ComboFix 15-11-23.01 - thom hp extra 11/24/2015 13:18:00.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.514 [GMT -6:00]
Running from: c:\users\thom hp extra\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents.lnk
C:\Music.lnk
C:\New Folder.lnk
C:\Passwords.lnk
C:\Pictures.lnk
c:\programdata\81190BEC1B.sys
c:\programdata\ntuser.pol
c:\users\thom hp extra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpethbek.dll
c:\users\thom hp extra\AppData\Roaming\985
c:\users\thom hp extra\AppData\Roaming\inst.exe
c:\users\thom hp extra\Desktop\Setup.exe
c:\users\THOMHP~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpethbek.dll
C:\Video.lnk
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-10-24 to 2015-11-24 )))))))))))))))))))))))))))))))
.
.
2015-11-24 19:38 . 2015-11-24 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-11-24 19:38 . 2015-11-24 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-16 03:18 . 2015-11-16 03:18 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35 . 2015-11-16 02:35 -------- d-----w- c:\users\thom hp extra\AppData\Local\iSkysoft
2015-11-16 02:34 . 2015-11-16 02:34 -------- d-----w- c:\program files\Common Files\iSkysoft
2015-11-16 02:34 . 2015-07-30 15:57 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34 . 2015-07-30 15:57 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34 . 2015-07-30 15:57 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34 . 2015-07-30 15:57 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34 . 2015-07-30 15:57 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34 . 2015-07-30 15:57 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33 . 2015-11-16 02:33 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26 . 2015-11-16 02:26 -------- d-----w- c:\users\thom hp extra\AppData\Local\Movavi
2015-11-16 02:26 . 2015-11-16 02:26 -------- d-----w- c:\users\thom hp extra\AppData\Local\VideoEditor
2015-11-16 02:25 . 2015-11-16 02:25 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16 . 2015-11-16 02:16 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41 . 2015-11-15 15:41 -------- d-----w- c:\users\thom hp extra\AppData\Local\CEF
2015-11-15 15:27 . 2015-11-15 15:27 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01 . 2015-11-15 15:02 -------- d-----w- c:\users\thom hp extra\AppData\Local\Tempfolder
2015-11-15 15:01 . 2015-11-15 15:01 -------- d-----w- C:\uninst
2015-11-15 15:01 . 2015-11-15 15:51 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00 . 2015-11-15 15:25 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\System Healer
2015-11-15 15:00 . 2015-11-15 15:00 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00 . 2015-11-15 15:48 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58 . 2015-11-15 15:48 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56 . 2015-11-15 15:51 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36 . 2015-11-15 14:36 -------- d-----w- c:\users\thom hp extra\AppData\Local\Opera Software
2015-11-15 14:36 . 2015-11-15 14:36 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Opera Software
2015-11-15 14:34 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:31 . 2015-11-15 14:31 -------- d-----w- c:\users\Default\AppData\Local\Google
2015-11-15 14:29 . 2015-11-15 15:51 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29 . 2015-11-15 14:29 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\mystartsearch
2015-11-15 14:28 . 2015-11-15 15:48 -------- d-----w- c:\program files\Opera
2015-11-15 14:26 . 2015-11-15 14:26 -------- d-----w- c:\users\Default\AppData\Local\Food Comp
2015-11-15 14:25 . 2015-11-15 14:25 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25 . 2015-11-15 14:25 -------- d-----w- c:\users\thom hp extra\AppData\Local\Crossbrowse
2015-11-15 14:22 . 2015-11-15 15:51 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22 . 2015-11-15 14:22 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20 . 2015-11-15 14:20 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16 . 2015-11-15 14:16 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16 . 2015-11-15 14:16 -------- d-----w- c:\users\thom hp extra\AppData\Local\globalUpdate
2015-11-15 14:16 . 2015-11-15 15:51 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15 . 2015-11-15 14:15 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\RunDir
2015-11-15 14:15 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\NetService
2015-11-15 14:14 . 2015-11-15 15:48 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12 . 2015-11-15 14:53 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Note-UP
2015-11-15 14:11 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10 . 2015-11-15 15:48 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:10 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\NUIns
2015-11-15 14:04 . 2015-11-15 15:51 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\InstantSupport
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40 . 2015-11-15 11:40 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 15:48 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40 . 2015-11-15 11:40 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45 . 2015-11-15 01:50 -------- d-----w- c:\program files\Nero
2015-11-15 01:45 . 2015-11-15 01:54 -------- d-----w- c:\programdata\Nero
2015-11-13 20:26 . 2015-11-15 16:08 -------- d-----w- c:\program files\Common Files\LightScribe
2015-11-13 20:25 . 2010-05-26 17:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22 . 2010-05-26 17:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18 . 2015-11-13 02:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18 . 2015-11-13 02:18 47360 ----a-w- c:\users\thom hp extra\AppData\Roaming\pcouffin.sys
2015-11-13 02:18 . 2015-11-13 02:21 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\Vso
2015-11-13 02:18 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18 . 2015-11-13 02:18 -------- d-----w- c:\program files\VSO
2015-11-12 09:49 . 2015-11-03 17:46 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02 . 2015-10-13 16:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 14:02 . 2015-10-13 16:31 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-09 03:26 . 2015-11-21 11:36 -------- d-----w- c:\users\thom hp extra\AppData\Roaming\uTorrent
2015-11-09 02:58 . 2015-11-09 02:58 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57 . 2015-11-09 02:58 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54 . 2015-11-09 02:54 -------- d-----w- c:\users\thom hp extra\AppData\Local\Component
2015-11-09 02:53 . 2015-11-09 02:53 -------- d-----w- c:\users\thom hp extra\AppData\Local\intmanager
2015-11-09 02:53 . 2015-11-09 02:58 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51 . 2015-11-09 02:51 -------- d-----w- c:\users\thom hp extra\AppData\Local\Fast Browser
2015-10-28 20:09 . 2015-10-28 20:09 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-20 11:24 . 2015-03-23 11:50 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-11-20 11:24 . 2015-03-23 11:50 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-11-20 10:22 . 2015-03-25 11:32 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-11-19 17:05 . 2015-02-13 21:01 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05 . 2015-02-13 21:01 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-29 17:49 . 2015-11-11 14:02 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 14:02 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 14:02 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 14:02 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 14:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24 . 2015-10-21 22:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-21 22:14 . 2015-10-21 22:14 192944 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-10-19 14:06 . 2015-10-19 14:06 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24 . 2015-10-13 10:24 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29 . 2015-10-13 07:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-08 13:48 . 2015-10-08 13:48 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-02 19:17 . 2015-10-02 19:17 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-10-02 19:17 . 2015-10-02 19:17 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-10-01 17:50 . 2015-10-14 01:17 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50 . 2015-10-14 01:17 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50 . 2015-10-14 01:17 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50 . 2015-10-14 01:17 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-14 01:17 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53 . 2015-10-14 01:17 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 17:47 . 2015-10-14 21:17 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44 . 2015-10-14 21:17 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44 . 2015-10-14 21:17 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44 . 2015-10-14 21:17 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44 . 2015-10-14 21:17 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44 . 2015-10-14 21:17 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35 . 2015-10-14 21:17 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48 . 2015-09-08 21:49 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-08 21:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-08 21:49 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-08 21:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33 . 2015-09-08 21:49 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58 . 2015-09-08 21:50 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-08 21:50 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-08 21:50 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 21:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-11-04 23:46 198464 ----a-w- c:\program files\Dropbox\Client\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-03-25 3909264]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-03-25 71312]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2015-11-04 36713096]
"AVG_UI"="c:\program files\AVG\Av\avgui.exe" [2015-10-30 3826600]
"MalwareProtectionLive"="c:\users\thom hp extra\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe" [2015-11-05 851488]
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" [2015-11-12 1136552]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-09-12 2080768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage ACT! Outlook Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage ACT! Outlook Sync.lnk
backup=c:\windows\pss\Sage ACT! Outlook Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2010-12-21 21:35 337224 ----a-w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2010-12-21 20:25 28672 ----a-w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2014-03-25 22:33 3909264 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2014-03-25 22:33 71312 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 18:32 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 18:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
2015-11-04 23:50 36713096 ----a-w- c:\program files\Dropbox\Client\Dropbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fitbit Connect]
2014-11-07 20:25 4369952 ----a-r- c:\program files\Fitbit Connect\Fitbit Connect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Officejet Pro 8600 (NET)]
2012-10-17 09:05 1837672 ----a-w- c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 19:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
2013-06-05 00:27 389120 ----a-w- c:\program files\ATI Technologies\HydraVision\HydraDM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2015-03-25 18:16 77104 ----a-w- c:\program files\Quicken\bagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-28 05:43 57981568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2013-06-05 01:10 676608 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"QuickenScheduledUpdates"=c:\program files\Quicken\bagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R1 FNetDevi;FNetDevi;c:\program files\FNet\OTB\FNetDevi.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AvgAMPS;AvgAMPS;c:\program files\AVG\Av\avgamps.exe [2015-10-30 595376]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-07 1343400]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-06-04 219136]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-06-05 291840]
R4 ASGT;ASGT;c:\windows\System32\ASGT.exe [2012-01-17 55296]
R4 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 134512]
R4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 134512]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2014-11-07 5738528]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-19 14624]
R4 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [2010-12-21 81920]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-08-20 231344]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-08-14 308656]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-08-10 36784]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-08-10 156080]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-10-19 256432]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-08-14 31664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-10-21 229296]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-10-08 231856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Av\avgidsagent.exe [2015-10-30 3815648]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2015-11-12 862632]
S2 avgwd;AVG WatchDog;c:\program files\AVG\Av\avgwdsvcx.exe [2015-10-30 579776]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-07-27 24888]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-04-24 79872]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2015-11-13 47360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-25 09:45 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13 17:05]
.
2015-11-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 18:54]
.
2015-11-24 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-07-12 18:54]
.
2015-11-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
- c:\users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe [2015-11-21 02:24]
.
2015-11-24 c:\windows\Tasks\G2MUploadTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
- c:\users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe [2015-11-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.safesear.ch/?type=20151108-230-iemStart Page =
hxxp://www.safesear.ch/?type=20151108-230-ieuSearchAssistant =
hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-ANIWZCS2Service - c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2015\avgui.exe
MSConfigStartUp-D-Link D-Link RangeBooster N DWA-140 - c:\program files\D-Link\DWA-140 revB\AirNCFG.exe
MSConfigStartUp-join.me - c:\users\thom hp extra\AppData\Local\join.me.launcher\join.me.launcher.exe
MSConfigStartUp-OTB - c:\program files\FNet\OTB\OTB.exe
MSConfigStartUp-vidontray - c:\program files\SafeDVDCopy and VidOnServer\VidOn Server 2\vidontray.exe
MSConfigStartUp-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
MSConfigStartUp-WZCSLDR2 - c:\program files\D-Link\DWA-140 revB\WZCSLDR2.exe
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{EB9F0BA9-D6F0-4DA2-AFD7-AF6E5E6CAC69}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{EB9F0BA9-D6F0-4DA2-AFD7-AF6E5E6CAC69}\NVI2.DLL
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\Av\avgrsx.exe
c:\program files\AVG\Av\avgcsrvx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\AVG\Av\avgnsx.exe
c:\program files\AVG\Av\avgemcx.exe
c:\windows\system32\sppsvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2015-11-24 13:46:55 - machine was rebooted
ComboFix-quarantined-files.txt 2015-11-24 19:46
.
Pre-Run: 365,109,379,072 bytes free
Post-Run: 368,659,537,920 bytes free
.
- - End Of File - - 9AE6108C7AB12AECAF8D2B9F15A1D58D
8F558EB6672622401DA993E1E865C861
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098
Run by thom hp extra at 14:03:40 on 2015-11-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.484 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\conhost.exe
C:\ComboFix\CF8714.3XE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Windows\regedit.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\SeaMonkey\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://www.safesear.ch/?type=20151108-230-iemStart Page =
hxxp://www.safesear.ch/?type=20151108-230-ieuSearchAssistant =
hxxp://www.safesear.ch/web/?type=201511 ... e-ie-df&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [MalwareProtectionLive] c:\users\thom hp extra\appdata\local\malwareprotectionlive\MalwareProtectionClient.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\acrobat reader dc\esl\AiodLite.dll",CreateReaderUserSettings
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-10-21 192944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-8-10 36784]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2014-3-28 12800]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-8-10 156080]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-10-19 256432]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-8-14 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\av\avgidsagent.exe [2015-10-30 3815648]
R2 avgsvc;AVG Service;c:\program files\avg\framework\common\avgsvcx.exe [2015-11-12 862632]
R2 avgwd;AVG WatchDog;c:\program files\avg\av\avgwdsvcx.exe [2015-10-30 579776]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hewlett-packard\hp support solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 24888]
R2 TeamViewer;TeamViewer 10;c:\program files\teamviewer\TeamViewer_Service.exe [2015-3-1 5702416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-2-11 79872]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
S3 AvgAMPS;AvgAMPS;c:\program files\avg\av\avgamps.exe [2015-10-30 595376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-11-11 102912]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2014-3-28 750592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-9-29 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-9-29 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-6 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-6-4 219136]
S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2013-6-4 291840]
S4 ASGT;ASGT;c:\windows\system32\ASGT.exe [2012-1-17 55296]
S4 dbupdate;Dropbox Update Service (dbupdate);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\dropbox\update\DropboxUpdate.exe [2015-7-12 134512]
S4 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-11-7 5738528]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-9-18 14624]
S4 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-12-21 81920]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2015-11-24 19:42:00 -------- d-----w- C:\$RECYCLE.BIN
2015-11-24 19:13:38 -------- d-----w- C:\ComboFix
2015-11-24 17:24:05 98816 ----a-w- c:\windows\sed.exe
2015-11-24 17:24:05 256000 ----a-w- c:\windows\PEV.exe
2015-11-24 17:24:05 208896 ----a-w- c:\windows\MBR.exe
2015-11-16 03:18:37 -------- d-----w- c:\programdata\iSkysoft
2015-11-16 02:35:04 -------- d-----w- c:\users\thom hp extra\appdata\local\iSkysoft
2015-11-16 02:34:58 -------- d-----w- c:\program files\common files\iSkysoft
2015-11-16 02:34:10 531496 ----a-w- c:\windows\system32\mcmpeg2mux.ax
2015-11-16 02:34:10 375848 ----a-w- c:\windows\system32\mcm2ve.ax
2015-11-16 02:34:10 257064 ----a-w- c:\windows\system32\mcl2ae.ax
2015-11-16 02:34:10 244776 ----a-w- c:\windows\system32\mcmpgaout.dll
2015-11-16 02:34:10 2140712 ----a-w- c:\windows\system32\mcmpgvout.004
2015-11-16 02:34:10 20520 ----a-w- c:\windows\system32\mcmpgvout.dll
2015-11-16 02:33:40 -------- d-----w- c:\program files\iSkysoft
2015-11-16 02:26:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Movavi
2015-11-16 02:26:37 -------- d-----w- c:\users\thom hp extra\appdata\local\VideoEditor
2015-11-16 02:25:04 -------- d-----w- c:\program files\Movavi Video Editor 11
2015-11-16 02:16:21 -------- d-----w- c:\programdata\Movavi Video Editor 11
2015-11-15 15:41:35 -------- d-----w- c:\users\thom hp extra\appdata\local\CEF
2015-11-15 15:27:02 -------- d-----w- c:\program files\SystemManager
2015-11-15 15:01:50 -------- d-----w- c:\users\thom hp extra\appdata\local\Tempfolder
2015-11-15 15:01:11 -------- d-----w- C:\uninst
2015-11-15 15:01:06 -------- d-----w- c:\program files\shopperz151120151549
2015-11-15 15:00:58 -------- d-----w- c:\users\thom hp extra\appdata\roaming\System Healer
2015-11-15 15:00:48 -------- d-----w- c:\programdata\MovieDeaConfig
2015-11-15 15:00:34 -------- d-----w- c:\program files\MovieDea
2015-11-15 14:58:06 -------- d-----w- c:\program files\SwiftSearch_1.10.0.25
2015-11-15 14:56:38 -------- d-----w- c:\program files\BubbleSound
2015-11-15 14:36:43 -------- d-----w- c:\users\thom hp extra\appdata\local\Opera Software
2015-11-15 14:36:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Opera Software
2015-11-15 14:34:15 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447576454-1012-BABF-809E7CA4452D
2015-11-15 14:29:54 -------- d-----w- c:\programdata\UWMiniProU
2015-11-15 14:29:52 -------- d-----w- c:\users\thom hp extra\appdata\roaming\mystartsearch
2015-11-15 14:25:37 -------- d-----w- c:\programdata\MegaBackup Corp
2015-11-15 14:25:12 -------- d-----w- c:\users\thom hp extra\appdata\local\Crossbrowse
2015-11-15 14:22:42 -------- d-----w- c:\program files\CinemaPlus_1.3dV13.11
2015-11-15 14:22:02 -------- d-----w- c:\program files\JZIP
2015-11-15 14:20:51 -------- d-----w- c:\program files\Crossbrowse
2015-11-15 14:16:31 -------- d-----w- c:\users\thom hp extra\appdata\local\globalUpdate
2015-11-15 14:16:31 -------- d-----w- c:\program files\globalUpdate
2015-11-15 14:16:05 -------- d-----w- c:\program files\CinePlus-1.44V09.11
2015-11-15 14:15:05 -------- d-----w- c:\users\thom hp extra\appdata\roaming\RunDir
2015-11-15 14:15:02 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NetService
2015-11-15 14:14:53 -------- d-----w- c:\program files\jogotempo
2015-11-15 14:12:17 -------- d-----w- c:\users\thom hp extra\appdata\roaming\Note-UP
2015-11-15 14:11:25 -------- d-----w- c:\users\thom hp extra\appdata\local\6061D900-1447575085-1012-BABF-809E7CA4452D
2015-11-15 14:10:01 -------- d-----w- c:\users\thom hp extra\appdata\roaming\NUIns
2015-11-15 14:10:01 -------- d-----w- c:\program files\6061D900-1447596601-1012-BABF-809E7CA4452D
2015-11-15 14:04:07 -------- d-----w- c:\program files\winnetlog
2015-11-15 11:40:43 -------- d-----w- c:\users\thom hp extra\appdata\roaming\InstantSupport
2015-11-15 11:40:37 -------- d-----w- c:\programdata\PCAcceleratePro
2015-11-15 11:40:37 -------- d-----w- c:\program files\InstantSupport
2015-11-15 11:40:34 -------- d-----w- c:\users\thom hp extra\appdata\roaming\PCAcceleratePro
2015-11-15 11:40:29 -------- d-----w- c:\program files\PCAcceleratePro
2015-11-15 11:40:24 -------- d-----w- c:\program files\PCAPDownloader
2015-11-15 01:45:45 -------- d-----w- c:\program files\Nero
2015-11-15 01:45:21 -------- d-----w- c:\programdata\Nero
2015-11-13 20:25:44 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-11-13 20:22:06 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2015-11-13 20:18:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2015-11-13 02:18:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2015-11-13 02:18:27 47360 ----a-w- c:\users\thom hp extra\appdata\roaming\pcouffin.sys
2015-11-13 02:18:17 217127 ----a-w- c:\windows\system32\drv43260.dll
2015-11-13 02:18:17 208935 ----a-w- c:\windows\system32\drv33260.dll
2015-11-13 02:18:17 176165 ----a-w- c:\windows\system32\drv23260.dll
2015-11-13 02:18:15 -------- d-----w- c:\program files\VSO
2015-11-12 09:49:36 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 14:02:24 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-11-11 14:02:24 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-11-11 14:02:24 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-11-11 14:02:24 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-11-11 14:02:03 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 14:02:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-09 03:26:12 -------- d-----w- c:\users\thom hp extra\appdata\roaming\uTorrent
2015-11-09 02:58:35 -------- d-----w- c:\program files\.Npackd
2015-11-09 02:57:46 -------- d-----w- c:\program files\NpackdDetected
2015-11-09 02:54:16 -------- d-----w- c:\users\thom hp extra\appdata\local\Component
2015-11-09 02:53:54 -------- d-----w- c:\users\thom hp extra\appdata\local\intmanager
2015-11-09 02:53:46 -------- d-----w- c:\programdata\Npackd
2015-11-09 02:51:53 -------- d-----w- c:\users\thom hp extra\appdata\local\Fast Browser
.
==================== Find3M ====================
.
2015-11-19 17:05:07 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-19 17:05:07 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-30 22:58:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-30 22:58:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-10-30 22:47:08 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- c:\windows\system32\html.iec
2015-10-30 22:44:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-10-30 22:36:30 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-10-30 22:36:25 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-10-30 22:31:22 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-10-30 22:23:51 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-30 22:16:43 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-21 22:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-20 17:46:02 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-10-20 17:46:02 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-10-20 17:46:02 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-10-20 17:45:27 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-10-20 17:45:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-10-20 17:45:08 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-19 14:06:02 256432 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-10-13 10:24:00 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-10-13 07:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-08 13:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-09-18 17:47:06 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 17:44:35 587776 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 17:44:34 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 17:44:30 423936 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 17:44:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 17:44:26 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 17:35:49 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000072
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys partmgr.sys volmgr.sys fvevol.sys volsnap.sys Ntfs.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys USBPORT.SYS usbohci.sys ctoss2k.sys ctaud2k.sys hap16v2k.sys ha10kx2k.sys amdk8.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys mouclass.sys usbhub.sys ndis.sys usbehci.sys nvmf6232.sys anodlwf.sys rspndr.sys tcpip.sys NETIO.SYS tdx.sys avgtdix.sys afd.sys pacer.sys rassstp.sys watchdog.sys rdyboost.sys fltmgr.sys fileinfo.sys Wdf01000.sys USBSTOR.SYS
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
c:\windows\system32\drivers\atikmpag.sys Advanced Micro Devices, Inc. AMD driver
c:\windows\system32\drivers\atikmdag.sys Advanced Micro Devices, Inc. ATI Radeon Family
c:\windows\system32\drivers\ctoss2k.sys Creative Technology Ltd. Creative Audio Product
c:\windows\system32\drivers\ctaud2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\hap16v2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\ha10kx2k.sys Creative Technology Ltd Creative Audio Product
c:\windows\system32\drivers\nvmf6232.sys NVIDIA Corporation NVIDIA Networking Driver
c:\windows\system32\drivers\anodlwf.sys Filter Driver
c:\windows\system32\drivers\avgtdix.sys AVG Technologies CZ, s.r.o. AVG Internet Security
1 ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\Harddisk0\DR0[0x860B4030]
3 CLASSPNP[0x891A359E] -> ntkrnlpa!IofCallDriver[0x83037D19] -> [0x859EBE00]
5 ACPI[0x8376C3D4] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\00000071[0x859E4030]
7 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
9 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-5[0x873B4030]
11 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-0[0x86D1C028]
13 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
15 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-5[0x873B4030]
17 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\USBPDO-0[0x86D1C028]
19 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19] -> \Device\0000007e[0x873AFD08]
21 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
23 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
25 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
27 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
29 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
31 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
33 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
35 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
37 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
39 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
41 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
43 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
45 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
47 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
49 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
51 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
53 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
55 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
57 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
59 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
61 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
63 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
65 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
67 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
69 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
71 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
73 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
75 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
77 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
79 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
81 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
83 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
85 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
87 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
89 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
91 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
93 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
95 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
97 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
99 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
101 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
103 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
105 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
107 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
109 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
111 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
113 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
115 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
117 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
119 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
121 USBSTOR[0x90AEE04A] -> ntkrnlpa!IofCallDriver[0x83037D19]
123 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
125 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
127 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
129 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
131 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
133 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
135 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
137 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
139 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
141 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
143 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
145 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
147 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
149 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
151 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
153 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
155 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
157 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
159 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
161 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
163 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
165 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
167 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
169 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
171 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
173 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
175 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
177 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
179 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
181 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
183 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
185 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
187 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
189 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
191 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
193 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
195 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
197 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
199 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
201 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
203 mouhid[0x90B2C78B] -> ntkrnlpa!IofCallDriver[0x83037D19]
205 hidusb[0x90B07391] -> ntkrnlpa!IofCallDriver[0x83037D19]
207 usbhub[0x902E4C88] -> ntkrnlpa!IofCallDriver[0x83037D19]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
============= FINISH: 14:04:08.56 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 5:06:24 PM
System Uptime: 11/24/2015 1:40:05 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket AM2 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 343.283 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 9.722 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 456.988 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: FNetDevi
Device ID: ROOT\LEGACY_FNETDEVI\0000
Manufacturer:
Name: FNetDevi
PNP Device ID: ROOT\LEGACY_FNETDEVI\0000
Service: FNetDevi
.
==== System Restore Points ===================
.
RP178: 11/21/2015 5:08:00 AM - Removed ASUS Product Register Program
RP179: 11/24/2015 11:24:23 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBulkMailer
Adobe Acrobat Reader DC
Adobe Flash Player 19 NPAPI
Adobe Refresh Manager
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
ASUS GPU Tweak
AVG
AVG 2016
AVG Protection
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility
CCC Help English
CDBurnerXP
ConvertXtoDVD 2.2.3.258
Dropbox
Dropbox Update Helper
Fitbit Connect
FMW 1
Google Chrome
Google Update Helper
GoToMeeting 7.6.0.4007
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Solutions Framework
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
iSkysoft Video Editor(Build 4.7.2)
join.me
Kodi
Lead Tools Direct 297 Club
Malware Protection Live
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Native Client
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movavi Video Editor 11
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Extractor
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Install Application
NVIDIA Update Components
Picasa 3
Quicken 2014
Revo Uninstaller 1.94
Sage ACT! Premium 2011
SeaMonkey 2.39 (x86 en-US)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition
Skype™ 7.12
SUPERAntiSpyware
TeamViewer 10
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x86 Redistributables
WinRAR 5.21 (32-bit)
World Community Grid
.
==== Event Viewer Messages From Past Week ========
.
11/24/2015 1:41:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNetDevi
11/24/2015 1:29:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/22/2015 3:45:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
11/22/2015 3:43:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
11/17/2015 6:27:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
.
==== End Of File ===========================