Windows 7 SP1 64 bit
IE 11 and Chrome browsers
Today Avast kept telling me that it was blocking potentially malicious websites, but it did not find any infections. I also ran MBAM and SuperAntiSpyware, and the only things found were some registry entries and tracking cookies which I quarantined/deleted. PeerBlock 1.2 also shows tons of blocked incoming HTTP connections, even when all browsers, Steam, Origin, etc. are closed. I don't know what is causing these hits on Avast and Peerblock. (I never turned on HTTP blocking before in PeerBlock, so this may not be unusual behavior). RUBotted shows clean.
My IE options keep getting changed to block downloads, also.
In case it helps, early on, here are some logs from MBAM and dds,
Thanks!
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/1/2015
Scan Time: 10:10:03 AM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.01.02
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: michael
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436153
Time Elapsed: 8 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [72c49c569dec3501a32c954e6c98659b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e84e8f6377125dd9a6ced4935ea50ff1],
Registry Values: 2
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EECF410C-006C-4A05-AD13-6741A0814DBF}, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9],
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EECF410C-006C-4A05-AD13-6741A0814DBF}, Spam Free Search Toolbar, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.NewHB.A, C:\Users\michael\AppData\Local\newhb.crx, Quarantined, [8ea8f9f97a0f5bdb0d18baaa35ce12ee],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [64d26e84850462d49867f37154afb54b],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [8fa781718ffa74c24cb3adb7976c08f8],
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by michael at 20:51:13 on 2015-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2228 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
e:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\VMware\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\PeerBlock\peerblock.exe
C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
e:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
e:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
e:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uProxyServer = 198.204.238.254:8085
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
uRun: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Plex Media Server] "E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Google Update] "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [Adobe Speed Launcher] 1420146036
mRun: [UnlockerAssistant] "D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "e:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
StartupFolder: C:\Users\michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www21.adrive.com/filemanager/landing
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} : DHCPNameServer = 192.168.0.1 205.171.2.226
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-21 267632]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-23 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-21 436624]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 116728]
R2 avast! Antivirus;avast! Antivirus;E:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-17 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-9-16 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-9-16 384728]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-9-16 777944]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-10-25 441344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-6-10 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-7-9 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-6-10 23552]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-12-16 443416]
R2 TeamViewer9;TeamViewer 9;E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-2 4799760]
R2 VBoxAswDrv;VBoxAsw Support Driver;E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-17 271752]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R3 AvastVBoxSvc;AvastVBox COM Service;E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-17 4012248]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-11 38216]
R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2012-10-20 22600]
R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-9-16 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-17 112496]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-1-5 21712]
S3 GalaxyService;GalaxyService;C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2014-11-28 2191648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 Origin Client Service;Origin Client Service;D:\Program Files (x86)\Origin\OriginClientService.exe [2012-10-8 1903472]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-10 14544]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 380064]
.
=============== Created Last 30 ================
.
2015-01-01 05:43:01 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E90BC70-8092-4289-A40F-BB908C15921A}\mpengine.dll
2014-12-18 07:09:09 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 07:09:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-16 20:32:41 -------- d-----w- C:\ProgramData\Trend Micro
2014-12-16 20:32:11 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-12-16 20:32:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-12-16 17:52:00 38160 ----a-w- C:\Windows\SysWow64\LMRTREND.dll
2014-12-16 17:52:00 182032 ----a-w- C:\Windows\SysWow64\dxtmsft3.dll
2014-12-16 17:52:00 155408 ----a-w- C:\Windows\SysWow64\LMRT.dll
2014-12-16 17:52:00 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2014-12-16 17:51:58 63488 ----a-w- C:\Windows\SysWow64\unam4ie.exe
2014-12-16 17:51:58 217984 ----a-w- C:\Windows\SysWow64\strmdll.dll
2014-12-16 17:51:58 109840 ----a-w- C:\Program Files (x86)\Windows Media Player\mplayer2.exe
2014-12-16 17:51:56 5672 ----a-w- C:\Windows\SysWow64\quartz.vxd
2014-12-16 17:51:56 194320 ----a-w- C:\Windows\SysWow64\qcut.dll
2014-12-16 17:51:56 11776 ----a-w- C:\Windows\SysWow64\mciqtz.drv
2014-12-16 17:51:56 10240 ----a-w- C:\Windows\SysWow64\vidx16.dll
2014-12-16 17:51:55 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2014-12-16 17:51:55 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2014-12-11 13:24:18 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 13:24:18 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 05:59:26 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-04 03:07:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-12-04 03:07:49 89960 ----a-w- C:\Windows\SysWow64\SQSRVRES.DLL
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 04:42:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2014-12-03 04:41:07 -------- d-----w- C:\Windows\SysWow64\1033
2014-12-03 04:41:07 -------- d-----w- C:\Windows\System32\1033
2014-12-03 04:41:07 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-12-03 04:39:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008Templates
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008
2014-12-03 04:38:00 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
.
==================== Find3M ====================
.
2015-01-01 16:09:07 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-16 20:38:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-16 20:38:18 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-11-29 01:01:24 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:10:29 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 10:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-18 01:10:25 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-18 01:10:25 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-18 01:10:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-18 01:10:25 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-18 01:10:25 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-18 01:10:25 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-18 01:10:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-09 05:02:16 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 21:02:48 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-11-06 21:02:48 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-11-06 21:02:48 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-11-03 22:02:42 6882448 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-03 22:02:41 3531464 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-03 22:02:38 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-03 22:02:38 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-03 22:02:38 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-11-03 22:02:38 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-03 11:58:36 4099264 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-11-02 23:34:34 862 ----a-w- C:\Windows\DSXWA.reg
2014-11-02 23:34:34 1926 ----a-w- C:\Windows\DSXWA2.reg
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 16:59:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-07 00:34:44 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 20:51:39.31 ===============
IE 11 and Chrome browsers
Today Avast kept telling me that it was blocking potentially malicious websites, but it did not find any infections. I also ran MBAM and SuperAntiSpyware, and the only things found were some registry entries and tracking cookies which I quarantined/deleted. PeerBlock 1.2 also shows tons of blocked incoming HTTP connections, even when all browsers, Steam, Origin, etc. are closed. I don't know what is causing these hits on Avast and Peerblock. (I never turned on HTTP blocking before in PeerBlock, so this may not be unusual behavior). RUBotted shows clean.
My IE options keep getting changed to block downloads, also.
In case it helps, early on, here are some logs from MBAM and dds,
Thanks!
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/1/2015
Scan Time: 10:10:03 AM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.01.02
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: michael
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436153
Time Elapsed: 8 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [72c49c569dec3501a32c954e6c98659b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e84e8f6377125dd9a6ced4935ea50ff1],
Registry Values: 2
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EECF410C-006C-4A05-AD13-6741A0814DBF}, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9],
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EECF410C-006C-4A05-AD13-6741A0814DBF}, Spam Free Search Toolbar, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.NewHB.A, C:\Users\michael\AppData\Local\newhb.crx, Quarantined, [8ea8f9f97a0f5bdb0d18baaa35ce12ee],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [64d26e84850462d49867f37154afb54b],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [8fa781718ffa74c24cb3adb7976c08f8],
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by michael at 20:51:13 on 2015-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2228 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
e:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\VMware\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\PeerBlock\peerblock.exe
C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
e:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
e:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
e:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uProxyServer = 198.204.238.254:8085
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
uRun: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Plex Media Server] "E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Google Update] "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [Adobe Speed Launcher] 1420146036
mRun: [UnlockerAssistant] "D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "e:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
StartupFolder: C:\Users\michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www21.adrive.com/filemanager/landing
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} : DHCPNameServer = 192.168.0.1 205.171.2.226
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-21 267632]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-23 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-21 436624]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 116728]
R2 avast! Antivirus;avast! Antivirus;E:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-17 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-9-16 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-9-16 384728]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-9-16 777944]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-10-25 441344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-6-10 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-7-9 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-6-10 23552]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-12-16 443416]
R2 TeamViewer9;TeamViewer 9;E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-2 4799760]
R2 VBoxAswDrv;VBoxAsw Support Driver;E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-17 271752]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R3 AvastVBoxSvc;AvastVBox COM Service;E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-17 4012248]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-11 38216]
R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2012-10-20 22600]
R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-9-16 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-17 112496]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-1-5 21712]
S3 GalaxyService;GalaxyService;C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2014-11-28 2191648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 Origin Client Service;Origin Client Service;D:\Program Files (x86)\Origin\OriginClientService.exe [2012-10-8 1903472]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-10 14544]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 380064]
.
=============== Created Last 30 ================
.
2015-01-01 05:43:01 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E90BC70-8092-4289-A40F-BB908C15921A}\mpengine.dll
2014-12-18 07:09:09 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 07:09:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-16 20:32:41 -------- d-----w- C:\ProgramData\Trend Micro
2014-12-16 20:32:11 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-12-16 20:32:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-12-16 17:52:00 38160 ----a-w- C:\Windows\SysWow64\LMRTREND.dll
2014-12-16 17:52:00 182032 ----a-w- C:\Windows\SysWow64\dxtmsft3.dll
2014-12-16 17:52:00 155408 ----a-w- C:\Windows\SysWow64\LMRT.dll
2014-12-16 17:52:00 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2014-12-16 17:51:58 63488 ----a-w- C:\Windows\SysWow64\unam4ie.exe
2014-12-16 17:51:58 217984 ----a-w- C:\Windows\SysWow64\strmdll.dll
2014-12-16 17:51:58 109840 ----a-w- C:\Program Files (x86)\Windows Media Player\mplayer2.exe
2014-12-16 17:51:56 5672 ----a-w- C:\Windows\SysWow64\quartz.vxd
2014-12-16 17:51:56 194320 ----a-w- C:\Windows\SysWow64\qcut.dll
2014-12-16 17:51:56 11776 ----a-w- C:\Windows\SysWow64\mciqtz.drv
2014-12-16 17:51:56 10240 ----a-w- C:\Windows\SysWow64\vidx16.dll
2014-12-16 17:51:55 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2014-12-16 17:51:55 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2014-12-11 13:24:18 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 13:24:18 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 05:59:26 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-04 03:07:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-12-04 03:07:49 89960 ----a-w- C:\Windows\SysWow64\SQSRVRES.DLL
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 04:42:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2014-12-03 04:41:07 -------- d-----w- C:\Windows\SysWow64\1033
2014-12-03 04:41:07 -------- d-----w- C:\Windows\System32\1033
2014-12-03 04:41:07 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-12-03 04:39:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008Templates
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008
2014-12-03 04:38:00 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
.
==================== Find3M ====================
.
2015-01-01 16:09:07 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-16 20:38:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-16 20:38:18 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-11-29 01:01:24 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:10:29 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 10:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-18 01:10:25 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-18 01:10:25 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-18 01:10:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-18 01:10:25 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-18 01:10:25 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-18 01:10:25 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-18 01:10:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-09 05:02:16 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 21:02:48 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-11-06 21:02:48 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-11-06 21:02:48 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-11-03 22:02:42 6882448 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-03 22:02:41 3531464 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-03 22:02:38 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-03 22:02:38 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-03 22:02:38 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-11-03 22:02:38 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-03 11:58:36 4099264 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-11-02 23:34:34 862 ----a-w- C:\Windows\DSXWA.reg
2014-11-02 23:34:34 1926 ----a-w- C:\Windows\DSXWA2.reg
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 16:59:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-07 00:34:44 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 20:51:39.31 ===============