Windows 7, Gateway RFX6840
Over last few months has become extremely slow, typing is a crap shoot beause I don't see what I've typed for some time.
Drop downs don't drop...entire system freezes for upwards of 30 seconds at a time when I want to move the cursor or switch pages.
This is recent. O/S has been on machine for 7 yrs. My late wife was MSDN and installed Win 7 Ultimate a long long time ago. It's run just fine.
Malware bytes finds nothing (stand alone and only runs when I choose to run it). Chameleon finds nothing, Web root Anywhere, which is my actual Firewall/anti virus is the only system that runs by choice...However, I can't seem to get Windows defender to go away...I'll shut it off, and it just errors me until I turn it back on.
One person suggested the HDD is about to croak, which is entirely possible.
But at this point replacing the entire desktop would make more sense than replacing the HDD..unfortunately, I LOATHE Windows 10..don't want anything to do with it.
DDS.TXT
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450 BrowserJavaVersion: 11.101.2
Run by SalShels at 13:17:26 on 2016-10-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6459 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
SP: Webroot SecureAnywhere *Enabled/Updated* {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\FASUSB~1.LNK - C:\Program Files\Fractal Audio Systems\USB Audio Driver\FASUSBAudioCplApp.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0077-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} - hxxps://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07228A2C-F2CA-4378-AA31-4954F634F4CD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\
FF - prefs.js: browser.search.selectedEngine - Cassiopesa
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
FF - ExtSQL: !HIDDEN! 2011-02-08 09:47; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-17 55856]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-8 138576]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-2 30752]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-18 32912]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-6-30 140672]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-8 990464]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-30 27008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2010-11-17 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-30 1136608]
S3 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-8-5 83768]
S3 axefx2load;Fractal Audio Systems AxeFx2 USB Service;C:\Windows\System32\drivers\axefx2load.sys [2014-9-26 55600]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-17 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-1 130688]
S3 fasusbaudio;fasusbaudio;C:\Windows\System32\drivers\fasusbaudio_x64.sys [2014-9-26 254464]
S3 fasusbaudioks;fasusbaudioks;C:\Windows\System32\drivers\fasusbaudioks_x64.sys [2014-9-26 46080]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2016-8-31 928272]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 29728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-14 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2013-9-23 44480]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-6-30 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-30 64896]
S3 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2015-6-1 232192]
S3 paeusbaudio;paeusbaudio;C:\Windows\System32\drivers\paeusbaudio_x64.sys [2013-10-11 250728]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [2013-10-11 69992]
S3 paeusbaudioks;paeusbaudioks;C:\Windows\System32\drivers\paeusbaudioks_x64.sys [2013-10-11 51560]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-8 19456]
S3 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-9-1 754784]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-1 164992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-10 7500048]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wrUrlFlt;Webroot UrlFilter;C:\Windows\System32\drivers\wrUrlFlt.sys [2015-2-26 66328]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 255504]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-17 79360]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-6-30 1514464]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [2016-7-17 411648]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile=NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-10-11 01:33:47 -------- d-sh--w- C:\found.000
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\System32\GWX
2016-09-25 19:21:31 -------- d-----w- C:\EFSTMPWP
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-09-19 20:27:12 -------- d-----w- C:\Program Files\iPod
2016-09-19 20:27:11 -------- d-----w- C:\Program Files\iTunes
2016-09-17 19:26:59 -------- d-----w- C:\Users\SalShels\AppData\Local\{8B594C16-CB4A-44AA-A599-A301C4DA5BB6}
2016-09-17 19:24:41 -------- d-----w- C:\Users\SalShels\AppData\Local\{0613077D-8F12-4E0E-BE58-2B2913AA553A}
2016-09-14 18:26:04 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-09-14 18:26:04 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-09-14 18:26:04 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-09-14 18:24:57 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-09-14 18:24:56 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-14 18:24:56 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-09-14 18:24:56 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-14 18:24:56 1009152 ----a-w- C:\Windows\System32\user32.dll
.
==================== Find3M ====================
.
2016-10-13 17:04:37 184760 ----a-w- C:\Windows\SysWow64\WRusr.dll
2016-10-13 17:04:37 138576 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2016-10-13 17:04:37 118384 ----a-w- C:\Windows\System32\WRusr.dll
2016-10-12 04:58:21 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-12 04:58:21 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-11 01:03:18 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-29 23:01:29 66328 ----atw- C:\Windows\System32\drivers\wrUrlFlt.sys
2016-09-27 18:59:23 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2016-09-02 15:40:18 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-02 15:35:48 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-02 15:35:47 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-02 15:35:47 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-02 15:35:47 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-02 15:34:22 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-02 15:31:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-09-02 15:31:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-09-02 15:31:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-09-02 15:31:02 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-09-02 15:31:02 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-09-02 15:31:01 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-09-02 15:31:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-09-02 15:31:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-09-02 15:31:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-09-02 15:31:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-09-02 15:21:25 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21:25 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-02 15:02:33 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-02 15:02:29 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-02 15:02:29 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-02 15:01:47 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-02 14:58:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-02 14:57:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-02 14:55:12 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-02 14:54:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-02 14:54:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-02 14:53:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-02 14:53:52 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-02 14:53:18 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-02 14:49:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-02 14:49:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-02 14:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-02 14:49:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-02 14:49:04 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-02 14:48:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-02 14:48:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 14:48:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 14:48:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-01 03:18:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-01 02:48:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-01 02:46:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-01 02:46:11 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-01 02:46:04 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-01 02:44:20 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-01 02:24:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-01 02:23:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-01 01:59:47 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-01 01:29:35 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-01 01:29:30 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-01 01:24:36 4607488 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-01 00:43:05 2445824 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-01 00:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-01 00:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-01 00:25:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-01 00:24:36 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-01 00:24:29 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-01 00:24:09 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-01 00:24:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-01 00:11:19 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-01 00:11:18 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-01 00:10:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-01 00:06:08 6047232 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-01 00:03:41 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-31 23:51:30 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-31 23:27:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-31 23:26:53 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-31 23:10:42 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-07-24 06:11:19 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-22 07:21:06 716928 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-22 07:21:06 164992 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-22 07:21:06 1499408 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-22 07:21:06 130688 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-17 07:55:07 1179672 ----a-w- C:\Windows\unins000.exe
.
============= FINISH: 13:17:54.42 ===============
Over last few months has become extremely slow, typing is a crap shoot beause I don't see what I've typed for some time.
Drop downs don't drop...entire system freezes for upwards of 30 seconds at a time when I want to move the cursor or switch pages.
This is recent. O/S has been on machine for 7 yrs. My late wife was MSDN and installed Win 7 Ultimate a long long time ago. It's run just fine.
Malware bytes finds nothing (stand alone and only runs when I choose to run it). Chameleon finds nothing, Web root Anywhere, which is my actual Firewall/anti virus is the only system that runs by choice...However, I can't seem to get Windows defender to go away...I'll shut it off, and it just errors me until I turn it back on.
One person suggested the HDD is about to croak, which is entirely possible.
But at this point replacing the entire desktop would make more sense than replacing the HDD..unfortunately, I LOATHE Windows 10..don't want anything to do with it.
DDS.TXT
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450 BrowserJavaVersion: 11.101.2
Run by SalShels at 13:17:26 on 2016-10-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6459 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
SP: Webroot SecureAnywhere *Enabled/Updated* {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\FASUSB~1.LNK - C:\Program Files\Fractal Audio Systems\USB Audio Driver\FASUSBAudioCplApp.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0077-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} - hxxps://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07228A2C-F2CA-4378-AA31-4954F634F4CD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\
FF - prefs.js: browser.search.selectedEngine - Cassiopesa
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
FF - ExtSQL: !HIDDEN! 2011-02-08 09:47; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-17 55856]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-8 138576]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-2 30752]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-18 32912]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-6-30 140672]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-8 990464]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-30 27008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2010-11-17 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-30 1136608]
S3 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-8-5 83768]
S3 axefx2load;Fractal Audio Systems AxeFx2 USB Service;C:\Windows\System32\drivers\axefx2load.sys [2014-9-26 55600]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-17 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-1 130688]
S3 fasusbaudio;fasusbaudio;C:\Windows\System32\drivers\fasusbaudio_x64.sys [2014-9-26 254464]
S3 fasusbaudioks;fasusbaudioks;C:\Windows\System32\drivers\fasusbaudioks_x64.sys [2014-9-26 46080]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2016-8-31 928272]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 29728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-14 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2013-9-23 44480]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-6-30 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-30 64896]
S3 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2015-6-1 232192]
S3 paeusbaudio;paeusbaudio;C:\Windows\System32\drivers\paeusbaudio_x64.sys [2013-10-11 250728]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [2013-10-11 69992]
S3 paeusbaudioks;paeusbaudioks;C:\Windows\System32\drivers\paeusbaudioks_x64.sys [2013-10-11 51560]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-8 19456]
S3 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-9-1 754784]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-1 164992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-10 7500048]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wrUrlFlt;Webroot UrlFilter;C:\Windows\System32\drivers\wrUrlFlt.sys [2015-2-26 66328]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 255504]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-17 79360]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-6-30 1514464]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [2016-7-17 411648]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile=NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-10-11 01:33:47 -------- d-sh--w- C:\found.000
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\System32\GWX
2016-09-25 19:21:31 -------- d-----w- C:\EFSTMPWP
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-09-19 20:27:12 -------- d-----w- C:\Program Files\iPod
2016-09-19 20:27:11 -------- d-----w- C:\Program Files\iTunes
2016-09-17 19:26:59 -------- d-----w- C:\Users\SalShels\AppData\Local\{8B594C16-CB4A-44AA-A599-A301C4DA5BB6}
2016-09-17 19:24:41 -------- d-----w- C:\Users\SalShels\AppData\Local\{0613077D-8F12-4E0E-BE58-2B2913AA553A}
2016-09-14 18:26:04 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-09-14 18:26:04 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-09-14 18:26:04 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-09-14 18:24:57 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-09-14 18:24:56 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-14 18:24:56 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-09-14 18:24:56 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-14 18:24:56 1009152 ----a-w- C:\Windows\System32\user32.dll
.
==================== Find3M ====================
.
2016-10-13 17:04:37 184760 ----a-w- C:\Windows\SysWow64\WRusr.dll
2016-10-13 17:04:37 138576 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2016-10-13 17:04:37 118384 ----a-w- C:\Windows\System32\WRusr.dll
2016-10-12 04:58:21 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-12 04:58:21 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-11 01:03:18 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-29 23:01:29 66328 ----atw- C:\Windows\System32\drivers\wrUrlFlt.sys
2016-09-27 18:59:23 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2016-09-02 15:40:18 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-02 15:35:48 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-02 15:35:47 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-02 15:35:47 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-02 15:35:47 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-02 15:34:22 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-02 15:31:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-09-02 15:31:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-09-02 15:31:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-09-02 15:31:02 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-09-02 15:31:02 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-09-02 15:31:01 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-09-02 15:31:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-09-02 15:31:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-09-02 15:31:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-09-02 15:31:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-09-02 15:21:25 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21:25 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-02 15:02:33 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-02 15:02:29 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-02 15:02:29 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-02 15:01:47 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-02 14:58:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-02 14:57:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-02 14:55:12 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-02 14:54:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-02 14:54:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-02 14:53:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-02 14:53:52 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-02 14:53:18 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-02 14:49:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-02 14:49:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-02 14:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-02 14:49:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-02 14:49:04 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-02 14:48:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-02 14:48:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 14:48:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 14:48:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-01 03:18:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-01 02:48:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-01 02:46:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-01 02:46:11 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-01 02:46:04 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-01 02:44:20 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-01 02:24:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-01 02:23:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-01 01:59:47 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-01 01:29:35 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-01 01:29:30 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-01 01:24:36 4607488 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-01 00:43:05 2445824 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-01 00:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-01 00:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-01 00:25:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-01 00:24:36 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-01 00:24:29 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-01 00:24:09 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-01 00:24:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-01 00:11:19 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-01 00:11:18 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-01 00:10:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-01 00:06:08 6047232 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-01 00:03:41 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-31 23:51:30 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-31 23:27:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-31 23:26:53 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-31 23:10:42 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-07-24 06:11:19 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-22 07:21:06 716928 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-22 07:21:06 164992 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-22 07:21:06 1499408 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-22 07:21:06 130688 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-17 07:55:07 1179672 ----a-w- C:\Windows\unins000.exe
.
============= FINISH: 13:17:54.42 ===============