Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow pc email lots of Failure Notice

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow pc email lots of Failure Notice

Unread postby thom15 » November 17th, 2015, 10:47 am

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098
Run by thom hp extra at 18:19:48 on 2015-11-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.432 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Program Files\BOINC\boinc.exe
C:\Users\thom hp extra\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Users\thom hp extra\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\thom hp extra\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\Users\thom hp extra\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearch Bar = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
uSearch Page = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
uDefault_Page_URL = hxxp://www.safesear.ch/?type=20151108-230-ie
mStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
mSearch Page = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
mDefault_Page_URL = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearchAssistant = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [uTorrent] "c:\users\thom hp extra\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [MalwareProtectionLive] c:\users\thom hp extra\appdata\local\malwareprotectionlive\MalwareProtectionClient.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-10-21 192944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-8-10 36784]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2014-3-28 12800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-8-10 156080]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-10-19 256432]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-8-14 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-2-11 79872]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2014-3-28 750592]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-16 03:18:37 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35:04 -------- d-----w- c:\users\thom hp extra\appdata\local\iSkysoft
2015-11-16 02:34:58 -------- d-----w- c:\program files\common files\iSkysoft
2015-11-16 02:34:10 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34:10 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34:10 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34:10 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34:10 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34:10 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33:40 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Movavi
2015-11-16 02:26:37 -------- d-----w- c:\users\thom hp extra\appdata\local\VideoEditor
2015-11-16 02:25:04 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16:21 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41:35 -------- d-----w- c:\users\thom hp extra\appdata\local\CEF
2015-11-15 15:27:02 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01:50 -------- d-----w- c:\users\thom hp extra\appdata\local\Tempfolder
2015-11-15 15:01:11 -------- d-----w- C:\uninst
2015-11-15 15:01:06 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00:58 -------- d-----w- c:\users\thom hp extra\appdata\roaming\System Healer
2015-11-15 15:00:48 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00:34 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58:06 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56:38 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Opera Software
2015-11-15 14:36:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Opera Software
2015-11-15 14:34:15 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:29:54 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29:52 -------- d-----w- c:\users\thom hp extra\appdata\roaming\mystartsearch
2015-11-15 14:25:37 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25:12 -------- d-----w- c:\users\thom hp extra\appdata\local\Crossbrowse
2015-11-15 14:22:42 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22:02 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20:51 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16:31 -------- d-----w- c:\users\thom hp extra\appdata\local\globalUpdate
2015-11-15 14:16:31 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16:05 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15:05 -------- d-----w- c:\users\thom hp extra\appdata\roaming\RunDir
2015-11-15 14:15:02 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NetService
2015-11-15 14:14:53 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Note-UP
2015-11-15 14:11:25 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10:01 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NUIns
2015-11-15 14:10:01 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:04:07 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40:43 -------- d-----w- c:\users\thom hp extra\appdata\roaming\InstantSupport
2015-11-15 11:40:37 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40:37 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40:34 -------- d-----w- c:\users\thom hp extra\appdata\roaming\PCAcceleratePro
2015-11-15 11:40:29 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40:24 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45:45 -------- d-----w- c:\program files\Nero
2015-11-15 01:45:21 -------- d-----w- c:\programdata\Nero
2015-11-13 20:25:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18:27 87608 ----a-w- c:\users\thom hp extra\appdata\roaming\inst.exe
2015-11-13 02:18:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18:27 47360 ----a-w- c:\users\thom hp extra\appdata\roaming\pcouffin.sys
2015-11-13 02:18:17 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18:17 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18:17 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18:15 -------- d-----w- c:\program files\VSO
2015-11-12 09:49:36 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02:24 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02:24 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02:24 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02:24 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02:03 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 14:02:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-09 03:26:12 -------- d-----w- c:\users\thom hp extra\appdata\roaming\uTorrent
2015-11-09 02:58:35 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57:46 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54:16 -------- d-----w- c:\users\thom hp extra\appdata\local\Component
2015-11-09 02:53:54 -------- d-----w- c:\users\thom hp extra\appdata\local\intmanager
2015-11-09 02:53:46 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51:53 -------- d-----w- c:\users\thom hp extra\appdata\local\Fast Browser
2015-10-25 12:23:51 -------- d-----w- c:\users\thom hp extra\appdata\local\AvgSetupLog
2015-10-21 22:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-19 14:06:02 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M ====================
.
2015-10-30 22:58:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 22:58:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 22:47:08 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- c:\windows\system32\html.iec
2015-10-30 22:44:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 22:36:30 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 22:36:25 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 22:31:22 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 22:23:51 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:16:43 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-10-29 20:02:40 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-29 20:02:40 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-20 17:46:02 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 17:46:02 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 17:46:02 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 17:45:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 17:45:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 17:45:08 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-13 10:24:00 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-08 13:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-09-18 17:47:06 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44:35 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44:34 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44:30 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44:26 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35:49 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-20 19:05:48 231344 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-08-20 16:14:30 130048 ----a-w- c:\windows\system32\SpoonUninstall.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000071
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x83053D19] -> \Device\Harddisk0\DR0[0x860B4030]
3 CLASSPNP[0x8919859E] -> ntkrnlpa!IofCallDriver[0x83053D19] -> [0x85030930]
5 ACPI[0x8378A3D4] -> ntkrnlpa!IofCallDriver[0x83053D19] -> \Device\00000070[0x859F0A28]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 5:06:24 PM
System Uptime: 11/16/2015 12:35:53 PM (6 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket AM2 | 988/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 344.446 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 9.722 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 456.821 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: FNetDevi
Device ID: ROOT\LEGACY_FNETDEVI\0000
Manufacturer:
Name: FNetDevi
PNP Device ID: ROOT\LEGACY_FNETDEVI\0000
Service: FNetDevi
.
==== System Restore Points ===================
.
RP166: 11/12/2015 8:18:44 PM - Device Driver Package Install: VSO Software
RP167: 11/13/2015 3:00:16 AM - Windows Update
RP169: 11/13/2015 2:17:26 PM - Installed DirectX
RP171: 11/13/2015 2:20:22 PM - Installed DirectX
RP173: 11/13/2015 2:24:16 PM - Installed DirectX
RP174: 11/14/2015 7:44:08 PM - Installed Nero 2016 Content Pack.
RP175: 11/15/2015 9:37:33 AM - Restore Operation
RP176: 11/15/2015 10:03:28 AM - Removed LightScribe System Software.
RP177: 11/15/2015 10:09:06 AM - Removed Citrix Online Launcher
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
ABBulkMailer
Adobe Flash Player 19 NPAPI
Adobe Reader XI (11.0.13)
Adobe Refresh Manager
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
ASUS GPU Tweak
ASUS Product Register Program
AVG
AVG 2016
AVG Protection
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility
CCC Help English
CDBurnerXP
ConvertXtoDVD 2.2.3.258
Dropbox
Dropbox Update Helper
Fitbit Connect
FMW 1
Google Chrome
Google Update Helper
GoToMeeting 7.5.1.3911
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iSkysoft Video Editor(Build 4.7.2)
join.me
Kodi
Lead Tools Direct 297 Club
Malware Protection Live
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Native Client
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movavi Video Editor 11
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Extractor
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Picasa 3
Quicken 2014
Revo Uninstaller 1.94
Sage ACT! Premium 2011
SeaMonkey 2.38 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition
Skype™ 7.12
SUPERAntiSpyware
TeamViewer 10
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
WinRAR 5.21 (32-bit)
World Community Grid
.
==== Event Viewer Messages From Past Week ========
.
11/16/2015 12:42:47 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/16/2015 12:37:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNetDevi
11/15/2015 9:22:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/15/2015 9:22:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/15/2015 9:02:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Rebfueqeae service to connect.
11/15/2015 9:02:19 AM, Error: Service Control Manager [7000] - The Rebfueqeae service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

.
============= FINISH: 18:21:57.19 ===============
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm
Advertisement
Register to Remove

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » November 18th, 2015, 1:35 pm

Hi

Is this your personal computer and not for example some system on workplace?

P2P is not allowed by our forum policy here: Refusal to remove Peer-to-Peer (P2P) programmes

Please uninstall uTorrent

After that re-run DDS and post back its logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » November 21st, 2015, 8:36 am

yes this is my personal computer

puDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098
Run by thom hp extra at 6:31:06 on 2015-11-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.652 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Users\thom hp extra\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_intelx86
C:\Windows\system32\conhost.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearch Bar = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
uSearch Page = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
uDefault_Page_URL = hxxp://www.safesear.ch/?type=20151108-230-ie
mStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
mSearch Page = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
mDefault_Page_URL = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearchAssistant = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [MalwareProtectionLive] c:\users\thom hp extra\appdata\local\malwareprotectionlive\MalwareProtectionClient.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-10-21 192944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-8-10 36784]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2014-3-28 12800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-8-10 156080]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-10-19 256432]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-8-14 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\av\avgidsagent.exe [2015-10-30 3815648]
R2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-11-12 862632]
R2 avgwd;AVG WatchDog;c:\program files\avg\av\avgwdsvcx.exe [2015-10-30 579776]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hewlett-packard\hp support solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 24888]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-3-1 5702416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-2-11 79872]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S3 AvgAMPS;AvgAMPS;c:\program files\avg\av\avgamps.exe [2015-10-30 595376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-11-11 102912]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2014-3-28 750592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-9-29 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-9-29 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-6 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-6-4 219136]
S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2013-6-4 291840]
S4 ASGT;ASGT;c:\windows\system32\ASGT.exe [2012-1-17 55296]
S4 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-11-7 5738528]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-9-18 14624]
S4 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-16 03:18:37 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35:04 -------- d-----w- c:\users\thom hp extra\appdata\local\iSkysoft
2015-11-16 02:34:58 -------- d-----w- c:\program files\common files\iSkysoft
2015-11-16 02:34:10 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34:10 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34:10 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34:10 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34:10 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34:10 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33:40 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Movavi
2015-11-16 02:26:37 -------- d-----w- c:\users\thom hp extra\appdata\local\VideoEditor
2015-11-16 02:25:04 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16:21 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41:35 -------- d-----w- c:\users\thom hp extra\appdata\local\CEF
2015-11-15 15:27:02 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01:50 -------- d-----w- c:\users\thom hp extra\appdata\local\Tempfolder
2015-11-15 15:01:11 -------- d-----w- C:\uninst
2015-11-15 15:01:06 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00:58 -------- d-----w- c:\users\thom hp extra\appdata\roaming\System Healer
2015-11-15 15:00:48 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00:34 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58:06 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56:38 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Opera Software
2015-11-15 14:36:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Opera Software
2015-11-15 14:34:15 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:29:54 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29:52 -------- d-----w- c:\users\thom hp extra\appdata\roaming\mystartsearch
2015-11-15 14:25:37 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25:12 -------- d-----w- c:\users\thom hp extra\appdata\local\Crossbrowse
2015-11-15 14:22:42 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22:02 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20:51 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16:31 -------- d-----w- c:\users\thom hp extra\appdata\local\globalUpdate
2015-11-15 14:16:31 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16:05 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15:05 -------- d-----w- c:\users\thom hp extra\appdata\roaming\RunDir
2015-11-15 14:15:02 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NetService
2015-11-15 14:14:53 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Note-UP
2015-11-15 14:11:25 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10:01 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NUIns
2015-11-15 14:10:01 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:04:07 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40:43 -------- d-----w- c:\users\thom hp extra\appdata\roaming\InstantSupport
2015-11-15 11:40:37 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40:37 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40:34 -------- d-----w- c:\users\thom hp extra\appdata\roaming\PCAcceleratePro
2015-11-15 11:40:29 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40:24 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45:45 -------- d-----w- c:\program files\Nero
2015-11-15 01:45:21 -------- d-----w- c:\programdata\Nero
2015-11-13 20:25:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18:27 87608 ----a-w- c:\users\thom hp extra\appdata\roaming\inst.exe
2015-11-13 02:18:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18:27 47360 ----a-w- c:\users\thom hp extra\appdata\roaming\pcouffin.sys
2015-11-13 02:18:17 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18:17 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18:17 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18:15 -------- d-----w- c:\program files\VSO
2015-11-12 09:49:36 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02:24 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02:24 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02:24 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02:24 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02:03 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 14:02:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-09 03:26:12 -------- d-----w- c:\users\thom hp extra\appdata\roaming\uTorrent
2015-11-09 02:58:35 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57:46 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54:16 -------- d-----w- c:\users\thom hp extra\appdata\local\Component
2015-11-09 02:53:54 -------- d-----w- c:\users\thom hp extra\appdata\local\intmanager
2015-11-09 02:53:46 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51:53 -------- d-----w- c:\users\thom hp extra\appdata\local\Fast Browser
2015-10-25 12:23:51 -------- d-----w- c:\users\thom hp extra\appdata\local\AvgSetupLog
.
==================== Find3M ====================
.
2015-11-19 17:05:07 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05:07 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-30 22:58:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 22:58:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 22:47:08 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- c:\windows\system32\html.iec
2015-10-30 22:44:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 22:36:30 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 22:36:25 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 22:31:22 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 22:23:51 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:16:43 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-20 17:46:02 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 17:46:02 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 17:46:02 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 17:45:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 17:45:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 17:45:08 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-19 14:06:02 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24:00 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-08 13:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-09-18 17:47:06 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44:35 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44:34 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44:30 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44:26 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35:49 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000071
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
c:\windows\system32\drivers\atikmpag.sys Advanced Micro Devices, Inc. AMD driver
c:\windows\system32\drivers\atikmdag.sys Advanced Micro Devices, Inc. ATI Radeon Family
1 ntkrnlpa!IofCallDriver[0x83043D19] -> \Device\Harddisk0\DR0[0x860B4030]
3 CLASSPNP[0x8917E59E] -> ntkrnlpa!IofCallDriver[0x83043D19] -> [0x85030B40]
5 ACPI[0x837693D4] -> ntkrnlpa!IofCallDriver[0x83043D19] -> \Device\00000070[0x859F9030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
============= FINISH: 6:32:37.26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 5:06:24 PM
System Uptime: 11/21/2015 6:08:17 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket AM2 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 344.181 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 9.722 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 456.821 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2FFD215B&0&5
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2FFD215B&0&5
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: FNetDevi
Device ID: ROOT\LEGACY_FNETDEVI\0000
Manufacturer:
Name: FNetDevi
PNP Device ID: ROOT\LEGACY_FNETDEVI\0000
Service: FNetDevi
.
==== System Restore Points ===================
.
RP175: 11/15/2015 9:37:33 AM - Restore Operation
RP176: 11/15/2015 10:03:28 AM - Removed LightScribe System Software.
RP177: 11/15/2015 10:09:06 AM - Removed Citrix Online Launcher
RP178: 11/21/2015 5:08:00 AM - Removed ASUS Product Register Program
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBulkMailer
Adobe Flash Player 19 NPAPI
Adobe Reader XI (11.0.13)
Adobe Refresh Manager
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
ASUS GPU Tweak
AVG
AVG 2016
AVG Protection
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility
CCC Help English
CDBurnerXP
ConvertXtoDVD 2.2.3.258
Dropbox
Dropbox Update Helper
Fitbit Connect
FMW 1
Google Chrome
Google Update Helper
GoToMeeting 7.6.0.4007
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iSkysoft Video Editor(Build 4.7.2)
join.me
Kodi
Lead Tools Direct 297 Club
Malware Protection Live
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Native Client
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movavi Video Editor 11
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Extractor
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Picasa 3
Quicken 2014
Revo Uninstaller 1.94
Sage ACT! Premium 2011
SeaMonkey 2.38 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition
Skype™ 7.12
SUPERAntiSpyware
TeamViewer 10
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
WinRAR 5.21 (32-bit)
World Community Grid
.
==== Event Viewer Messages From Past Week ========
.
11/21/2015 6:09:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNetDevi
11/17/2015 6:27:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
11/16/2015 12:42:47 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/15/2015 9:22:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/15/2015 9:22:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/15/2015 9:02:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Rebfueqeae service to connect.
11/15/2015 9:02:19 AM, Error: Service Control Manager [7000] - The Rebfueqeae service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » November 24th, 2015, 5:08 am

Hi,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » November 24th, 2015, 4:16 pm

ComboFix 15-11-23.01 - thom hp extra 11/24/2015 13:18:00.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.514 [GMT -6:00]
Running from: c:\users\thom hp extra\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents.lnk
C:\Music.lnk
C:\New Folder.lnk
C:\Passwords.lnk
C:\Pictures.lnk
c:\programdata\81190BEC1B.sys
c:\programdata\ntuser.pol
c:\users\thom hp extra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpethbek.dll
c:\users\thom hp extra\AppData\Roaming\985
c:\users\thom hp extra\AppData\Roaming\inst.exe
c:\users\thom hp extra\Desktop\Setup.exe
c:\users\THOMHP~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpethbek.dll
C:\Video.lnk
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-10-24 to 2015-11-24 )))))))))))))))))))))))))))))))
.
.
2015-11-24 19:38 . 2015-11-24 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-11-24 19:38 . 2015-11-24 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-16 03:18 . 2015-11-16 03:18 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35 . 2015-11-16 02:35 -------- d-----w- c:\users\thom hp extra\AppData\Local\iSkysoft
2015-11-16 02:34 . 2015-11-16 02:34 -------- d-----w- c:\program files\Common Files\iSkysoft
2015-11-16 02:34 . 2015-07-30 15:57 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34 . 2015-07-30 15:57 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34 . 2015-07-30 15:57 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34 . 2015-07-30 15:57 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34 . 2015-07-30 15:57 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34 . 2015-07-30 15:57 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33 . 2015-11-16 02:33 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26 . 2015-11-16 02:26 -------- d-----w- c:\users\thom hp extra\AppData\Local\Movavi
2015-11-16 02:26 . 2015-11-16 02:26 -------- d-----w- c:\users\thom hp extra\AppData\Local\VideoEditor
2015-11-16 02:25 . 2015-11-16 02:25 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16 . 2015-11-16 02:16 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41 . 2015-11-15 15:41 -------- d-----w- c:\users\thom hp extra\AppData\Local\CEF
2015-11-15 15:27 . 2015-11-15 15:27 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01 . 2015-11-15 15:02 -------- d-----w- c:\users\thom hp extra\AppData\Local\Tempfolder
2015-11-15 15:01 . 2015-11-15 15:01 -------- d-----w- C:\uninst
2015-11-15 15:01 . 2015-11-15 15:51 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00 . 2015-11-15 15:25 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\System Healer
2015-11-15 15:00 . 2015-11-15 15:00 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00 . 2015-11-15 15:48 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58 . 2015-11-15 15:48 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56 . 2015-11-15 15:51 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36 . 2015-11-15 14:36 -------- d-----w- c:\users\thom hp extra\AppData\Local\Opera Software
2015-11-15 14:36 . 2015-11-15 14:36 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Opera Software
2015-11-15 14:34 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:31 . 2015-11-15 14:31 -------- d-----w- c:\users\Default\AppData\Local\Google
2015-11-15 14:29 . 2015-11-15 15:51 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29 . 2015-11-15 14:29 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\mystartsearch
2015-11-15 14:28 . 2015-11-15 15:48 -------- d-----w- c:\program files\Opera
2015-11-15 14:26 . 2015-11-15 14:26 -------- d-----w- c:\users\Default\AppData\Local\Food Comp
2015-11-15 14:25 . 2015-11-15 14:25 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25 . 2015-11-15 14:25 -------- d-----w- c:\users\thom hp extra\AppData\Local\Crossbrowse
2015-11-15 14:22 . 2015-11-15 15:51 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22 . 2015-11-15 14:22 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20 . 2015-11-15 14:20 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16 . 2015-11-15 14:16 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16 . 2015-11-15 14:16 -------- d-----w- c:\users\thom hp extra\AppData\Local\globalUpdate
2015-11-15 14:16 . 2015-11-15 15:51 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15 . 2015-11-15 14:15 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\RunDir
2015-11-15 14:15 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\NetService
2015-11-15 14:14 . 2015-11-15 15:48 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12 . 2015-11-15 14:53 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Note-UP
2015-11-15 14:11 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10 . 2015-11-15 15:48 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:10 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\NUIns
2015-11-15 14:04 . 2015-11-15 15:51 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\InstantSupport
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40 . 2015-11-15 11:40 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 11:40 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45 . 2015-11-15 01:50 -------- d-----w- c:\program files\Nero
2015-11-15 01:45 . 2015-11-15 01:54 -------- d-----w- c:\programdata\Nero
2015-11-13 20:26 . 2015-11-15 16:08 -------- d-----w- c:\program files\Common Files\LightScribe
2015-11-13 20:25 . 2010-05-26 17:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22 . 2010-05-26 17:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18 . 2015-11-13 02:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18 . 2015-11-13 02:18 47360 ----a-w- c:\users\thom hp extra\AppData\Roaming\pcouffin.sys
2015-11-13 02:18 . 2015-11-13 02:21 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Vso
2015-11-13 02:18 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18 . 2015-11-13 02:18 -------- d-----w- c:\program files\VSO
2015-11-12 09:49 . 2015-11-03 17:46 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02 . 2015-10-13 16:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 14:02 . 2015-10-13 16:31 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-09 03:26 . 2015-11-21 11:36 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\uTorrent
2015-11-09 02:58 . 2015-11-09 02:58 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57 . 2015-11-09 02:58 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54 . 2015-11-09 02:54 -------- d-----w- c:\users\thom hp extra\AppData\Local\Component
2015-11-09 02:53 . 2015-11-09 02:53 -------- d-----w- c:\users\thom hp extra\AppData\Local\intmanager
2015-11-09 02:53 . 2015-11-09 02:58 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51 . 2015-11-09 02:51 -------- d-----w- c:\users\thom hp extra\AppData\Local\Fast Browser
2015-10-28 20:09 . 2015-10-28 20:09 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-20 11:24 . 2015-03-23 11:50 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-11-20 11:24 . 2015-03-23 11:50 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-11-20 10:22 . 2015-03-25 11:32 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-11-19 17:05 . 2015-02-13 21:01 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05 . 2015-02-13 21:01 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-29 17:49 . 2015-11-11 14:02 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 14:02 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 14:02 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 14:02 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 14:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24 . 2015-10-21 22:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-21 22:14 . 2015-10-21 22:14 192944 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-10-19 14:06 . 2015-10-19 14:06 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24 . 2015-10-13 10:24 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29 . 2015-10-13 07:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-08 13:48 . 2015-10-08 13:48 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-02 19:17 . 2015-10-02 19:17 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-10-02 19:17 . 2015-10-02 19:17 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-10-01 17:50 . 2015-10-14 01:17 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50 . 2015-10-14 01:17 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50 . 2015-10-14 01:17 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50 . 2015-10-14 01:17 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-14 01:17 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53 . 2015-10-14 01:17 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 17:47 . 2015-10-14 21:17 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44 . 2015-10-14 21:17 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44 . 2015-10-14 21:17 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44 . 2015-10-14 21:17 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44 . 2015-10-14 21:17 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44 . 2015-10-14 21:17 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35 . 2015-10-14 21:17 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48 . 2015-09-08 21:49 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-08 21:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-08 21:49 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-08 21:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33 . 2015-09-08 21:49 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58 . 2015-09-08 21:50 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-08 21:50 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-08 21:50 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 21:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-03-25 3909264]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-03-25 71312]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2015-11-04 36713096]
"AVG_UI"="c:\program files\AVG\Av\avgui.exe" [2015-10-30 3826600]
"MalwareProtectionLive"="c:\users\thom hp extra\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe" [2015-11-05 851488]
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" [2015-11-12 1136552]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-09-12 2080768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage ACT! Outlook Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage ACT! Outlook Sync.lnk
backup=c:\windows\pss\Sage ACT! Outlook Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2010-12-21 21:35 337224 ----a-w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2010-12-21 20:25 28672 ----a-w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2014-03-25 22:33 3909264 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2014-03-25 22:33 71312 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 18:32 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 18:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
2015-11-04 23:50 36713096 ----a-w- c:\program files\Dropbox\Client\Dropbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fitbit Connect]
2014-11-07 20:25 4369952 ----a-r- c:\program files\Fitbit Connect\Fitbit Connect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Officejet Pro 8600 (NET)]
2012-10-17 09:05 1837672 ----a-w- c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 19:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
2013-06-05 00:27 389120 ----a-w- c:\program files\ATI Technologies\HydraVision\HydraDM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2015-03-25 18:16 77104 ----a-w- c:\program files\Quicken\bagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-28 05:43 57981568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2013-06-05 01:10 676608 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"QuickenScheduledUpdates"=c:\program files\Quicken\bagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R1 FNetDevi;FNetDevi;c:\program files\FNet\OTB\FNetDevi.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AvgAMPS;AvgAMPS;c:\program files\AVG\Av\avgamps.exe [2015-10-30 595376]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-07 1343400]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-06-04 219136]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-06-05 291840]
R4 ASGT;ASGT;c:\windows\System32\ASGT.exe [2012-01-17 55296]
R4 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 134512]
R4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 134512]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2014-11-07 5738528]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-19 14624]
R4 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-12-21 81920]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-08-20 231344]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-08-14 308656]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-08-10 36784]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-08-10 156080]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-10-19 256432]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-08-14 31664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Av\avgidsagent.exe [2015-10-30 3815648]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2015-11-12 862632]
S2 avgwd;AVG WatchDog;c:\program files\AVG\Av\avgwdsvcx.exe [2015-10-30 579776]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-07-27 24888]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-04-24 79872]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2015-11-13 47360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-25 09:45 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13 17:05]
.
2015-11-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 18:54]
.
2015-11-24 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 18:54]
.
2015-11-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
- c:\users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe [2015-11-21 02:24]
.
2015-11-24 c:\windows\Tasks\G2MUploadTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
- c:\users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe [2015-11-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
mStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearchAssistant = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-ANIWZCS2Service - c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2015\avgui.exe
MSConfigStartUp-D-Link D-Link RangeBooster N DWA-140 - c:\program files\D-Link\DWA-140 revB\AirNCFG.exe
MSConfigStartUp-join.me - c:\users\thom hp extra\AppData\Local\join.me.launcher\join.me.launcher.exe
MSConfigStartUp-OTB - c:\program files\FNet\OTB\OTB.exe
MSConfigStartUp-vidontray - c:\program files\SafeDVDCopy and VidOnServer\VidOn Server 2\vidontray.exe
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
MSConfigStartUp-WZCSLDR2 - c:\program files\D-Link\DWA-140 revB\WZCSLDR2.exe
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{EB9F0BA9-D6F0-4DA2-AFD7-AF6E5E6CAC69}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{EB9F0BA9-D6F0-4DA2-AFD7-AF6E5E6CAC69}\NVI2.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\Av\avgrsx.exe
c:\program files\AVG\Av\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\AVG\Av\avgnsx.exe
c:\program files\AVG\Av\avgemcx.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-11-24 13:46:55 - machine was rebooted
ComboFix-quarantined-files.txt 2015-11-24 19:46
.
Pre-Run: 365,109,379,072 bytes free
Post-Run: 368,659,537,920 bytes free
.
- - End Of File - - 9AE6108C7AB12AECAF8D2B9F15A1D58D
8F558EB6672622401DA993E1E865C861


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098
Run by thom hp extra at 14:03:40 on 2015-11-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.484 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\conhost.exe
C:\ComboFix\CF8714.3XE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Windows\regedit.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\SeaMonkey\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
mStart Page = hxxp://www.safesear.ch/?type=20151108-230-ie
uSearchAssistant = hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [MalwareProtectionLive] c:\users\thom hp extra\appdata\local\malwareprotectionlive\MalwareProtectionClient.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\acrobat reader dc\esl\AiodLite.dll",CreateReaderUserSettings
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-10-21 192944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-8-10 36784]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2014-3-28 12800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-8-10 156080]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-10-19 256432]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-8-14 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\av\avgidsagent.exe [2015-10-30 3815648]
R2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-11-12 862632]
R2 avgwd;AVG WatchDog;c:\program files\avg\av\avgwdsvcx.exe [2015-10-30 579776]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hewlett-packard\hp support solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 24888]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-3-1 5702416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-2-11 79872]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S3 AvgAMPS;AvgAMPS;c:\program files\avg\av\avgamps.exe [2015-10-30 595376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-11-11 102912]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2014-3-28 750592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-9-29 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-9-29 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-6 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-6-4 219136]
S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2013-6-4 291840]
S4 ASGT;ASGT;c:\windows\system32\ASGT.exe [2012-1-17 55296]
S4 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-11-7 5738528]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-9-18 14624]
S4 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-24 19:42:00 -------- d-----w- C:\$RECYCLE.BIN
2015-11-24 19:13:38 -------- d-----w- C:\ComboFix
2015-11-24 17:24:05 98816 ----a-w- c:\windows\sed.exe
2015-11-24 17:24:05 256000 ----a-w- c:\windows\PEV.exe
2015-11-24 17:24:05 208896 ----a-w- c:\windows\MBR.exe
2015-11-16 03:18:37 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35:04 -------- d-----w- c:\users\thom hp extra\appdata\local\iSkysoft
2015-11-16 02:34:58 -------- d-----w- c:\program files\common files\iSkysoft
2015-11-16 02:34:10 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34:10 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34:10 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34:10 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34:10 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34:10 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33:40 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Movavi
2015-11-16 02:26:37 -------- d-----w- c:\users\thom hp extra\appdata\local\VideoEditor
2015-11-16 02:25:04 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16:21 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41:35 -------- d-----w- c:\users\thom hp extra\appdata\local\CEF
2015-11-15 15:27:02 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01:50 -------- d-----w- c:\users\thom hp extra\appdata\local\Tempfolder
2015-11-15 15:01:11 -------- d-----w- C:\uninst
2015-11-15 15:01:06 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00:58 -------- d-----w- c:\users\thom hp extra\appdata\roaming\System Healer
2015-11-15 15:00:48 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00:34 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58:06 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56:38 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Opera Software
2015-11-15 14:36:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Opera Software
2015-11-15 14:34:15 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:29:54 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29:52 -------- d-----w- c:\users\thom hp extra\appdata\roaming\mystartsearch
2015-11-15 14:25:37 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25:12 -------- d-----w- c:\users\thom hp extra\appdata\local\Crossbrowse
2015-11-15 14:22:42 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22:02 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20:51 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16:31 -------- d-----w- c:\users\thom hp extra\appdata\local\globalUpdate
2015-11-15 14:16:31 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16:05 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15:05 -------- d-----w- c:\users\thom hp extra\appdata\roaming\RunDir
2015-11-15 14:15:02 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NetService
2015-11-15 14:14:53 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Note-UP
2015-11-15 14:11:25 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10:01 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NUIns
2015-11-15 14:10:01 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:04:07 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40:43 -------- d-----w- c:\users\thom hp extra\appdata\roaming\InstantSupport
2015-11-15 11:40:37 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40:37 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40:34 -------- d-----w- c:\users\thom hp extra\appdata\roaming\PCAcceleratePro
2015-11-15 11:40:29 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40:24 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45:45 -------- d-----w- c:\program files\Nero
2015-11-15 01:45:21 -------- d-----w- c:\programdata\Nero
2015-11-13 20:25:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18:27 47360 ----a-w- c:\users\thom hp extra\appdata\roaming\pcouffin.sys
2015-11-13 02:18:17 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18:17 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18:17 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18:15 -------- d-----w- c:\program files\VSO
2015-11-12 09:49:36 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02:24 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02:24 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02:24 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02:24 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02:03 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 14:02:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-09 03:26:12 -------- d-----w- c:\users\thom hp extra\appdata\roaming\uTorrent
2015-11-09 02:58:35 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57:46 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54:16 -------- d-----w- c:\users\thom hp extra\appdata\local\Component
2015-11-09 02:53:54 -------- d-----w- c:\users\thom hp extra\appdata\local\intmanager
2015-11-09 02:53:46 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51:53 -------- d-----w- c:\users\thom hp extra\appdata\local\Fast Browser
.
==================== Find3M ====================
.
2015-11-19 17:05:07 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05:07 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-30 22:58:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 22:58:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 22:47:08 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- c:\windows\system32\html.iec
2015-10-30 22:44:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 22:36:30 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 22:36:25 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 22:31:22 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 22:23:51 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:16:43 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-20 17:46:02 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 17:46:02 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 17:46:02 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 17:45:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 17:45:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 17:45:08 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-19 14:06:02 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24:00 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-08 13:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-09-18 17:47:06 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44:35 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44:34 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44:30 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44:26 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35:49 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000072
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys partmgr.sys volmgr.sys fvevol.sys volsnap.sys Ntfs.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys USBPORT.SYS usbohci.sys ctoss2k.sys ctaud2k.sys hap16v2k.sys ha10kx2k.sys amdk8.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys mouclass.sys usbhub.sys ndis.sys usbehci.sys nvmf6232.sys anodlwf.sys rspndr.sys tcpip.sys NETIO.SYS tdx.sys avgtdix.sys afd.sys pacer.sys rassstp.sys watchdog.sys rdyboost.sys fltmgr.sys fileinfo.sys Wdf01000.sys USBSTOR.SYS
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
c:\windows\system32\drivers\atikmpag.sys Advanced Micro Devices, Inc. AMD driver
c:\windows\system32\drivers\atikmdag.sys Advanced Micro Devices, Inc. ATI Radeon Family
c:\windows\system32\drivers\ctoss2k.sys Creative Technology Ltd. Creative Audio Product
c:\windows\system32\drivers\ctaud2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\hap16v2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\ha10kx2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\nvmf6232.sys NVIDIA Corporation NVIDIA Networking Driver
c:\windows\system32\drivers\anodlwf.sys Filter Driver
c:\windows\system32\drivers\avgtdix.sys AVG Technologies CZ, s.r.o. AVG Internet Security
1 ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\Harddisk0\DR0[0x860B4030]
3 CLASSPNP[0x891A359E] -> ntkrnlpa!IofCallDriver[0x83037D19] -> [0x859EBE00]
5 ACPI[0x8376C3D4] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\00000071[0x859E4030]
7 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
9 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-5[0x873B4030]
11 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-0[0x86D1C028]
13 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
15 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-5[0x873B4030]
17 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-0[0x86D1C028]
19 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
21 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
23 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
25 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
27 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
29 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
31 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
33 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
35 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
37 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
39 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
41 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
43 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
45 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
47 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
49 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
51 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
53 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
55 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
57 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
59 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
61 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
63 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
65 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
67 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
69 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
71 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
73 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
75 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
77 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
79 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
81 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
83 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
85 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
87 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
89 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
91 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
93 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
95 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
97 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
99 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
101 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
103 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
105 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
107 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
109 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
111 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
113 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
115 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
117 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
119 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
121 USBSTOR[0x90AEE04A] -> ntkrnlpa!IofCallDriver[0x83037D19]
123 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
125 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
127 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
129 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
131 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
133 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
135 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
137 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
139 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
141 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
143 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
145 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
147 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
149 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
151 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
153 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
155 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
157 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
159 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
161 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
163 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
165 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
167 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
169 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
171 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
173 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
175 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
177 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
179 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
181 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
183 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
185 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
187 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
189 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
191 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
193 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
195 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
197 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
199 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
201 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
203 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
205 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
207 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
============= FINISH: 14:04:08.56 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 5:06:24 PM
System Uptime: 11/24/2015 1:40:05 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket AM2 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 343.283 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 9.722 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 456.988 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: FNetDevi
Device ID: ROOT\LEGACY_FNETDEVI\0000
Manufacturer:
Name: FNetDevi
PNP Device ID: ROOT\LEGACY_FNETDEVI\0000
Service: FNetDevi
.
==== System Restore Points ===================
.
RP178: 11/21/2015 5:08:00 AM - Removed ASUS Product Register Program
RP179: 11/24/2015 11:24:23 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBulkMailer
Adobe Acrobat Reader DC
Adobe Flash Player 19 NPAPI
Adobe Refresh Manager
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
ASUS GPU Tweak
AVG
AVG 2016
AVG Protection
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility
CCC Help English
CDBurnerXP
ConvertXtoDVD 2.2.3.258
Dropbox
Dropbox Update Helper
Fitbit Connect
FMW 1
Google Chrome
Google Update Helper
GoToMeeting 7.6.0.4007
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iSkysoft Video Editor(Build 4.7.2)
join.me
Kodi
Lead Tools Direct 297 Club
Malware Protection Live
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Native Client
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movavi Video Editor 11
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Extractor
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Install Application
NVIDIA Update Components
Picasa 3
Quicken 2014
Revo Uninstaller 1.94
Sage ACT! Premium 2011
SeaMonkey 2.39 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition
Skype™ 7.12
SUPERAntiSpyware
TeamViewer 10
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
WinRAR 5.21 (32-bit)
World Community Grid
.
==== Event Viewer Messages From Past Week ========
.
11/24/2015 1:41:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNetDevi
11/24/2015 1:29:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/22/2015 3:45:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
11/22/2015 3:43:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
11/17/2015 6:27:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
.
==== End Of File ===========================
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » November 25th, 2015, 1:15 pm

Hi,

Please download AdwCleaner by Xplode onto your desktop.
  • Right click on AdwCleaner.exe and select 'run as administrator' to run the tool.
  • Click on Scan.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » November 26th, 2015, 9:32 am

# AdwCleaner v5.022 - Logfile created 26/11/2015 at 07:12:01
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : thom hp extra - MAINCOMPUTER1
# Running from : C:\Users\thom hp extra\Downloads\AdwCleaner(1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\globalUpdate
[-] Folder Deleted : C:\Program Files\jZip
[-] Folder Deleted : C:\Program Files\BubbleSound
[-] Folder Deleted : C:\Program Files\Crossbrowse
[-] Folder Deleted : C:\Program Files\MovieDea
[-] Folder Deleted : C:\Program Files\TweakBit
[-] Folder Deleted : C:\Program Files\jogotempo
[-] Folder Deleted : C:\Program Files\SystemManager
[-] Folder Deleted : C:\Program Files\6061D900-1447596601-1012-BABF-809E7CA4452D
[-] Folder Deleted : C:\Program Files\SwiftSearch_1.10.0.25
[!] Folder Not Deleted : C:\Program Files\BubbleSound
[-] Folder Deleted : C:\Program Files\CinemaPlus_1.3dV13.11
[-] Folder Deleted : C:\Program Files\CinePlus-1.44V09.11
[!] Folder Not Deleted : C:\Program Files\Crossbrowse
[-] Folder Deleted : C:\Program Files\shopperz151120151549
[!] Folder Not Deleted : C:\Program Files\shopperz151120151549
[-] Folder Deleted : C:\ProgramData\MovieDeaConfig
[-] Folder Deleted : C:\ProgramData\TweakBit
[#] Folder Deleted : C:\ProgramData\mntemp
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\UWMiniProU
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\MalwareProtectionLive
[!] Folder Not Deleted : C:\Users\thom hp extra\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\6061D900-1447575085-1012-BABF-809E7CA4452D
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\6061D900-1447576454-1012-BABF-809E7CA4452D
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[!] Folder Not Deleted : C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[!] Folder Not Deleted : C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\mystartsearch
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\NUIns
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\Note-up
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\RunDir
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\NetService
[-] Folder Deleted : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
[-] Folder Deleted : C:\Windows\system32\Tasks\TweakBit
[!] Folder Not Deleted : C:\Windows\system32\Tasks\TweakBit

***** [ Files ] *****

[-] File Deleted : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File Deleted : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
[-] File Deleted : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
[-] Shortcut Disinfected : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\thom hp extra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MalwareProtectionLive]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SecuredDownload
[-] Key Deleted : HKCU\Software\CoinisRS
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\OMX_Media
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29DE919F-8AC5-4005-B3BA-D539F060E452}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safesear.ch

***** [ Web browsers ] *****

[-] [C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8140 bytes] ##########
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » November 27th, 2015, 8:21 am

Hi,

Please run DDS again and post back its log. How's the system running?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » November 27th, 2015, 2:59 pm

much better

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 5:06:24 PM
System Uptime: 11/26/2015 5:00:25 PM (19 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBulkMailer
Adobe Acrobat Reader DC
Adobe Flash Player 19 NPAPI
Adobe Refresh Manager
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
ASUS GPU Tweak
AVG
AVG 2016
AVG Protection
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility
CCC Help English
CDBurnerXP
ConvertXtoDVD 2.2.3.258
Dropbox
Dropbox Update Helper
Fitbit Connect
FMW 1
Google Chrome
Google Update Helper
GoToMeeting 7.6.0.4007
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iSkysoft Video Editor(Build 4.7.2)
join.me
Kodi
Lead Tools Direct 297 Club
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Native Client
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movavi Video Editor 11
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Extractor
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Install Application
NVIDIA Update Components
Picasa 3
Quicken 2014
Revo Uninstaller 1.94
Sage ACT! Premium 2011
SeaMonkey 2.39 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition
Skype™ 7.12
SUPERAntiSpyware
TeamViewer 10
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
WinRAR 5.21 (32-bit)
World Community Grid
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098
Run by thom hp extra at 12:46:07 on 2015-11-27
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.14_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\Microsoft Games\chess\chess.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\acrobat reader dc\esl\AiodLite.dll",CreateReaderUserSettings
.
============= SERVICES / DRIVERS ===============
.
R? !SASCORE;SAS Core Service
R? AMD External Events Utility;AMD External Events Utility
R? AMD FUEL Service;AMD FUEL Service
R? ASGT;ASGT
R? AvgAMPS;AvgAMPS
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dbupdate;Dropbox Update Service (dbupdate)
R? dbupdatem;Dropbox Update Service (dbupdatem)
R? dmvsc;dmvsc
R? Fitbit Connect;Fitbit Connect Service
R? FNetDevi;FNetDevi
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? IntuitUpdateServiceV4;Intuit Update Service v4
R? netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Sage ACT! Scheduler;Sage ACT! Scheduler
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? anodlwf;ANOD Network Security Filter driver
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? Avgdiskx;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? avgsvc;AVG Service
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? DiagTrack;Diagnostics Tracking Service
S? hcw18bda;Hauppauge WinTV 418 Driver
S? HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? TeamViewer;TeamViewer 10
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-26 01:02:34 -------- d-----w- C:\AdwCleaner
2015-11-24 19:42:00 -------- d-----w- C:\$RECYCLE.BIN
2015-11-24 19:13:38 -------- d-----w- C:\ComboFix
2015-11-24 17:24:05 98816 ----a-w- c:\windows\sed.exe
2015-11-24 17:24:05 256000 ----a-w- c:\windows\PEV.exe
2015-11-24 17:24:05 208896 ----a-w- c:\windows\MBR.exe
2015-11-16 03:18:37 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35:04 -------- d-----w- c:\users\thom hp extra\appdata\local\iSkysoft
2015-11-16 02:34:58 -------- d-----w- c:\program files\common files\iSkysoft
2015-11-16 02:34:10 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34:10 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34:10 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34:10 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34:10 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34:10 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33:40 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Movavi
2015-11-16 02:26:37 -------- d-----w- c:\users\thom hp extra\appdata\local\VideoEditor
2015-11-16 02:25:04 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16:21 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41:35 -------- d-----w- c:\users\thom hp extra\appdata\local\CEF
2015-11-15 15:01:50 -------- d-----w- c:\users\thom hp extra\appdata\local\Tempfolder
2015-11-15 15:01:11 -------- d-----w- C:\uninst
2015-11-15 15:00:58 -------- d-----w- c:\users\thom hp extra\appdata\roaming\System Healer
2015-11-15 14:36:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Opera Software
2015-11-15 14:36:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Opera Software
2015-11-15 14:25:37 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:04:07 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40:43 -------- d-----w- c:\users\thom hp extra\appdata\roaming\InstantSupport
2015-11-15 11:40:37 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40:37 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40:34 -------- d-----w- c:\users\thom hp extra\appdata\roaming\PCAcceleratePro
2015-11-15 11:40:29 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40:24 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45:45 -------- d-----w- c:\program files\Nero
2015-11-15 01:45:21 -------- d-----w- c:\programdata\Nero
2015-11-13 20:25:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18:27 47360 ----a-w- c:\users\thom hp extra\appdata\roaming\pcouffin.sys
2015-11-13 02:18:17 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18:17 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18:17 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18:15 -------- d-----w- c:\program files\VSO
2015-11-12 09:49:36 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02:24 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02:24 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02:24 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02:24 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02:03 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 14:02:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-09 03:26:12 -------- d-----w- c:\users\thom hp extra\appdata\roaming\uTorrent
2015-11-09 02:58:35 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57:46 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54:16 -------- d-----w- c:\users\thom hp extra\appdata\local\Component
2015-11-09 02:53:54 -------- d-----w- c:\users\thom hp extra\appdata\local\intmanager
2015-11-09 02:53:46 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51:53 -------- d-----w- c:\users\thom hp extra\appdata\local\Fast Browser
.
==================== Find3M ====================
.
2015-11-19 17:05:07 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05:07 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-30 22:58:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 22:58:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 22:47:08 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- c:\windows\system32\html.iec
2015-10-30 22:44:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 22:36:30 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 22:36:25 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 22:31:22 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 22:23:51 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:16:43 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-20 17:46:02 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 17:46:02 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 17:46:02 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 17:45:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 17:45:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 17:45:08 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-19 14:06:02 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24:00 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-08 13:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-09-18 17:47:06 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44:35 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44:34 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44:30 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44:26 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35:49 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000072
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys win32k.sys
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x83043D19] -> \Device\Harddisk0\DR0[0x862B4A78]
3 CLASSPNP[0x8939459E] -> ntkrnlpa!IofCallDriver[0x83043D19] -> [0x85BE9B40]
5 ACPI[0x837753D4] -> ntkrnlpa!IofCallDriver[0x83043D19] -> \Device\00000071[0x85BE2C68]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
============= FINISH: 12:52:49.66 ===============
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » November 28th, 2015, 6:33 pm

Good. If there are no other issues left, it's time to secure your system to prevent against further intrusions.

Let's uninstall AdwCleaner:
  • Right click on adwcleaner.exe and select 'run as administrator' to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

Next, let's uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. It should be run regularly to find out about outdated software.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » November 30th, 2015, 3:53 pm

comp running good but i have an Error code 475. can you help with that???
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » December 1st, 2015, 10:13 am

Hi,
thom15 wrote:comp running good but i have an Error code 475. can you help with that???

Where is this error appearing?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » December 2nd, 2015, 11:34 am

the error is in my email

Sorry, we were unable to deliver your message to the following address.

<***@yahoo.com>:
Error code 475: Suspicious activity was detected on your account

--- Below this line is a copy of the message.

<edited out>
Last edited by Blade81 on December 2nd, 2015, 1:08 pm, edited 1 time in total.
Reason: Removed email details to prevent spam.
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm

Re: slow pc email lots of Failure Notice

Unread postby Blade81 » December 2nd, 2015, 1:12 pm

Hi,

I've edited out the email details since it contained email addresses and other sensitive info that bad people can misuse for spamming.

Do you recognize trying sending an email with that link mentioned in the error message? I assume your email provider is Yahoo. Is this correct?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: slow pc email lots of Failure Notice

Unread postby thom15 » December 5th, 2015, 11:51 am

yes
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware