A couple of weeks ago my computer was infected with a nasty virus/trojan horse. I made the mistake of running a program that I downloaded off the internet from an untrustworthy site. I don't remember the name of the program and I've since deleted it. Ever since then my anti-virus program (AVG-free) pops up multiple messages a day about trojan horse infections. Some that it has found are:
Crypt3.ARER
Crypt3.ARVN
IDP.Trojan.8BEF0C1B
IDP.TROjan.330F1B36
Simda.WL
Win32/DH{fyB8ZA}
and so on...
I have tried multiple programs, but have been unsuccessful in removing the virus. I have used:
AVG-free
Malwarebytes Anti-Malware
stinger64
JRT
Windows Defender
MicroTrend HouseCall
Esat Online Scanner
I was able to run Esat one time, and it had a found a number of infections, but my computer was slowed down by a number of processes using a very large amount of memory. Every time I would try to end them, a couple more would start, so that I eventually had about 50 versions at once. I stopped the scan and shut down my computer. After restarting, I was unable to run Esat. Every time I would try, I was told that Esat couldn't update the definition files. My internet connection was working just fine and I don't use a proxy. I tried erasing all traces of Esat from my computer to see if that would help, and I stumbled across a hidden folder that contains a number of programs and movies (it had a copy of Esat which is how I found it). It appears that my computer is being used to host illegal software. I tried to delete it, but couldn't since most of the files were being used.
Here are my DDS logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Rob at 13:22:19 on 2014-09-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2317 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Google+ Auto Backup] "C:\Users\Rob\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [Andworks] regsvr32.exe C:\Users\Rob\AppData\Local\Andworks\ASMbase217I.dll
uRun: [Andworks Update] regsvr32.exe C:\Users\Rob\AppData\Local\Andworks\CNBP_267.DLL
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{787A731F-3ED5-4062-825E-0600C0570306} : NameServer = 8.8.8.8,8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 193.107.16.144 http://www.google-analytics.com.
Hosts: 193.107.16.144 google-analytics.com.
Hosts: 193.107.16.144 connect.facebook.net.
Hosts: 188.40.62.184 http://www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-12-8 50976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-17 4799760]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-4-6 35112]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-9-1 580232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-6 1255736]
.
=============== Created Last 30 ================
.
2014-09-30 17:48:57 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-27 13:02:02 634880 ----a-w- C:\Users\Rob\AppData\Roaming\ScanDisc.exe
2014-09-26 18:21:01 159768 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6F4B.exe
2014-09-25 04:20:39 188416 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB2AD.exe
2014-09-24 06:06:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 06:06:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 22:51:41 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 16:21:21 -------- d-----w- C:\Program Files\stinger
2014-09-23 05:17:24 288 ----a-w- C:\Users\Rob\AppData\Roaming\136A41DE.reg
2014-09-21 22:40:49 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-09-20 22:08:28 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f207d9ae3d2848332edd6971165b55bb\WMP x264 Codec Pack.exe
2014-09-20 19:56:11 54525952 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c998312b0c712d7c75586fe29031154\TARGET 3001.exe
2014-09-20 18:53:56 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df5bfe7ead98e24e4f7dde85b32ed92f\Crash Time II.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db24d687a19d643a1c6965973736c23c\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d1ada249bda7818938e4b145d48c22d2\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6be59164457beaa41328bfb551ba0731\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\35e65aa016dd1c393180f8450e9ed2e8\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\062f846a263ce6d9faae039cb20cea91\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0507c83744d040c1489ab204eb68b699\Lite x264 Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e999db042dc46a3d743acbfd426711e5\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c5a502e859860ee097d5bf360b820cf1\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b9ebb7ecc53609e609389e5108b8a42e\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\914d877fdcec5c8b671d9c97e8be706a\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\741d708848b3f4daa28bbd2192fc7d4e\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\71e551ee44dda9b8c76aa34e5af643ff\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6411421a8dc0929fbc39874aa777ec37\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\318e94665f25bd8f7023c6dc4a88329d\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0b0a407ab25d48aa186909f845709856\WMP xMPG Codec Pack.exe
2014-09-20 17:51:19 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9d079ce2977ffb1612db5e0bb58ad2d\Total Codec Pack.exe
2014-09-20 17:51:19 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\610fbe650c83965bae55b009c4a82a8b\Total Codec Pack.exe
2014-09-20 17:36:53 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\07168878a40e7ef035499de201165b69\History Sweeper.exe
2014-09-15 16:45:13 -------- d-----w- C:\Program Files\iPod
2014-09-15 16:45:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:45:12 -------- d-----w- C:\Program Files\iTunes
2014-09-15 16:45:12 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-15 04:04:40 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2014-09-15 03:57:27 -------- d-----w- C:\Users\Rob\AppData\Local\Andworks
2014-09-15 03:57:18 -------- d-----w- C:\Users\Rob\AppData\Local\Azsmworks
2014-09-15 03:56:15 2498560 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-11 21:02:48 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 21:02:48 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-09-11 21:01:16 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-09-10 08:04:57 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 08:04:57 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 08:04:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 08:04:34 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 08:04:15 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 08:04:15 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 08:04:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 08:04:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 08:04:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 08:04:00 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 08:03:59 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-02 03:59:41 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-02 03:59:12 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-02 03:59:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-02 03:59:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-02 03:57:40 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2014-09-02 03:57:34 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-02 03:57:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-09-02 03:25:06 -------- d-----w- C:\Windows\ERUNT
2014-09-02 03:08:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\Wise Care 365
2014-09-02 03:08:15 -------- d-----w- C:\Program Files (x86)\Wise
2014-09-01 18:42:41 -------- d-----w- C:\Program Files\Bonjour
2014-09-01 18:42:41 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2014-09-23 21:56:35 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 21:56:35 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-12 03:53:43 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-06 15:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-22 02:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 13:23:00.93 ===============
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/6/2013 12:39:47 PM
System Uptime: 9/30/2014 11:51:50 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 62.883 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.425 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 659.802 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 9/19/2014 12:28:04 AM - Scheduled Checkpoint
RP89: 9/23/2014 6:12:53 PM - Malwarebytes Anti-Rootkit Restore Point
RP90: 9/24/2014 1:32:36 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 193.107.16.144 http://www.google-analytics.com.
Hosts: 193.107.16.144 google-analytics.com.
Hosts: 193.107.16.144 connect.facebook.net.
Hosts: 188.40.62.184 http://www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
Hosts: 188.40.62.184 connect.facebook.net.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Activity Tracker
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.09)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG SafeGuard toolbar
Battle.net
Bonjour
BufferChm
C4100
c4100_Help
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Copy
Destinations
DeviceDiscovery
Diablo III
DocProc
DVDFab 9.0.7.2 (18/10/2013)
Fax
Google Chrome
Google Talk Plugin
Google Update Helper
Google+ Auto Backup
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HydraVision
ImgBurn
iTunes
Java 7 Update 45 (64-bit)
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
NirSoft BlueScreenView
OCR Software by I.R.I.S. 13.0
Picasa 3
Recuva
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
TeamViewer 9
Toolbox
TrayApp
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
WebReg
Wise Care 365 3.23
.
==== Event Viewer Messages From Past Week ========
.
9/30/2014 11:49:41 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:43:14 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:43:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/30/2014 11:43:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/30/2014 11:42:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2014 11:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/30/2014 11:42:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 discache spldr Wanarpv6
9/30/2014 11:42:36 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:41:30 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/30/2014 11:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/30/2014 11:34:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2014 11:59:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/25/2014 10:20:26 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected.
9/25/2014 10:20:18 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
9/25/2014 10:15:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092514-68078-01.
.
==== End Of File ===========================