Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Ritzy

Pages: [1]
1
Computer Problems, Questions and Solutions! / Linux Mint - Cinnamon
« on: November 15, 2021, 05:36:21 PM »
Im not sure if you have anyone who deals specifically with Linux machines, its what I run these days. I just wanted to know if anyone is aware of issues with FireFox and the latest release of Mint.
Sorry if its not appropriate to use this site for Linux issues.

Thanks
Denise

2
Analysis and Malware Removal / WSHelper.exe System Error at Startup
« on: February 18, 2018, 10:21:32 AM »
Hi you wonderful people!
When restarting or booting my machine I am getting a series (possibly 8 or 9) of system error boxes unable to load various files. Eg. DAQExp.dll, CBSCreateVC.dll and CBSProducstinfo.dll
I have googled the issue and been made to believe it has something to do with Wondershare but am loath to attempt anything without proper knowledge.
I thank you in advance for your help, the requested copy/pasted log files follow:

 Result of Security Analysis by Rocket Grannie (x86) Updated: 16th February, 2018
Running from:C:\Users\usuario\Desktop (13:07:50 - 02/18/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.161)
Adobe Acrobat Reader DC (15.017.20053) ==> is out of Date
Google Chrome (63.0.3239.132) ==> is out of Date
Java (8.0.510) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (59.0)
Safari (5.34.57.2)

***----------------Analysis Complete-------------------------***

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by usuario (administrator) on NOX (18-02-2018 13:03:43)
Running from C:\Users\usuario\Desktop
Loaded Profiles: usuario (Available Profiles: usuario)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: Spanish (Spain, International Sort)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(Telegram Messenger LLP) C:\Users\usuario\AppData\Roaming\Telegram Desktop\Telegram.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Youtube Live Commando] => C:\Users\usuario\AppData\Local\Apps\2.0\G33LNMK9.L8B\PMNR0RMM.5J3\yout..tion_166ca03d33c4af01_0001.0001_ae2b475e8752cf80\YoutubeLiveCommando.exe [369664 2015-06-30] (Commando)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Social Bookmark Commando] => C:\Users\usuario\AppData\Local\Apps\2.0\G33LNMK9.L8B\PMNR0RMM.5J3\soci..tion_0000000000000000_0001.0000_dab3f17f25388fc4\SocialBookmarkCommando.exe [95232 2015-08-18] ()
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-09-03]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-09-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-08-27]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 5.34.150.25 5.34.150.26
Tcpip\..\Interfaces\{57caeeb5-652d-4f67-9898-036beac90bcf}: [DhcpNameServer] 5.34.150.25 5.34.150.26

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-4085802308-216855206-3018638629-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4085802308-216855206-3018638629-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-03] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-03] (LastPass)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2017-07-13] (Red Software)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-08-19] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-03] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-03] (LastPass)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2017-07-13] (Red Software)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-08-19] ()
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxps://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

FireFox:
========
FF DefaultProfile: 9afby1zy.default
FF ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default [2018-02-18]
FF Session Restore: Mozilla\Firefox\Profiles\9afby1zy.default -> is enabled.
FF Extension: (Firebug) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\firebug@software.joehewitt.com.xpi [2017-08-08] [Legacy]
FF Extension: (SaveFrom.net helper) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\helper-sig@savefrom.net.xpi [2018-02-08]
FF Extension: (Pinterest Save Button) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-11-18]
FF Extension: (LastPass: Free Password Manager) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\support@lastpass.com.xpi [2017-12-05]
FF Extension: (Evernote Web Clipper) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2018-01-17]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-05-23] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-03] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-03] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-07-13] (Red Software)
FF Plugin HKU\S-1-5-21-4085802308-216855206-3018638629-1001: @citrixonline.com/appdetectorplugin -> C:\Users\usuario\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-4085802308-216855206-3018638629-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\usuario\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-24] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default [2018-02-18]
CHR Extension: (Slides) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-02-07]
CHR Extension: (Docs) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Foxit PDF Creator) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2017-10-13]
CHR Extension: (Google Search) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Facebook Pixel Helper) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2017-10-29]
CHR Extension: (Sheets) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Pinterest Save Button) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-02-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-02-18]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2018-02-18]
CHR Extension: (YouTube SEO Checklist) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajddjijmeaibppajnagjiloknomjjp [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-12]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxps://ifttt.com/","hxxps://www.youtube.com/","hxxps://delicious.com/","hxxps://www.diigo.com/","hxxps://www.tumblr.com/","hxxps://twitter.com/","hxxps://www.linkedin.com/","hxxps://wordpress.com/","hxxps://bitly.com/","hxxps://buffer.com/","hxxps://evernote.com/","hxxps://www.facebook.com/","hxxp://pocket.com/","hxxps://app.net/","hxxps://accounts.google.com/ServiceLogin?service=blogger&hl=en&passive=1209600&continue=hxxps://www.blogger.com/home","hxxp://hotmail.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (LastPass) - C:\Users\usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-05-06]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-30] (BlueStack Systems, Inc.)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-08-25] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2343728 2017-07-13] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [757552 2017-07-13] (Red Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-09-08] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-28] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe [493280 2017-07-28] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-09-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 MpKsl7eee1451; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{963FA705-8901-4055-8145-A95A1E148F1D}\MpKsl7eee1451.sys [58120 2018-02-18] () [File not signed]
R1 MpKsl9fdce2fc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{963FA705-8901-4055-8145-A95A1E148F1D}\MpKsl9fdce2fc.sys [58120 2018-02-18] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-11] (NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-18 13:03 - 2018-02-18 13:04 - 000028945 _____ C:\Users\usuario\Desktop\FRST.txt
2018-02-18 13:03 - 2018-02-18 13:03 - 000000000 ____D C:\FRST
2018-02-18 13:02 - 2018-02-18 13:02 - 000899584 _____ C:\Users\usuario\Desktop\RGSA.exe
2018-02-18 11:18 - 2018-02-18 11:18 - 002403840 _____ (Farbar) C:\Users\usuario\Desktop\FRST64.exe
2018-02-18 10:48 - 2018-02-18 10:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-14 12:58 - 2018-02-10 07:23 - 001577880 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-14 12:58 - 2018-02-10 07:16 - 008603032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 12:58 - 2018-02-10 07:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 12:58 - 2018-02-10 07:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-14 12:58 - 2018-02-10 07:09 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-14 12:58 - 2018-02-10 07:08 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-14 12:58 - 2018-02-10 07:08 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-14 12:58 - 2018-02-10 07:04 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 12:58 - 2018-02-10 07:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-14 12:58 - 2018-02-10 06:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-02-14 12:58 - 2018-02-10 06:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-14 12:58 - 2018-02-10 06:07 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-14 12:58 - 2018-02-10 06:06 - 006481640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-14 12:58 - 2018-02-10 06:04 - 001491352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-02-14 12:58 - 2018-02-10 05:50 - 003665408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-14 12:58 - 2018-02-10 05:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 12:58 - 2018-02-10 05:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-14 12:58 - 2018-02-10 05:45 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 018923008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 008020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-14 12:58 - 2018-02-10 05:42 - 023671808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-14 12:58 - 2018-02-10 05:41 - 019352576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 012831744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 008110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-14 12:58 - 2018-02-10 05:38 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-02-14 12:58 - 2018-02-10 05:38 - 003169280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 12:58 - 2018-02-10 05:36 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-02-14 12:58 - 2018-02-09 04:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 12:57 - 2018-02-10 07:24 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000613272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000138136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 12:57 - 2018-02-10 07:22 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-14 12:57 - 2018-02-10 07:22 - 000662936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000387480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000272800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 12:57 - 2018-02-10 07:21 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-14 12:57 - 2018-02-10 07:21 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-14 12:57 - 2018-02-10 07:21 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-14 12:57 - 2018-02-10 07:20 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 001055640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-02-14 12:57 - 2018-02-10 07:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-02-14 12:57 - 2018-02-10 07:18 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-14 12:57 - 2018-02-10 07:17 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-14 12:57 - 2018-02-10 07:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-14 12:57 - 2018-02-10 07:15 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-14 12:57 - 2018-02-10 07:14 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-14 12:57 - 2018-02-10 07:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 12:57 - 2018-02-10 07:13 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-14 12:57 - 2018-02-10 07:13 - 000535960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-14 12:57 - 2018-02-10 07:13 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-14 12:57 - 2018-02-10 07:13 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-14 12:57 - 2018-02-10 07:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-14 12:57 - 2018-02-10 07:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 12:57 - 2018-02-10 07:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-14 12:57 - 2018-02-10 07:12 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-14 12:57 - 2018-02-10 07:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-02-14 12:57 - 2018-02-10 07:11 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-14 12:57 - 2018-02-10 07:11 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-14 12:57 - 2018-02-10 07:11 - 000494496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 002447768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-14 12:57 - 2018-02-10 07:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-14 12:57 - 2018-02-10 07:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-14 12:57 - 2018-02-10 07:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 12:57 - 2018-02-10 07:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-14 12:57 - 2018-02-10 07:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 002710728 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-02-14 12:57 - 2018-02-10 07:06 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000519144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 12:57 - 2018-02-10 07:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000189336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-14 12:57 - 2018-02-10 07:05 - 000070856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001430760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-14 12:57 - 2018-02-10 07:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000093592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-14 12:57 - 2018-02-10 07:02 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-14 12:57 - 2018-02-10 07:02 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000231320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-02-14 12:57 - 2018-02-10 07:02 - 000040352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-02-14 12:57 - 2018-02-10 06:22 - 001930224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-02-14 12:57 - 2018-02-10 06:21 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-14 12:57 - 2018-02-10 06:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-02-14 12:57 - 2018-02-10 06:18 - 000022424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-14 12:57 - 2018-02-10 06:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-14 12:57 - 2018-02-10 06:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-02-14 12:57 - 2018-02-10 06:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-02-14 12:57 - 2018-02-10 06:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-14 12:57 - 2018-02-10 06:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-02-14 12:57 - 2018-02-10 06:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-14 12:57 - 2018-02-10 06:04 - 000027032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2018-02-14 12:57 - 2018-02-10 06:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-14 12:57 - 2018-02-10 05:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 12:57 - 2018-02-10 05:48 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 12:57 - 2018-02-10 05:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-02-14 12:57 - 2018-02-10 05:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-02-14 12:57 - 2018-02-10 05:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-14 12:57 - 2018-02-10 05:47 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-14 12:57 - 2018-02-10 05:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-14 12:57 - 2018-02-10 05:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-02-14 12:57 - 2018-02-10 05:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-02-14 12:57 - 2018-02-10 05:45 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-14 12:57 - 2018-02-10 05:44 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-02-14 12:57 - 2018-02-10 05:43 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppManagementConfiguration.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2018-02-14 12:57 - 2018-02

3
Analysis and Malware Removal / Windows 7 Randomly Restarting
« on: February 12, 2015, 10:37:03 AM »
My system is restarting about 12 times a day, this started two days ago and today, after another random restart, I was presented with Windows error recovery. I allowed this to run and the Startup Repair declared it had restored to a previous date, but Im afraid I am still getting the random restarts.

I have run the usual AV and AM checks but nothing is being flagged, I wonder if you can help me find out what is causing this? Also I should mention I had this issue previously, but it turned out to be an overheating problem due to bad cleaning practices, however I took note of that and have cleaned the machine every couple of weeks, it is clean now so I am assuming that is not the problem in this case.

I will mention that after the Startup Repair today MBAM settings had changed with a warning that I was not fully protected and AVAST was switched. off.

I have made no hardware or software changes in the last two weeks.

Here are my three reports as requested
Thanks
Denise
-------------------------------
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 06/05/2014 14:06:53
System Uptime: 12/02/2015 12:51:44 (1 hours ago)
.
Motherboard: ASRock |  | ConRoe1333-D667 
Processor: Intel(R) Pentium(R) D  CPU 2.66GHz | CPUSocket | 2659/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 372.985 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP107: 11/02/2015 12:44:39 - Windows Update
RP108: 11/02/2015 16:54:11 - Restore Operation
RP109: 11/02/2015 17:03:52 - avast! antivirus system restore point
RP110: 11/02/2015 17:15:47 - Removed Adobe Widget Browser
RP111: 12/02/2015 12:20:58 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
4 Elements
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 6 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Fonts All
Adobe Help Manager
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Adobe Setup
Adobe Shockwave Player 12.1
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Audacity 2.0.5
Avast Free Antivirus
Avidemux 2.6 - 64bits
Build-A-Lot 2
Build-a-lot Mysteries 2
Citrix Online Launcher
CoffeeCup Free HTML Editor
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EasySketchPro version 1.0.7
FileZilla Client 3.10.0.2
Free Window Registry Repair
Freemake Video Downloader
Freemake Youtube Mp3 Converter
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 6.4.12.2331
Inkscape 0.48.4
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 67
Java 8 Update 25
Java Auto Updater
Jing
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 35.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
PDF Settings
PDF Settings CS6
Peggle Nights
Photo Common
Photo Gallery
Pogo Games
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 7.0
SpeedFan (remove only)
SUPERAntiSpyware
swMSM
Telegram Desktop version 0.7.10
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 5.01 (32-bit)
WinRAR 5.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/02/2015 12:51:52, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
11/02/2015 16:48:11, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by User at 13:06:43 on 2015-02-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3063.1709 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [AdobeBridge] <no file>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 5.34.150.25 5.34.150.26
TCP: Interfaces\{05867FBA-CB37-4FBA-9AC0-6CF986401F72} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{49F2A783-F948-471A-AFE6-A841D8EB5D39} : DHCPNameServer = 5.34.150.25 5.34.150.26
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\isec0zbw.default\
FF - prefs.js: browser.search.defaulturl - hxxps://es.search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxps://es.search.yahoo.com/yhs/search
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-8-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-8-22 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-8-22 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-8-22 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-8-22 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-22 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-14 50344]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-8-28 108032]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-8-28 9216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-25 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-25 969016]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-25 129752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-12 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-13 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-25 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-6 56832]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2015-02-11 17:48:41   --------   d-----w-   C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-02-11 16:13:37   11870360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B11DE59-33FA-4104-BE95-4BB54EFF31C6}\mpengine.dll
2015-01-14 04:21:49   210432   ----a-w-   C:\Windows\System32\profsvc.dll
.
==================== Find3M  ====================
.
2015-02-12 11:53:08   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-05 05:17:34   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 05:17:34   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-08 08:55:52   298120   ----a-w-   C:\Windows\System32\MpSigStub.exe
2014-12-19 01:46:45   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2014-12-14 08:04:59   1050432   ----a-w-   C:\Windows\System32\drivers\aswsnx.sys
2014-12-14 08:04:25   65776   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2014-12-14 08:04:25   267632   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2014-12-14 08:04:25   116728   ----a-w-   C:\Windows\System32\drivers\aswStm.sys
2014-12-14 08:04:24   93568   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2014-12-14 08:04:24   83280   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-14 08:04:24   29208   ----a-w-   C:\Windows\System32\drivers\aswHwid.sys
2014-12-14 08:04:23   43152   ----a-w-   C:\Windows\avastSS.scr
2014-12-13 05:09:01   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10   5553592   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49   503808   ----a-w-   C:\Windows\System32\srcore.dll
2014-12-12 05:31:49   503808   ----a-w-   C:\Windows\System32\srcore(62).dll
2014-12-12 05:31:49   50176   ----a-w-   C:\Windows\System32\srclient.dll
2014-12-12 05:31:22   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44   3971512   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43   3916728   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:17   87040   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27   303616   ----a-w-   C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55   413184   ----a-w-   C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45   741376   ----a-w-   C:\Windows\System32\invagent.dll
2014-12-04 02:50:40   396800   ----a-w-   C:\Windows\System32\devinv.dll
2014-12-04 02:50:38   830976   ----a-w-   C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37   192000   ----a-w-   C:\Windows\System32\aepic.dll
2014-12-04 02:50:37   192000   ----a-w-   C:\Windows\System32\aepic(49).dll
2014-12-04 02:44:48   1083392   ----a-w-   C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44   1232040   ----a-w-   C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10   580096   ----a-w-   C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:49:08   2885120   ----a-w-   C:\Windows\System32\iertutil(52).dll
2014-11-22 02:48:20   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07   6039552   ----a-w-   C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43   501248   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 02:01:25   2277888   ----a-w-   C:\Windows\SysWow64\iertutil(73).dll
2014-11-22 01:54:30   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58   2125312   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26   4299264   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2014-11-22 01:28:21   2358272   ----a-w-   C:\Windows\System32\wininet(70).dll
2014-11-22 01:22:49   2052096   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15:50   1548288   ----a-w-   C:\Windows\System32\urlmon(66).dll
2014-11-22 01:00:20   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-11-22 01:00:20   1888256   ----a-w-   C:\Windows\SysWow64\wininet(78).dll
2014-11-22 00:56:21   1307136   ----a-w-   C:\Windows\SysWow64\urlmon(77).dll
2014-11-21 05:14:22   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-11-21 05:14:12   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 05:14:08   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 13:10:08.20 ===============

 Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 7 Update 67 
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31[/color] 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````[/u]



4
Since August 18th (when I allowed a Windows update) I am suffering unexpected shut downs more that 5 times a day, I tried to run Malwarebytes Antimalware (Professional) and found it will not run, I have screen captures of the errors I get when trying to reinstall. I have run SuperAntiSpyware (177 suspects) and newly installed Avast which did not find any viruses.  I have rolled back my system to before the Windows update but this has not helped.
I include the copy and pasted dds, attach and checkup files below.

Checkup
-----------
 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 7 Update 67 
 Adobe Flash Player 14.0.0.179 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.125 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

dds
-----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by User at 11:00:27 on 2014-08-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3063.1644 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\WinBar\WinBar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WinBar (x86)] C:\Program Files (x86)\WinBar\WinBar.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: MaxGPOScriptWait = dword:600
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 5.34.150.25 5.34.150.26
TCP: Interfaces\{05867FBA-CB37-4FBA-9AC0-6CF986401F72} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{49F2A783-F948-471A-AFE6-A841D8EB5D39} : DHCPNameServer = 5.34.150.25 5.34.150.26
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\isec0zbw.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=logo|http://google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-8-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-8-22 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-8-22 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-8-22 427360]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-8-22 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-22 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-22 50344]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-12 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-6 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-6 1255736]
.
=============== Created Last 30 ================
.
2014-08-24 07:42:45   --------   d-----w-   C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-08-24 07:42:23   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2014-08-24 07:42:23   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2014-08-24 06:54:54   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-24 06:54:53   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-08-24 06:54:53   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-08-24 06:54:53   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-23 05:33:33   --------   d-----w-   C:\Windows\pss
2014-08-23 03:49:35   11319192   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8947F5B9-4776-4146-8329-07EEDF23CEC1}\mpengine.dll
2014-08-22 09:13:28   92008   ----a-w-   C:\Windows\System32\drivers\aswStm.sys
2014-08-22 09:13:27   224896   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2014-08-22 09:13:26   1041168   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2014-08-22 09:13:25   65776   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2014-08-22 09:13:24   79184   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-22 09:13:23   29208   ----a-w-   C:\Windows\System32\drivers\aswHwid.sys
2014-08-22 09:13:21   93568   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2014-08-22 09:13:10   43152   ----a-w-   C:\Windows\avastSS.scr
2014-08-22 07:48:10   --------   d-----w-   C:\Users\User\AppData\Local\Adobe
2014-08-22 06:24:41   --------   d-----w-   C:\Program Files\CPUID
2014-08-22 05:00:03   --------   d-----w-   C:\Users\User\AppData\Roaming\AVAST Software
2014-08-22 04:56:05   --------   d-----w-   C:\Program Files\AVAST Software
2014-08-22 04:55:17   --------   d-----w-   C:\ProgramData\AVAST Software
2014-08-22 04:55:02   70   ----a-w-   C:\Windows\RAVTC.TMP
2014-08-13 19:30:26   99480   ----a-w-   C:\Windows\SysWow64\infocardapi.dll
2014-08-13 19:30:26   619672   ----a-w-   C:\Windows\SysWow64\icardagt.exe
2014-08-13 19:30:26   171160   ----a-w-   C:\Windows\System32\infocardapi.dll
2014-08-13 19:30:26   1389208   ----a-w-   C:\Windows\System32\icardagt.exe
2014-08-13 19:30:22   8856   ----a-w-   C:\Windows\SysWow64\icardres.dll
2014-08-13 19:30:21   8856   ----a-w-   C:\Windows\System32\icardres.dll
2014-08-13 19:30:00   35480   ----a-w-   C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-13 19:30:00   35480   ----a-w-   C:\Windows\System32\TsWpfWrp.exe
2014-08-13 05:14:34   --------   d-----w-   C:\Users\User\AppData\Local\ElevatedDiagnostics
2014-08-13 04:43:59   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-08-13 04:35:29   3163648   ----a-w-   C:\Windows\System32\win32k.sys
2014-08-13 04:35:21   7168   ----a-w-   C:\Windows\SysWow64\KBDYAK.DLL
2014-08-13 04:35:21   6656   ----a-w-   C:\Windows\SysWow64\KBDBASH.DLL
2014-08-13 04:35:20   7168   ----a-w-   C:\Windows\System32\KBDYAK.DLL
2014-08-13 04:35:20   7168   ----a-w-   C:\Windows\System32\KBDBASH.DLL
2014-08-13 04:31:53   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2014-08-13 04:31:53   2048   ----a-w-   C:\Windows\System32\tzres.dll
2014-08-13 04:31:28   3241984   ----a-w-   C:\Windows\System32\msi.dll
2014-08-13 04:31:27   2363392   ----a-w-   C:\Windows\SysWow64\msi.dll
2014-08-13 04:31:26   1941504   ----a-w-   C:\Windows\System32\authui.dll
2014-08-13 04:31:26   1805824   ----a-w-   C:\Windows\SysWow64\authui.dll
2014-08-13 04:31:25   504320   ----a-w-   C:\Windows\System32\msihnd.dll
2014-08-13 04:31:25   337408   ----a-w-   C:\Windows\SysWow64\msihnd.dll
2014-08-13 04:31:25   112064   ----a-w-   C:\Windows\System32\consent.exe
2014-08-13 04:30:57   985536   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-13 04:25:30   1216000   ----a-w-   C:\Windows\System32\rpcrt4.dll
2014-08-13 04:25:29   664064   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2014-08-13 04:25:11   529920   ----a-w-   C:\Windows\System32\aepdu.dll
2014-08-13 04:25:08   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-08-10 17:48:07   --------   d-----w-   C:\Users\User\AppData\Roaming\KompoZer
2014-08-08 07:38:09   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-06 17:20:45   --------   d-----w-   C:\Users\User\AppData\Local\Citrix
2014-08-01 19:23:20   2620928   ----a-w-   C:\Windows\System32\wucltux.dll
2014-08-01 19:22:49   97792   ----a-w-   C:\Windows\System32\wudriver.dll
2014-08-01 19:22:48   92672   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2014-08-01 19:22:16   179656   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2014-08-01 19:22:15   33792   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2014-08-01 19:22:14   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2014-08-01 19:22:14   198600   ----a-w-   C:\Windows\System32\wuwebv.dll
2014-07-31 05:57:23   --------   d-----w-   C:\Program Files (x86)\Bonjour
2014-07-31 05:47:16   --------   d-----w-   C:\Windows\SysWow64\spool
2014-07-31 05:31:21   --------   d-----w-   C:\Program Files (x86)\Common Files\Macrovision Shared
.
==================== Find3M  ====================
.
2014-08-22 09:39:51   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-22 09:39:51   699568   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 07:20:00   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28   758272   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32   61952   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15   5824512   ----a-w-   C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05   72704   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:08:47   597504   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47   4204032   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29   2087936   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49   2001920   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06   2266624   ----a-w-   C:\Windows\System32\wininet.dll
2014-07-25 10:05:23   1792512   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30   692736   ----a-w-   C:\Windows\System32\osk.exe
2014-06-18 01:51:32   646144   ----a-w-   C:\Windows\SysWow64\osk.exe
2014-06-06 10:10:34   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-06-06 09:44:17   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-05-30 08:08:41   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-05-30 07:52:51   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52   497152   ----a-w-   C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 11:02:08.27 ===============

attach
--------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 06/05/2014 14:06:53
System Uptime: 24/08/2014 10:59:01 (1 hours ago)
.
Motherboard: ASRock |  | ConRoe1333-D667 
Processor: Intel(R) Pentium(R) D  CPU 2.66GHz | CPUSocket | 2659/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 394.439 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP54: 18/08/2014 17:39:56 - Scheduled Checkpoint
RP55: 19/08/2014 10:52:51 - Windows Modules Installer
RP56: 20/08/2014 06:25:07 - Windows Update
RP57: 22/08/2014 06:50:24 - Removed Panda Devices Agent.
RP58: 22/08/2014 06:55:47 - avast! antivirus system restore point
RP59: 22/08/2014 10:39:16 - Pre video card update
RP60: 22/08/2014 10:44:08 - Restore Operation
RP61: 22/08/2014 11:10:07 - avast! antivirus system restore point
RP62: 24/08/2014 10:55:25 - Removed WorldWinner Games
RP63: 24/08/2014 10:56:35 - Removed WorldWinner Games
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader XI (11.0.08)
Adobe Setup
Adobe Shockwave Player 12.1
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Audacity 2.0.5
avast! Free Antivirus
Citrix Online Launcher
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EasySketchPro version 1.0.7
FileZilla Client 3.8.1
Free Window Registry Repair
Google Chrome
Google Update Helper
Inkscape 0.48.4
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 67
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
PDF Settings
Photo Common
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.16
SUPERAntiSpyware
swMSM
Telegram Win (Unofficial) version 0.5.17
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
VLC media player
WinBar (x86)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (32-bit)
WinRAR 5.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
24/08/2014 10:59:09, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
24/08/2014 08:32:26, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
24/08/2014 08:32:04, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
24/08/2014 08:32:04, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
23/08/2014 21:39:18, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
23/08/2014 07:36:14, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
22/08/2014 23:26:39, Error: Service Control Manager [7022]  - The avast! Antivirus service hung on starting.
22/08/2014 06:53:20, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
22/08/2014 06:20:28, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
22/08/2014 06:19:01, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
22/08/2014 06:19:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/08/2014 06:19:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/08/2014 06:18:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/08/2014 06:18:53, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6
22/08/2014 06:18:53, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/08/2014 18:27:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/08/2014 18:27:38, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
21/08/2014 18:27:38, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
21/08/2014 09:32:40, Error: Service Control Manager [7022]  - The Background Intelligent Transfer Service service hung on starting.
21/08/2014 09:30:19, Error: Microsoft-Windows-WMPNSS-Service [14338]  - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
21/08/2014 09:30:09, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
21/08/2014 09:28:19, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
21/08/2014 09:25:58, Error: Service Control Manager [7022]  - The Peer Name Resolution Protocol service hung on starting.
19/08/2014 10:07:30, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
18/08/2014 17:39:39, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

Thanks
Den

5
Suddenly my system is running very very slowly, I have run SuperAntiSpyware which found 414 possible problems, all of which I removed. I also disabled half a dozen programs that were opening on startup. None of this had any effect on the very slow boot up and performance. The three requested logs are below.
------------------------
 Results of screen317's Security Check version 0.99.72 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
COMODO Antivirus   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Flash Player 11.7.700.224 
 Adobe Reader XI 
 Mozilla Firefox 19.0.2 Firefox out of Date! 
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
-----------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/05/2012 00:11:32
System Uptime: 09/08/2013 20:05:23 (0 hours ago)
.
Motherboard: Packard Bell    |  | SJV50MV                       
Processor: Pentium(R) Dual-Core CPU       T4400  @ 2.20GHz | U2E1 | 1584/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 101.356 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&396112FB&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&396112FB&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP120: 04/08/2013 22:51:50 - Windows Update
RP121: 05/08/2013 21:51:22 - Windows Update
RP122: 08/08/2013 00:26:24 - Windows Update
RP123: 09/08/2013 20:36:51 - Removed AutoBinaryCode2
.
==== Installed Programs ======================
.
4 Elements
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader XI (11.0.03)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agree Free MP4 to AVI WMV MOV 3GP FLV Converter 5.0
AHV content for Acrobat and Flash
Apple Application Support
Apple Software Update
µTorrent
Audacity 2.0.3
Brickshooter Egypt
Campfire Legends - The Babysitter
Camtasia Studio 8
Comodo Dragon
COMODO Internet Security
Core FTP LE (x64)
Debut Video Capture Software
Dropbox
Easy Screen Capture 2
FileZilla Client 3.7.1
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free FLV to MP4 Converter
GIMP 2.8.2
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
GoToMeeting 5.5.0.1132
HandBrake 0.9.8
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Image Cartoonizer version 3.5.1
Image Converter
Image Editor Packages
Jing
K-Lite Codec Pack 4.0.0 (Full)
Media converter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
mIRC
Mozilla Firefox 19.0.2 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
My Free Web Site Builder
Oriental Dreams
PartyPoker.es
PDF Settings
PokerStars.es
Prism Video File Converter
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
ShowRoom for PowerPoint
Skype™ 6.6
SUPERAntiSpyware
Swiff Player 1.7.2
TeamViewer 8
Update for Image Editor
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoPad Video Editor
VLC media player 2.0.1
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
09/08/2013 20:18:04, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
09/08/2013 20:14:11, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
09/08/2013 20:09:24, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service to connect.
09/08/2013 20:09:24, Error: Service Control Manager [7000]  - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
09/08/2013 19:20:01, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
09/08/2013 19:15:45, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================
----------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by MyPC at 20:43:01 on 2013-08-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4025.2616 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3AE610DB-97B4-4250-B2F9-C2A4A7B21159} : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{91F25783-610C-47B8-9192-3B2C963FB7E5} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{B00E17C4-48B8-4D51-9D1F-F1FEAD5243B6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B00E17C4-48B8-4D51-9D1F-F1FEAD5243B6}\2414250205C414E45445 : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{B00E17C4-48B8-4D51-9D1F-F1FEAD5243B6}\244584572633D233230553 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B00E17C4-48B8-4D51-9D1F-F1FEAD5243B6}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{B00E17C4-48B8-4D51-9D1F-F1FEAD5243B6}\4514C4B44514C4B4D2037334545313 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MyPC\AppData\Roaming\Mozilla\Firefox\Profiles\edh1c2r9.default\
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\MyPC\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-7-4 36328]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-7-4 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-7-4 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-7-4 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-7-4 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-4 59392]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-23 20:06:42   --------   d-----w-   C:\Users\MyPC\AppData\Roaming\AutoBinaryCode2
2013-07-22 10:18:58   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-07-22 08:59:53   1732608   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-22 08:58:35   1643520   ----a-w-   C:\Windows\System32\DWrite.dll
2013-07-22 08:58:35   1247744   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2013-07-22 07:30:43   --------   d-----w-   C:\Users\MyPC\AppData\Roaming\DigitalJuice
2013-07-22 07:30:43   --------   d-----w-   C:\ProgramData\DJDownloads
2013-07-19 16:07:07   --------   d-----w-   C:\ProgramData\DigitalJuice
2013-07-19 16:07:07   --------   d-----w-   C:\Program Files (x86)\Digital Juice
.
==================== Find3M  ====================
.
2013-06-11 23:43:37   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-06-11 23:42:58   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 20:35:57   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:35:56   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:35:47   9089416   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-07 03:22:18   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-06-05 13:58:33   56072   ----a-w-   C:\Windows\System32\certsentry.dll
2013-06-05 13:58:33   47368   ----a-w-   C:\Windows\SysWow64\certsentry.dll
2013-06-05 03:34:27   3153920   ----a-w-   C:\Windows\System32\win32k.sys
2013-06-04 06:00:13   624128   ----a-w-   C:\Windows\System32\qedit.dll
2013-06-04 04:53:07   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2013-05-30 18:01:55   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-13 05:51:01   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00   1464320   ----a-w-   C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40   52224   ----a-w-   C:\Windows\System32\certenc.dll
2013-05-13 04:45:55   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55   1160192   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55   1192448   ----a-w-   C:\Windows\System32\certutil.exe
2013-05-13 03:08:10   903168   ----a-w-   C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06   43008   ----a-w-   C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 20:48:55.99 ===============

Really hope you can help with this, it is painful to use my system right now.

Thanks
Denise

6
Hi lovely people, I am unable to access the hotmail website, run anything on facebook and am suffering other non-completion issues on some websites. I ran a scan and came up with pup.bprotector, the software tried to remove it but was unsuccessful. I also see it in my task manager processes and cannot "end process"

I really need your help, I am in the middle of running an ESET scan (found the instructions on here under another post about the same problem) with all the correct boxes checked. If you can acknowledge my post I will post the report when the scan is complete.

Is there anything else I need to provide for you to assist me?

Oh, and please dont send anything to my hotmail account (with which I registered) as I am unable to access the hotmail site  :(. Alternative email is {Edit:  E-mail address removed by Corrine to protect your privacy.}

Thanks so much
Denise

Pages: [1]