Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Per Windows 7 forum, posting logs here.

This is a discussion on Per Windows 7 forum, posting logs here. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Windows 7, Gateway RFX6840 Over last few months has become extremely slow, typing is a crap shoot beause I don't


Closed Thread
 
Thread Tools Search this Thread
Old 10-13-2016, 01:30 PM   #1
Registered Member
 
Join Date: Mar 2007
Location: 60 Mi South of Seattle
Posts: 170
OS: i7 Quad core, 8GB DDR3, 1Tb SATA, Win 7 64 Bit



Windows 7, Gateway RFX6840
Over last few months has become extremely slow, typing is a crap shoot beause I don't see what I've typed for some time.
Drop downs don't drop...entire system freezes for upwards of 30 seconds at a time when I want to move the cursor or switch pages.
This is recent. O/S has been on machine for 7 yrs. My late wife was MSDN and installed Win 7 Ultimate a long long time ago. It's run just fine.
Malware bytes finds nothing (stand alone and only runs when I choose to run it). Chameleon finds nothing, Web root Anywhere, which is my actual Firewall/anti virus is the only system that runs by choice...However, I can't seem to get Windows defender to go away...I'll shut it off, and it just errors me until I turn it back on.

One person suggested the HDD is about to croak, which is entirely possible.
But at this point replacing the entire desktop would make more sense than replacing the HDD..unfortunately, I LOATHE Windows 10..don't want anything to do with it.

DDS.TXT
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450 BrowserJavaVersion: 11.101.2
Run by SalShels at 13:17:26 on 2016-10-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8183.6459 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
SP: Webroot SecureAnywhere *Enabled/Updated* {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\FASUSB~1.LNK - C:\Program Files\Fractal Audio Systems\USB Audio Driver\FASUSBAudioCplApp.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0077-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_77-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} - hxxps://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07228A2C-F2CA-4378-AA31-4954F634F4CD} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\
FF - prefs.js: browser.search.selectedEngine - Cassiopesa
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: C:\Users\SalShels\AppData\Roaming\Mozilla\Firefox\Profiles\b0kyweuo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
FF - ExtSQL: !HIDDEN! 2011-02-08 09:47; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-17 55856]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-8 138576]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-2 30752]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-18 32912]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-6-30 140672]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-8 990464]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-30 27008]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2010-11-17 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-21 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-30 1136608]
S3 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-8-5 83768]
S3 axefx2load;Fractal Audio Systems AxeFx2 USB Service;C:\Windows\System32\drivers\axefx2load.sys [2014-9-26 55600]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-17 79360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-9-1 130688]
S3 fasusbaudio;fasusbaudio;C:\Windows\System32\drivers\fasusbaudio_x64.sys [2014-9-26 254464]
S3 fasusbaudioks;fasusbaudioks;C:\Windows\System32\drivers\fasusbaudioks_x64.sys [2014-9-26 46080]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2016-8-31 928272]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 29728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-14 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2013-9-23 44480]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-6-30 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-30 64896]
S3 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2015-6-1 232192]
S3 paeusbaudio;paeusbaudio;C:\Windows\System32\drivers\paeusbaudio_x64.sys [2013-10-11 250728]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [2013-10-11 69992]
S3 paeusbaudioks;paeusbaudioks;C:\Windows\System32\drivers\paeusbaudioks_x64.sys [2013-10-11 51560]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-8 19456]
S3 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-9-1 754784]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-9-1 164992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-10 7500048]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wrUrlFlt;Webroot UrlFilter;C:\Windows\System32\drivers\wrUrlFlt.sys [2015-2-26 66328]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 255504]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-17 79360]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-6-30 1514464]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
S4 WsAppService;Wondershare Application Framework Service;C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [2016-7-17 411648]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile=NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-10-11 01:33:47 -------- d-sh--w- C:\found.000
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-09-30 23:36:16 229048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\SysWow64\GWX
2016-09-27 19:41:04 -------- d-s---w- C:\Windows\System32\GWX
2016-09-25 19:21:31 -------- d-----w- C:\EFSTMPWP
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-09-20 17:15:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-09-19 20:27:12 -------- d-----w- C:\Program Files\iPod
2016-09-19 20:27:11 -------- d-----w- C:\Program Files\iTunes
2016-09-17 19:26:59 -------- d-----w- C:\Users\SalShels\AppData\Local\{8B594C16-CB4A-44AA-A599-A301C4DA5BB6}
2016-09-17 19:24:41 -------- d-----w- C:\Users\SalShels\AppData\Local\{0613077D-8F12-4E0E-BE58-2B2913AA553A}
2016-09-14 18:26:04 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-09-14 18:26:04 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-09-14 18:26:04 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-09-14 18:24:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-09-14 18:24:59 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-09-14 18:24:57 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-09-14 18:24:56 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-14 18:24:56 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-09-14 18:24:56 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-14 18:24:56 1009152 ----a-w- C:\Windows\System32\user32.dll
.
==================== Find3M ====================
.
2016-10-13 17:04:37 184760 ----a-w- C:\Windows\SysWow64\WRusr.dll
2016-10-13 17:04:37 138576 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2016-10-13 17:04:37 118384 ----a-w- C:\Windows\System32\WRusr.dll
2016-10-12 04:58:21 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-10-12 04:58:21 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-11 01:03:18 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-29 23:01:29 66328 ----atw- C:\Windows\System32\drivers\wrUrlFlt.sys
2016-09-27 18:59:23 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2016-09-02 15:40:18 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-02 15:35:48 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-02 15:35:47 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-02 15:35:47 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-02 15:35:47 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-02 15:34:22 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-02 15:31:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-09-02 15:31:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-09-02 15:31:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-09-02 15:31:02 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-09-02 15:31:02 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-09-02 15:31:01 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-09-02 15:31:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-09-02 15:31:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-09-02 15:31:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-09-02 15:31:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-09-02 15:21:25 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21:25 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-02 15:02:33 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-02 15:02:29 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-02 15:02:29 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-02 15:01:47 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-02 14:58:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-02 14:57:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-02 14:55:12 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-02 14:54:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-02 14:54:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-02 14:53:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-02 14:53:52 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-02 14:53:18 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-02 14:49:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-02 14:49:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-02 14:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-02 14:49:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-02 14:49:04 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-02 14:48:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-02 14:48:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 14:48:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 14:48:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-01 03:18:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-01 02:48:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-01 02:46:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-01 02:46:11 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-01 02:46:04 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-01 02:44:20 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-01 02:24:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-01 02:23:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-01 01:59:47 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-01 01:29:35 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-01 01:29:30 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-01 01:24:36 4607488 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-01 00:43:05 2445824 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-01 00:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-01 00:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-01 00:25:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-01 00:24:36 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-01 00:24:29 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-01 00:24:09 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-01 00:24:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-01 00:11:19 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-01 00:11:18 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-01 00:10:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-01 0008 6047232 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-01 00:03:41 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-31 23:51:30 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-31 23:27:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-31 23:26:53 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-31 23:10:42 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-07-24 06:11:19 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-22 07:21:06 716928 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-22 07:21:06 164992 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-22 07:21:06 1499408 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-22 07:21:06 130688 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-17 07:55:07 1179672 ----a-w- C:\Windows\unins000.exe
.
============= FINISH: 13:17:54.42 ===============
Attached Files
File Type: txt attach.txt (26.6 KB, 313 views)
grumpops is offline  
Sponsored Links
Advertisement
 
Old 10-14-2016, 09:27 AM   #2
Registered Member
 
Join Date: Mar 2007
Location: 60 Mi South of Seattle
Posts: 170
OS: i7 Quad core, 8GB DDR3, 1Tb SATA, Win 7 64 Bit



There is an added wrinkle.
It was suggested that the issue may be the HDD...ran Chkdsk, it found, seven? Corrupted files, I'm assuming in Windows.
Entered Y so it would run on next start up...mistake.
It's been over 24 hours and I finally got the computer restarted.

MIGHT be hdd.
Power button on.
Splash screen for Gateway comes up.
Cursor appears.
Windows logo and spinning little colored balls appear...then they freeze.
Then I get the NO INPUT indicator from the monitor...HDD runs up to max speed and stays there...
I did manage to get it to the WINDOWS REPAIR screen a couple of times..identified a disk problem...clicked fix...eventually lost video input to monitor and all activity on disk ceased...

I have File Scavanger..I can recover anything on this drive. I just need a working platform.
As of right now...the system is up and running but I don't dare restart it.
I just don't want to have to go to Windows 10...I run a program called GWX which, for a year, has been insuring I don't get windows 10 force fed to me.
I'm fairly certain Windows 10 was developed by the NSA after the wikileaks fiasco so they could still spy on everyone.
grumpops is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
ESET threats
In earlier message, and in continuation of another thread on another conmuter I started a thread stating that having tried ESET it had found a number of threats which i will mention at the end. meanwhile I ran DDS abnd will add the the logs. Gmer found rootkit activity but when I ran the scan on...
qimqim Inactive Malware Help Topics 13 12-13-2013 07:22 PM
Help..xp bsod when i run virus scan.
Hi, this is Troy, i have windows xp with sp3 and i everytime i run a virus scan and have run multiple kinds from windows to maleware bytes...you name it. I get to a point in the scan where i get a blue screen and then computer shuts down. When i run it with out doing a scan the computer stays on....
sootherlol Virus/Trojan/Spyware Help 0 02-18-2013 05:31 PM
Repost Per: CatByte Trojan:dos/alureon.e and SmartHDD problem
Trojan:dos/alureon.e and SmartHDD problem Hello, I hope I'm at the right area for help. This pc I'm on was infected with Trojan:dos/alureon.e and SmartHDD. I was able to get to the net somehow and I installed and ran Malwarebytes and got rid of SmartHDD. Then I ran Windows Defender and it found...
mg67 Resolved HJT Threads 23 07-30-2012 06:24 AM
Bad Image Errors
I'm trying to get rid of some bad image errors and rundll errors during start-up on my windows xp computer. I ran the HiJackThis program and here is the log. I don't know which ones to delete. Please help. How do I avoid this in the future? Logfile of Trend Micro HijackThis v2.0.4 Scan...
Generalpork12 Resolved HJT Threads 15 02-16-2012 03:52 PM
3TB HDD won't format
I recently bought a 3TB 5400RPM hard drive and placed it in an enclosure. I orginially had connected it to my PC via USB 2.0 and formatted the entire drive and everything seemed to be in working order. After that I decided to connect the drive via eSATA because of the speed increase. When...
UhOhOhNo Hard Drive Support 8 09-13-2011 08:22 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:02 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts