28 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-06-10 18:51:28 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-06-10 15:20:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-06-10 15:05:49 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-06-10 14:58:54 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-06-10 14:58:21 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-06-10 14:58:19 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-06-10 14:57:37 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-06-10 14:57:34 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-06-10 14:52:44 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-06-06 16:50:35 228864 ----a-w- C:\Windows\System32\wintrust.dll
2016-06-06 16:50:16 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2016-06-06 16:50:16 1483264 ----a-w- C:\Windows\System32\crypt32.dll
2016-06-06 16:50:16 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2016-06-06 15:23:20 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2016-06-06 15:23:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2016-06-06 15:23:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2016-06-06 15:23:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2016-05-24 08:18:06 237480 ----a-w- C:\Windows\System32\drivers\klhk.sys
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-16 23:22:36 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-05-16 23:19:32 706280 ----a-w- C:\Windows\System32\winload.efi
2016-05-16 23:19:31 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-16 23:18:39 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-05-16 23:18:39 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-05-16 23:17:39 1732888 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-16 23:16:18 1314136 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-05-16 21:23:50 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-16 21:23:46 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-16 21:23:46 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-16 21:19:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-05-16 21:19:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-16 21:14:55 112640 ----a-w- C:\Windows\System32\smss.exe
2016-05-16 21:10:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-05-16 21:10:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-05-16 21:10:27 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-05-16 21:10:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-05-16 21:09:32 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-05-16 21:09:32 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-16 21:09:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-16 21:09:32 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 4:22:10.83 ===============