my roommate managed to do a system restore to four days ago and that problem disappeared, YAY

when i right click any folder system will be hang

i have downloaded something and it has put some sort of virus on my computer, it has added an extra gateway on my router and it is coming from china (gateway - 150.101.32.85). This virus has slowed my internet download really bad and i do not know how to get this off my router.
I am using windows 7, i have a netgear smart wizard router manager and there is picture of the extra gateway on my router attached
Please help

btw i have tried resetting the router but the gateway was changed back when i turned my computer on

Attached Images

ip thing.PNG (87.6 KB)

Since you already have a thread ongoing for this issue I'm closing this one. It may at some point be referred back over here for for now please continue in the other thread.

I installed the "important" updates and left the "recommended" ones (trying to figure out how to delete them) and all still seems to be well. Google seems to be working fine so I am going to uninstall IE as I am currently taking internet courses and really need to use my computer! If this is a bad move, please advise.

Hi and welcome

What is the exact model # of the phone?

Hello and welcome,

Run the following and post the produced logs...

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7/8, right-click on it and Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
• If the tool does not run from any of the links provided, please let me know.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thank you,

Kevin...

Opening the topic.

It may as registry entries are created. If not, manually delete those folders, then empty the Recycle Bin.

Both my mouse and keyboard drivers freeze up and if I change to another USB ports, then it will work, but again after some random time (could be an hour to couple of days), it will freeze up. Then I switch to another set of USP ports. Again it works for some random time and then it freezes. If I use the prior USB ports, they dont work. So, ultimately I have to re-start my PC and start my routine again. I have been using my PC, withe same mouse and keyboard for the past 1 - 1.5 years without any issues. This problem just surfaced about 4 - 5 weeks ago!

In the event file, I do see this error TWICE:
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

I ran the DDS from this posting:
Download to Desktop: DDS by sUBs from one of these locations:
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.scr
double click DDS.scr to run
When complete, DDS.txt will open.
Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here

...
so here are the contents:


DDS.TXT:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.25.2
Run by Naren-new at 18:39:54 on 2015-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.4968 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Naren-new\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
C:\Program Files (x86)\dtSearch\bin\dtSearchw.exe
C:\Program Files (x86)\dtSearch\bin\dtIndexerW.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Notepad++\notepad++.exe
C:\Users\Naren-new\Downloads\putty.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\WINDOWS\System32\taskmgr.exe
C:\MySQL Workbench 6.2.4 CE (winx64)\MySQLWorkbench.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {ea576c88-4993-4e97-9926-7c8379c29927} - <orphaned>
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [CloudSystemBooster] "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" /hide /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe -update activex
StartupFolder: C:\Users\NAREN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Naren-new\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.32.5.40 192.32.5.41
TCP: Interfaces\{04C7D6AD-3065-4C1E-8214-8573B5F77A7A} : NameServer = 192.168.0.1
TCP: Interfaces\{04C7D6AD-3065-4C1E-8214-8573B5F77A7A}\26974756B6 : NameServer = 192.168.0.1
TCP: Interfaces\{04C7D6AD-3065-4C1E-8214-8573B5F77A7A}\26974756B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{04C7D6AD-3065-4C1E-8214-8573B5F77A7A}\75962756C6563737D21496272616E646 : NameServer = 192.168.0.1
TCP: Interfaces\{04C7D6AD-3065-4C1E-8214-8573B5F77A7A}\75962756C6563737D21496272616E646 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9C1C643E-2202-40BC-BC3D-25AF3C08BEC5} : DHCPNameServer = 192.32.5.40 192.32.5.41
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: {ea576c88-4993-4e97-9926-7c8379c29927} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.32.5.31 www.beyondtekit.com
Hosts: 192.32.5.31 beyondtekit.com
Hosts: 192.32.5.31 www.beyondtechit.com
Hosts: 192.32.5.31 beyondtechit.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Naren-new\AppData\Roaming\Mozilla\Firefox\Profiles\1l4p2olw.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll
FF - plugin: C:\Users\Naren-new\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Naren-new\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Naren-new\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\WebClient\npwebclient.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-20 55856]
R1 asd2fsm;asd2fsm;C:\Windows\System32\drivers\asd2fsm.sys [2015-1-12 51608]
R1 Asdids;Anvisoft Intrusion Detection System (NDIS6.0);C:\Windows\System32\drivers\asdids.sys [2014-11-23 50584]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [2014-8-20 42680]
R2 ASD2Svc;Anvi Smart Defender 2 Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [2014-11-23 1187840]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-20 13336]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-16 93400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-16 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-16 969016]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-18 5037888]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-12 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-9-12 406056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-16 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac. sys [2014-6-16 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-29 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-12 158976]
S3 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-28 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe --> C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\TextPad.exe="C:\Program Files (x86)\TextPad 6\TextPad.exe" -s "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-01-20 02:36:03 -------- d-----w- C:\Users\Naren-new\AppData\Local\SecTaskMan
2015-01-20 02:36:03 -------- d-----w- C:\ProgramData\SecTaskMan
2015-01-20 02:35:55 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2015-01-20 02:28:11 -------- d-----w- C:\Program Files (x86)\Secure Speed Dial
2015-01-17 19:53:00 -------- d-----r- C:\Users\Naren-new\Dropbox
2015-01-17 19:49:38 -------- d-----w- C:\Users\Naren-new\AppData\Roaming\Dropbox
2015-01-17 18:59:52 -------- d-----w- C:\ProgramData\IntelDLM
2015-01-15 20:40:53 -------- d-----w- C:\Users\Naren-new\AppData\Local\ElevatedDiagnostics
2015-01-14 23:40:09 -------- d-----w- C:\Users\Naren-new\AppData\Local\LogMeIn Rescue Applet
2015-01-13 17:59:17 -------- d-----w- C:\MySQL Workbench 6.2.4 CE (winx64)
2015-01-13 03:30:38 -------- d-----w- C:\Thunderbird signature
2015-01-13 03:20:03 51608 ----a-w- C:\Windows\System32\drivers\asd2fsm.sys
2015-01-13 03:01:00 -------- d-----w- C:\Users\Naren-new\AppData\Local\Deployment
2015-01-13 02:51:16 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2015-01-13 02:51:16 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2015-01-13 02:51:16 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2015-01-13 02:51:16 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2015-01-13 00:50:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-13 00:50:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-13 00:50:10 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-13 00:50:10 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-11 19:33:12 -------- d-----w- C:\Users\Naren-new\AppData\Local\Anvisoft
2015-01-11 18:51:58 -------- d-----w- C:\ProgramData\boost_interprocess
2015-01-11 18:51:43 -------- d-----w- C:\ProgramData\Anvisoft
2015-01-11 18:51:41 -------- d-----w- C:\Program Files (x86)\Anvisoft
2015-01-11 18:31:21 -------- d-sh--w- C:\Users\Naren-new\AppData\Local\EmieBrowserModeList
2015-01-09 22:35:43 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2015-01-07 18:25:47 -------- d-----w- C:\Users\Naren-new\AppData\Local\Apps
2014-12-30 03:17:32 -------- d-----w- C:\Users\Naren-new\My Backup Files
2014-12-29 21:01:39 -------- d-----w- C:\ProgramData\Package Cache
2014-12-29 20:44:16 -------- d-----w- C:\Windows\System32\appraiser
2014-12-29 20:17:50 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-29 20:17:50 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-29 20:17:50 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-29 20:17:50 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-29 20:17:50 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-29 20:17:50 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-29 20:17:50 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-29 20:17:50 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-29 20:17:50 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-29 20:17:50 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-29 20:11:55 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-12-29 20:11:55 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-12-29 20:10:25 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-12-29 20:10:25 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-12-29 20:10:25 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-12-29 20:10:25 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-12-29 20:10:23 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-12-29 20:10:23 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-12-29 20:10:15 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-12-29 20:10:15 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-12-29 20:00:35 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-29 20:00:35 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-29 20:00:35 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-29 20:00:35 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-29 20:00:35 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-29 20:00:35 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-29 20:00:35 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-29 20:00:34 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-29 20:00:17 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-12-29 19:56:15 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-12-29 19:56:15 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-12-29 19:56:15 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-12-29 19:56:15 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-12-29 19:56:15 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-12-29 19:56:15 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-12-29 19:56:15 112064 ----a-w- C:\Windows\System32\consent.exe
2014-12-29 19:56:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-29 19:56:11 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-29 19:54:27 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-12-29 19:54:26 77824 ----a-w- C:\Windows\System32\packager.dll
2014-12-29 19:54:26 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-12-29 19:54:26 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-12-29 19:54:26 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-12-29 19:54:06 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-12-29 19:54:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-12-29 19:53:42 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-12-29 19:53:42 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-12-29 19:25:51 -------- d-----w- C:\X-MySQL Workbench 6.2.4 CE (winx64)
.
==================== Find3M ====================
.
2015-01-21 09:50:48 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:17 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-10 07:10:51 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 07:10:51 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-09 05:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-11-24 01:40:12 50584 ----a-w- C:\Windows\System32\drivers\asdids.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 05:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
.
============= FINISH: 18:41:03.52 ===============


attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2012 3:07:47 PM
System Uptime: 1/20/2015 6:33:42 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0Y2MRG
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 630.011 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1501 Wireless-N WLAN Half-Mini Card
Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_00101028&REV_01\4&AA4FEAE&0&00E0
Manufacturer: Broadcom
Name: DW1501 Wireless-N WLAN Half-Mini Card
PNP Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_00101028&REV_01\4&AA4FEAE&0&00E0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP482: 12/30/2014 - Scheduled Checkpoint
RP483: 1/6/2015 12:00:01 AM - Scheduled Checkpoint
RP484: 1/12/2015 7:19:46 PM - Anvi CSB 3.5
RP485: 1/12/2015 7:21:35 PM - Device Driver Package Install: Anvisoft Network Service
RP486: 1/13/2015 9:22:00 AM - Installed MySQL Workbench 6.2 CE
RP487: 1/13/2015 9:28:36 AM - Installed MySQL Installer - Community
RP488: 1/13/2015 9:49:04 AM - Installed MySQL Workbench 6.2 CE
RP489: 1/13/2015 9:52:09 AM - Installed MySQL Workbench 6.2 CE
RP490: 1/14/2015 10:45:04 AM - Windows Update
RP491: 1/16/2015 6:18:23 PM - Installed TextPad 7.
RP492: 1/16/2015 6:20:04 PM - Installed TextPad 7.
RP493: 1/16/2015 6:22:14 PM - Installed TextPad 6.
RP494: 1/17/2015 10:53:42 AM - Intel® Driver Update Utility
RP495: 1/17/2015 11:24:32 AM - Intel® Driver Update Utility
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
AccelerateTab
ActivePerl 5.18.2 Build 1802 (64-bit)
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.10)
Aid4Mail3 (Remove only)
Anvi Smart Defender 2.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG 2015
Bonjour
Cisco WebEx Meetings
Citrix Online Launcher
Citrix XenCenter
Cloud System Booster
Consumer In-Home Service Agreement
Cozi
Data Toolbar 2.3.1
DefaultTab
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
Dropbox
dtSearch
DW WLAN Card
Easy List Manager
Email Address Collector
Google Chrome
Google Drive
Google Update Helper
GoToAssist Corporate
iCloud
Intel(R) Chipset Device Software
Intel(R) Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 25 (64-bit)
Java(TM) 6 Update 27 (64-bit)
KeePass Password Safe 2.28
Malwarebytes Anti-Malware version 2.0.4.1028
MessageSave (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft OneDrive
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
My Dell
MySQL Connector C++ 1.1.4
MySQL Connector J
MySQL Connector Net 6.9.5
MySQL Connector/ODBC 5.3
MySQL Documents 5.6
MySQL Examples and Samples 5.6
MySQL Fabric 1.5.3 & MySQL Utilities 1.5.3
MySQL For Excel 1.3.3
MySQL Installer
MySQL Installer - Community
MySQL Notifier 1.1.6
MySQL Server 5.6
MySQL Workbench 6.1 CE
NVIDIA Display Control Panel
O2M 2.1 (Outlook 2002/2003/XP/2007)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OI App Manager
Ontrack(R) PowerControls(TM) 4.0
OutWit Hub 4.1.0.65 (x86 en-US)
PCVITA Outlook Magic v3.1
PDFCreator
PhotoShowExpress
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Task Manager 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SendBlaster 2
Skype Click to Call
Skype™ 6.22
Sonic CinePlayer Decoder Pack
Stellar Outlook PST to MBOX Converter
Strawberry Perl (64-bit)
TeamViewer 9
TextPad 6
Thunderbird to Outlook Converter
THX TruStudio PC
TreeSize Free V3.2.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
WebClient
Windows Live Mesh ActiveX Control for Remote Connections
WinRAR archiver
WinSCP 5.1.7
WinZip
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
1/20/2015 6:34:19 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
.
==== End Of File ===========================



Here is the info from TSG Sysinfo utility:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8174 Mb
Graphics Card: NVIDIA GeForce GT 530, 1024 Mb
Hard Drives: C: Total - 940199 MB, Free - 644840 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

Hi blah321

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  
  
  - Save ALL Tools to your Desktop-
  
  All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
  
  Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
  Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
  "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
  Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
  and the click the "Select Folder" button. Click OK to get out of the Options menu.
  Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
  select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
  NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
  

Let's get started....


Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

Hi tenntod,
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
Right click the TFC icon and choose Run as administrator.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool

• Download FRST64 and save to your Desktop.
  
• Double click Frst64.exe to launch it.
• FRST64 will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127

I'm in New Zealand so there is time difference. If a complete fix could be made that would be even more helpful.

Thanks.

I reset IE, and also disabled those startup items through the task manager.

I finally ran the ESET scan this morning and this is what it found. I made sure I had the real time protection of Avira disabled, so I was a little surprised to see entries having to do with Avira show up in the scan?

C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\edcarolyn\AppData\Local\Microsoft\Windows\INetCache\IE\IS6SX0MP\Do uble_Click_to_Install_My_CenturyLink_Toolbar10-5.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

Hi Lindabob, :)

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

• Step #1 Scan with Farbar Recovery Scan Tool
  • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
    Download link for 32 bit system
    Download link for 64 bit system
  • Right-click on the program and choose Run as administrator;
  • Put tick-mark on all boxes under Whitelist and Optional Scan;
  • Click on Scan;
  • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

• Required Log(s):
  • Farbar Tool Log(s)--
    • FRST.txt
    • Addition.txt

Regards,
Valinorum

OK thank you very much for your help

Maxibhoy,

Do you still need assistance here?
It has been a week since your request and my response. If you do not reply by tomorrow, I will remove this thread from my notification list. In 45 days (with no response) this thread will auto close.

Dbreeze

I recently did a factory reset and when it completed my PC was really slow!! I tried a virus scan, optimization, clean, SFC SCANNOW in CMD and everything is updated... Any help will be appreciated!!

Hello,

I found the culprit: Comodo Firewall. Now everything is cool again.

Thanks!

OK - Back from AZ and the laptop seems to be working great. Thanks so much.
I have one question at this point:
Get pop-up that says:
Windows Defender
If you are using another program that checks for harmful or unwanted software, use the action center to check that program's status. If you would like to use this program, click here to turn it on.
Do I need this or does Free AVAST cover me? Do I just continue to ignore pop - up?