DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496
Run by Marybeth Giddings at 13:54:32 on 2015-01-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1882 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Data Deposit Box\nts.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Data Deposit Box\startup.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Data Deposit Box\starter.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Data Deposit Box\status.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Data Deposit Box\backup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Creative Cloud] "c:\program files\adobe\adobe creative cloud\acc\Creative Cloud.exe" --showwindow=false --onOSstartup=true
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kineticd.lnk - c:\program files\data deposit box\starter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2014\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://appldnld.apple.com.edgesuite.net ... plugin.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.2 97.64.183.164 97.64.209.37
TCP: Interfaces\{B6312458-0CCF-435B-BBB0-46B68DB04032} : NameServer = 97.64.183.164,97.64.209.67
TCP: Interfaces\{B6312458-0CCF-435B-BBB0-46B68DB04032} : DHCPNameServer = 192.168.1.2 97.64.183.164 97.64.209.37
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - c:\program files\intuit\quickbooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.91\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-7-20 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-12-20 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-6-17 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-6-17 414520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-6-9 172032]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-11 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-17 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-9 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-20 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-7-20 106488]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2014-4-14 100256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-9-18 47640]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2014-2-27 1248256]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-6-9 273448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-9 102912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2015-01-24 11:01:18 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4a00a93-31fe-4c54-ac5a-36be07d104b9}\offreg.dll
2015-01-24 02:49:28 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4a00a93-31fe-4c54-ac5a-36be07d104b9}\mpengine.dll
2015-01-22 16:33:26 -------- d-----w- c:\program files\ESET
2015-01-20 19:04:02 -------- d-----w- C:\FRST
2015-01-20 18:44:42 -------- d-----w- C:\AdwCleaner
2015-01-20 18:42:04 -------- d-----w- C:\RegBackup
2015-01-20 18:41:31 -------- d-----w- c:\program files\Tweaking.com
2015-01-13 22:11:00 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-13 22:10:58 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-13 22:10:54 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-13 22:10:53 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-13 22:10:48 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-13 22:10:43 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-31 15:43:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-12-31 15:25:10 -------- d-----r- c:\users\marybeth giddings\Creative Cloud Files
2014-12-31 15:22:37 -------- d-----w- c:\programdata\Package Cache
2014-12-29 17:23:59 -------- d-----w- c:\users\marybeth giddings\appdata\local\ElevatedDiagnostics
2014-12-29 15:15:31 -------- d-sh--w- c:\users\marybeth giddings\appdata\local\EmieBrowserModeList
2014-12-29 15:15:30 -------- d-sh--w- c:\users\marybeth giddings\appdata\local\EmieUserList
2014-12-29 15:15:30 -------- d-sh--w- c:\users\marybeth giddings\appdata\local\EmieSiteList
.
==================== Find3M ====================
.
2015-01-25 07:21:06 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 07:21:06 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-23 18:38:21 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-01-23 18:38:21 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2015-01-23 18:38:20 85864 ----a-w- c:\windows\system32\LMIinit.dll
2015-01-23 18:38:20 31592 ----a-w- c:\windows\system32\LMIport.dll
2015-01-06 10:36:02 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 03:33:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 19:46:25 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-19 10:31:16 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-04 14:14:20 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-11-04 14:14:19 85864 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-10-30 01:45:43 155136 ----a-w- c:\windows\system32\charmap.exe
2011-08-02 21:13:07 161720 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 13:55:12.29 ===============