My friend was using Facebook in Firefox when she had a new tab open appearing to be from Microsoft telling her to call them. She was unable to close the window, or Firefox. I had her end the process and shut the computer down, and it has not been on since then except for to run DDS. The requested logs follow, and are attached. Thanks in advance!!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.101.2
Run by Roberta Bird at 12:34:01 on 2017-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7918.6260 [GMT -6:00]
.
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Roberta Bird\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google+ Auto Backup] "C:\Users\Roberta Bird\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ROBERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1B63D4AB-9A0D-4041-9A9F-E78E99F4A9A2} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{438CD666-04EA-4BBC-B4D2-3FE79BD8A5A2} : DHCPNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roberta Bird\AppData\Roaming\Mozilla\Firefox\Profiles\hywhj9cm.default-1447903078887\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|https://mg.mail.yahoo.com/neo/launch...=8b8th1riot5u8
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-24 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswvmm.sys [2013-11-24 293352]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-3-22 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-11-24 969184]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-24 513632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-24 108816]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-8-31 197128]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-16 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-16 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-16 171416]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-1-9 995800]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-10-13 16248]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-11-15 27760]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-15 677480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-11-15 2182768]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-14 163416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 InstallerService;Service Installer TrueKey;C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S3 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-9 37656]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-13 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 329480]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-10-24 16152]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-1-9 86864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-15 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-11-30 04:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-27 15:33:31 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-10-27 15:20:17 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 12:34:11.15 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18538 BrowserJavaVersion: 11.101.2
Run by Roberta Bird at 12:34:01 on 2017-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7918.6260 [GMT -6:00]
.
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Roberta Bird\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google+ Auto Backup] "C:\Users\Roberta Bird\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ROBERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1B63D4AB-9A0D-4041-9A9F-E78E99F4A9A2} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{438CD666-04EA-4BBC-B4D2-3FE79BD8A5A2} : DHCPNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.1 mssplus.mcafee.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Roberta Bird\AppData\Roaming\Mozilla\Firefox\Profiles\hywhj9cm.default-1447903078887\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/|https://mg.mail.yahoo.com/neo/launch...=8b8th1riot5u8
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-24 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswvmm.sys [2013-11-24 293352]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-3-22 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-11-24 969184]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-24 513632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-24 108816]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-8-31 197128]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-16 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-16 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-16 171416]
R2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-1-9 995800]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-10-13 16248]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-11-15 27760]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-15 677480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-11-15 2182768]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-14 163416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 InstallerService;Service Installer TrueKey;C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S3 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-9 37656]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-12-13 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 329480]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-10-24 16152]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-1-9 86864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-15 1255736]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2016-11-30 04:34:16 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2016-11-30 04:34:16 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2016-11-30 04:27:48 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2016-11-30 04:27:48 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2016-11-21 18:16:29 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-11-21 18:16:29 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-11-20 16:20:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-11-20 16:20:03 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2016-11-20 16:20:03 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-11-20 16:20:01 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-11-20 16:20:01 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-11-20 16:19:57 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-11-20 16:19:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-11-20 16:19:57 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-11-20 16:19:53 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-11-20 16:19:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-11-20 16:19:52 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-11-20 16:19:51 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-11-20 16:19:49 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-11-20 16:19:47 84992 ----a-w- C:\Windows\SysWow64\hlink.dll
2016-11-20 16:19:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-11-20 16:19:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-11-20 16:19:40 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2016-11-20 16:04:54 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-11-20 15:58:19 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-11-20 15:57:45 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-11-20 15:57:43 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-11-20 15:57:01 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-11-20 15:57:00 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-11-20 15:52:42 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-11-20 14:07:52 467392 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-11-17 16:41:49 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-11-12 19:48:25 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-11-12 19:48:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-11-12 19:28:01 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-11-12 19:26:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-11-12 19:26:27 417792 ----a-w- C:\Windows\System32\html.iec
2016-11-12 19:25:50 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-11-12 19:25:41 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-11-12 19:08:26 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-11-12 19:08:24 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-11-12 19:07:47 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-11-12 18:56:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-11-12 18:53:10 6049280 ----a-w- C:\Windows\System32\jscript9.dll
2016-11-12 18:47:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-11-12 18:41:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-11-12 18:30:22 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-11-12 18:29:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29:13 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-11-12 18:29:05 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-11-12 18:27:51 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14:53 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-11-12 18:14:16 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-11-12 18:08:54 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-11-12 18:08:32 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-11-12 17:57:35 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-11-12 17:37:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-11-12 17:36:39 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-11-12 17:36:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-11-12 17:35:33 2920960 ----a-w- C:\Windows\System32\wininet.dll
2016-11-12 17:05:59 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-11-10 16:32:41 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-11-10 16:19:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-11-09 16:41:27 114408 ----a-w- C:\Windows\System32\consent.exe
2016-11-09 16:33:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-11-09 16:33:34 504320 ----a-w- C:\Windows\System32\msihnd.dll
2016-11-09 16:33:34 3244032 ----a-w- C:\Windows\System32\msi.dll
2016-11-09 16:33:34 25088 ----a-w- C:\Windows\System32\msimsg.dll
2016-11-09 16:33:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2016-11-09 16:33:26 1941504 ----a-w- C:\Windows\System32\authui.dll
2016-11-09 16:17:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-11-09 16:17:31 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2016-11-09 16:17:31 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2016-11-09 16:17:31 2365440 ----a-w- C:\Windows\SysWow64\msi.dll
2016-11-09 16:17:18 1806848 ----a-w- C:\Windows\SysWow64\authui.dll
2016-11-09 16:02:19 128512 ----a-w- C:\Windows\System32\msiexec.exe
2016-11-09 15:55:06 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2016-11-06 16:33:24 404992 ----a-w- C:\Windows\System32\gdi32.dll
2016-11-06 16:16:46 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-11-06 16:01:47 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-10-27 15:33:31 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-10-27 15:20:17 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 12:34:11.15 ===============