Jump to content

I think I might be infected....Help


Recommended Posts

  • Root Admin

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
Link to post
Share on other sites

I do apoligize, I got it to run.. here is the files

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1 Pro Preview
Boot Device: \Device\HarddiskVolume2
Install Date: 7/20/2013 8:08:11 PM
System Uptime: 9/3/2013 10:01:43 PM (1 hours ago)
.
Motherboard: ASRock |  | N61P-S
Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | CPUSocket | 2210/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 23.197 GiB free.
D: is FIXED (NTFS) - 373 GiB total, 130.251 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&A51C920&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&A51C920&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&A51C920&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&A51C920&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP9: 8/27/2013 6:19:22 PM - Scheduled Checkpoint
RP10: 8/29/2013 3:06:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP11: 8/30/2013 3:46:41 PM - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Alesis Firmware Update V1.0
Ant.com IE add-on
Atlantis Gold Casino
avast! Free Antivirus
Casino Fiz
Cool Cat Casino
Free DVD Video Converter version 2.0.13.320
Free Studio version 2013
Google Chrome
Google Update Helper
Jackpot Capital
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
JHelioviewer
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiniTool Partition Wizard Home Edition 7.8
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MPL3D Solar System v1.2
My OV Casino
NirSoft WirelessNetView
NVIDIA Control Panel 307.68
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice 4.0.0
Opera 12.16
SAMSUNG USB Driver for Mobile Phones
SlimCleaner
Sophos Virus Removal Tool
Spybot - Search & Destroy
SUPERAntiSpyware
Toolwiz Care
UMPlayer 0.98 [Athlon]
Virtual Casino
Waterfox
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 9:43:31 PM, Error: Service Control Manager [7000]  - The Windows Defender Network Inspection Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
9/3/2013 10:45:28 PM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
9/3/2013 10:45:01 PM, Error: Service Control Manager [7031]  - The Time Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/3/2013 10:45:01 PM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
9/3/2013 10:45:01 PM, Error: Service Control Manager [7031]  - The Function Discovery Resource Publication service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/3/2013 10:05:19 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/3/2013 10:05:19 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
9/3/2013 10:03:15 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
9/3/2013 10:03:04 PM, Error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
9/3/2013 10:01:46 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
9/2/2013 1:32:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/30/2013 3:32:10 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
8/28/2013 4:49:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/27/2013 4:35:21 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer BIGBOB-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5ABC99C8-37EB-4936-AFF1-97614E8F62E6}. The master browser is stopping or an election is being forced.
8/27/2013 4:34:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9431.0  BrowserJavaVersion: 10.25.2
Run by Richard at 23:31:00 on 2013-09-03
Microsoft Windows 8.1 Pro Preview  6.3.9431.0.1252.1.1033.18.3839.2808 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskhostex.exe
C:\Windows\System32\SettingSyncHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9431.167_x64__8wekyb3d8bbwe\glcnd.exe
C:\Windows\System32\RuntimeBroker.exe
svchost.exe
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [ToolwizCareFree] "C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe" -autorun
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5ABC99C8-37EB-4936-AFF1-97614E8F62E6} : NameServer = 192.168.2.1
TCP: Interfaces\{5ABC99C8-37EB-4936-AFF1-97614E8F62E6} : DHCPNameServer = 192.168.2.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lcjvcjum.default\

FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\WINDOWS\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll
FF - plugin: C:\WINDOWS\System32\npDeployJava1.dll
FF - plugin: C:\WINDOWS\System32\npmproxy.dll
FF - ExtSQL: 2013-07-23 23:48; PornMD@PornMD; C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lcjvcjum.default\extensions\PornMD@PornMD.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2013-8-18 65336]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\Drivers\aswVmm.sys [2013-8-18 189936]
R0 BTOWSVF;BTOWSVF;C:\WINDOWS\System32\Drivers\BTOWSVF.sys [2013-6-9 59648]
R0 gfibto;gfibto;C:\WINDOWS\System32\Drivers\gfibto.sys [2013-8-1 14456]
R0 KSafeDISK;KSafeDISK;C:\WINDOWS\System32\Drivers\KSafeDISK.sys [2013-6-9 52992]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\Drivers\ahcache.sys [2013-6-15 77312]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2013-8-18 1030952]
R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2013-8-18 378944]
R1 BTOWSFF;BTOWSFF;C:\WINDOWS\System32\Drivers\BTOWSFF.sys [2013-6-9 33024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2013-8-18 33400]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2013-8-18 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-18 46808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-14 1369624]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-6-15 37768]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-6-15 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\Drivers\NdisVirtualBus.sys [2013-6-15 16384]
R3 workfolderssvc;Work Folders Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-6-15 37768]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-14 168384]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\Drivers\ADP80XX.SYS [2013-4-22 788240]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-6-15 37768]
S3 gfiark;gfiark;C:\WINDOWS\System32\Drivers\gfiark.sys [2013-5-14 39504]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\Drivers\iaStorAV.sys [2013-6-15 650736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2013-6-15 114176]
S3 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\Drivers\intelpep.sys [2013-6-15 37640]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-6-15 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\Drivers\lsi_sas3.sys [2013-6-15 81672]
S3 netvsc;netvsc;C:\WINDOWS\System32\Drivers\netvsc63.sys [2013-6-15 88064]
S3 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2013-7-9 19032]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2013-7-9 9584]
S3 ReFS;ReFS;C:\WINDOWS\System32\Drivers\refs.sys [2013-6-15 934152]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-6-15 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\Drivers\SerCx2.sys [2013-6-15 138752]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-6-15 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\Drivers\stornvme.sys [2013-6-15 56584]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\Drivers\uefi.sys [2013-6-15 27912]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2013-6-15 128512]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-6-15 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\Drivers\WdNisDrv.sys [2013-6-15 126216]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2013-6-15 345336]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-6-15 37768]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2013-6-15 236544]
S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-09-04 06:12:16    25928    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2013-09-03 17:36:11    270512    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin
2013-08-30 22:52:11    108968    ----a-w-    C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2013-08-30 22:48:10    96168    ----a-w-    C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-08-29 10:14:15    --------    d-----w-    C:\Users\Richard\AppData\Roaming\OpenOffice
2013-08-29 10:09:24    --------    d-----w-    C:\Program Files (x86)\OpenOffice 4
2013-08-18 15:52:04    --------    d-----w-    C:\Users\Richard\AppData\Local\Adobe
2013-08-18 15:46:01    72016    ----a-w-    C:\WINDOWS\System32\drivers\aswRdr2.sys
2013-08-18 15:45:28    65336    ----a-w-    C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-08-18 15:45:28    189936    ----a-w-    C:\WINDOWS\System32\drivers\aswVmm.sys
2013-08-18 15:45:28    1030952    ----a-w-    C:\WINDOWS\System32\drivers\aswSnx.sys
2013-08-18 15:45:27    80816    ----a-w-    C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-08-18 15:43:41    41664    ----a-w-    C:\WINDOWS\avastSS.scr
2013-08-18 15:42:31    --------    d-----w-    C:\Program Files\AVAST Software
2013-08-18 15:41:33    --------    d-----w-    C:\ProgramData\AVAST Software
2013-08-18 13:26:55    941720    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69B9843C-C5E8-4050-83C7-12364EFBAEDF}\gapaengine.dll
2013-08-18 13:26:47    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{971840F7-8C8A-4548-91BF-CDCED0C5DFF5}\mpengine.dll
2013-08-17 05:54:19    702440    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-08-17 05:54:19    108520    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-08-16 21:37:23    --------    d-----w-    C:\spybot
2013-08-15 02:20:13    4246528    ----a-w-    C:\WINDOWS\SysWow64\jscript9.dll
2013-08-15 02:20:03    5636096    ----a-w-    C:\WINDOWS\System32\jscript9.dll
2013-08-15 02:16:18    432904    ----a-w-    C:\WINDOWS\System32\mfsvr.dll
2013-08-15 02:16:14    750080    ----a-w-    C:\WINDOWS\System32\MFMediaEngine.dll
2013-08-15 02:16:06    338896    ----a-w-    C:\WINDOWS\SysWow64\mfsvr.dll
2013-08-15 02:16:05    258264    ----a-w-    C:\WINDOWS\System32\MFPlay.dll
2013-08-15 02:16:01    613376    ----a-w-    C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-08-15 02:16:00    206048    ----a-w-    C:\WINDOWS\SysWow64\MFPlay.dll
2013-08-15 02:15:45    1788928    ----a-w-    C:\WINDOWS\SysWow64\wininet.dll
2013-08-15 02:15:44    2207232    ----a-w-    C:\WINDOWS\System32\wininet.dll
2013-08-15 02:15:37    346624    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2013-08-15 02:15:36    243712    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
.
==================== Find3M  ====================
.
2013-08-30 22:51:53    1093032    ----a-w-    C:\WINDOWS\System32\npDeployJava1.dll
2013-08-30 22:51:52    972712    ----a-w-    C:\WINDOWS\System32\deployJava1.dll
2013-08-30 22:47:55    867240    ----a-w-    C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-08-30 22:47:55    789416    ----a-w-    C:\WINDOWS\SysWow64\deployJava1.dll
2013-08-01 11:50:29    14456    ----a-w-    C:\WINDOWS\System32\drivers\gfibto.sys
2013-07-21 03:07:01    395520    ----a-w-    C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-07-21 03:07:01    1538304    ----a-w-    C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-07-12 02:34:20    4208128    ----a-w-    C:\WINDOWS\System32\SyncEngine.dll
2013-07-09 04:10:54    50688    ----a-w-    C:\WINDOWS\System32\MbaeXmlParser.dll
2013-07-03 06:47:34    13506048    ----a-w-    C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-07-03 06:23:08    17929216    ----a-w-    C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-07-03 05:46:10    269312    ----a-w-    C:\WINDOWS\apppatch\apppatch64\AcGenral.dll
2013-07-03 04:59:47    2364416    ----a-w-    C:\WINDOWS\apppatch\AcGenral.dll
2013-06-29 04:03:37    318464    ----a-w-    C:\WINDOWS\System32\newdev.dll
2013-06-29 03:09:29    294400    ----a-w-    C:\WINDOWS\SysWow64\newdev.dll
2013-06-28 02:27:28    649216    ----a-w-    C:\WINDOWS\System32\rasapi32.dll
2013-06-28 02:11:15    590336    ----a-w-    C:\WINDOWS\SysWow64\rasapi32.dll
2013-06-28 01:55:15    617472    ----a-w-    C:\WINDOWS\System32\WWAHost.exe
2013-06-28 01:54:22    505344    ----a-w-    C:\WINDOWS\SysWow64\WWAHost.exe
2013-06-27 04:40:01    1356800    ----a-w-    C:\WINDOWS\System32\SmartcardCredentialProvider.dll
2013-06-27 04:16:39    1013248    ----a-w-    C:\WINDOWS\SysWow64\SmartcardCredentialProvider.dll
2013-06-21 09:57:18    817504    ----a-w-    C:\WINDOWS\System32\mfplat.dll
2013-06-21 09:57:18    705936    ----a-w-    C:\WINDOWS\System32\mfmp4srcsnk.dll
2013-06-21 09:57:15    986440    ----a-w-    C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-06-21 09:57:15    778264    ----a-w-    C:\WINDOWS\System32\mfsrcsnk.dll
2013-06-21 07:27:59    638256    ----a-w-    C:\WINDOWS\SysWow64\mfplat.dll
2013-06-21 07:27:59    553056    ----a-w-    C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2013-06-21 07:27:57    784408    ----a-w-    C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-06-21 07:27:57    597992    ----a-w-    C:\WINDOWS\SysWow64\mfsrcsnk.dll
2013-06-20 06:59:20    12849152    ----a-w-    C:\WINDOWS\System32\twinui.dll
2013-06-20 05:15:58    11428352    ----a-w-    C:\WINDOWS\SysWow64\twinui.dll
2013-06-20 04:20:51    5914624    ----a-w-    C:\WINDOWS\System32\Windows.UI.Search.dll
2013-06-20 04:17:29    4016128    ----a-w-    C:\WINDOWS\SysWow64\Windows.UI.Search.dll
2013-06-16 08:49:08    778936    ----a-w-    C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-06-16 08:49:08    35480    ----a-w-    C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-06-16 08:49:08    35480    ----a-w-    C:\WINDOWS\System32\TsWpfWrp.exe
2013-06-16 08:49:08    124112    ----a-w-    C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-06-16 08:49:08    1166520    ----a-w-    C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-06-16 08:49:08    102608    ----a-w-    C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-06-16 08:30:50    5632    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-06-16 08:30:50    11264    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2013-06-16 08:30:49    7168    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2013-06-16 08:30:49    2560    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2013-06-16 05:36:30    193536    ----a-w-    C:\WINDOWS\SysWow64\msclmd.dll
2013-06-16 05:36:29    23040    ----a-w-    C:\WINDOWS\System32\drivers\secdrv.sys
2013-06-16 05:36:28    213504    ----a-w-    C:\WINDOWS\System32\msclmd.dll
2013-06-16 03:19:39    145920    ----a-w-    C:\WINDOWS\System32\tssdisai.dll
2013-06-16 03:19:39    137216    ----a-w-    C:\WINDOWS\System32\appserverai.dll
2013-06-16 03:19:39    130560    ----a-w-    C:\WINDOWS\System32\RDWebAI.dll
2013-06-16 03:19:39    114176    ----a-w-    C:\WINDOWS\System32\VmHostAI.dll
2013-06-16 03:19:30    138752    ----a-w-    C:\WINDOWS\System32\poqexec.exe
2013-06-16 03:19:28    123904    ----a-w-    C:\WINDOWS\SysWow64\poqexec.exe
2013-06-16 02:35:50    35080    -c--a-w-    C:\WINDOWS\System32\drivers\battc.sys
2013-06-16 02:34:59    79112    ----a-w-    C:\WINDOWS\System32\mcupdate_AuthenticAMD.dll
2013-06-16 02:32:49    87824    -c--a-w-    C:\WINDOWS\System32\drivers\usbehci.sys
2013-06-16 02:31:57    52064    ----a-w-    C:\WINDOWS\System32\wldp.dll
2013-06-16 02:30:58    177928    ----a-w-    C:\WINDOWS\System32\drivers\ksecpkg.sys
2013-06-16 02:30:58    113928    ----a-w-    C:\WINDOWS\System32\consent.exe
2013-06-16 02:30:52    135440    ----a-w-    C:\WINDOWS\System32\drivers\wfplwfs.sys
2013-06-16 02:30:46    37768    ----a-w-    C:\WINDOWS\System32\svchost.exe
2013-06-16 02:28:39    28848    ----a-w-    C:\WINDOWS\System32\PrintDialogHost.exe
2013-06-16 02:28:14    509704    ----a-w-    C:\WINDOWS\System32\netcfgx.dll
2013-06-16 02:28:10    62960    ----a-w-    C:\WINDOWS\System32\wwapi.dll
2013-06-16 02:28:10    101208    ----a-w-    C:\WINDOWS\System32\mpr.dll
2013-06-16 02:28:06    85672    ----a-w-    C:\WINDOWS\System32\taskhost.exe
2013-06-16 02:28:06    422920    ----a-w-    C:\WINDOWS\System32\wevtapi.dll
2013-06-16 02:28:06    1702784    ----a-w-    C:\WINDOWS\System32\taskschd.dll
2013-06-16 02:28:05    85120    ----a-w-    C:\WINDOWS\System32\taskhostex.exe
2013-06-16 02:28:05    172440    ----a-w-    C:\WINDOWS\System32\wscapi.dll
2013-06-16 02:27:58    433928    ----a-w-    C:\WINDOWS\System32\msv1_0.dll
2013-06-16 02:27:57    97544    ----a-w-    C:\WINDOWS\System32\phoneactivate.exe
2013-06-16 02:27:57    57608    ----a-w-    C:\WINDOWS\System32\changepk.exe
2013-06-16 02:27:57    193288    ----a-w-    C:\WINDOWS\System32\basecsp.dll
2013-06-16 02:27:24    38152    ----a-w-    C:\WINDOWS\System32\drivers\werkernel.sys
2013-06-16 02:27:00    261896    ----a-w-    C:\WINDOWS\System32\WMASF.DLL
2013-06-16 02:25:49    1653784    ----a-w-    C:\WINDOWS\System32\WindowsCodecs.dll
2013-06-16 02:24:41    36208    ----a-w-    C:\WINDOWS\System32\WerFaultSecure.exe
2013-06-16 02:24:32    70416    ----a-w-    C:\WINDOWS\System32\drivers\vpci.sys
2013-06-16 02:24:32    553224    -c--a-w-    C:\WINDOWS\System32\drivers\vhdmp.sys
2013-06-16 02:24:32    37640    -c--a-w-    C:\WINDOWS\System32\drivers\vdrvroot.sys
2013-06-16 02:24:32    19728    ----a-w-    C:\WINDOWS\System32\kdhv1394.dll
2013-06-16 02:24:30    26888    ----a-w-    C:\WINDOWS\System32\drivers\WpdUpFltr.sys
2013-06-16 02:24:06    50176    ----a-w-    C:\WINDOWS\System32\NAPCRYPT.DLL
2013-06-16 02:24:06    37640    -c--a-w-    C:\WINDOWS\System32\drivers\terminpt.sys
2013-06-16 02:24:06    125440    ----a-w-    C:\WINDOWS\System32\NAPHLPR.DLL
2013-06-16 02:24:05    5118976    ----a-w-    C:\WINDOWS\System32\AuthFWSnapin.dll
2013-06-16 02:24:04    133120    ----a-w-    C:\WINDOWS\System32\dnscmmc.dll
2013-06-16 02:24:04    114176    ----a-w-    C:\WINDOWS\System32\AuthFWWizFwk.dll
2013-06-16 02:22:55    389392    ----a-w-    C:\WINDOWS\System32\tsmf.dll
2013-06-16 02:22:55    346464    ----a-w-    C:\WINDOWS\System32\winsta.dll
2013-06-16 02:22:55    267992    ----a-w-    C:\WINDOWS\System32\wkspbroker.exe
2013-06-16 02:22:54    73784    ----a-w-    C:\WINDOWS\System32\sessionmsg.exe
2013-06-16 02:22:54    61904    ----a-w-    C:\WINDOWS\System32\wtsapi32.dll
2013-06-16 02:22:54    43328    ----a-w-    C:\WINDOWS\System32\utildll.dll
2013-06-16 02:22:15    69392    ----a-w-    C:\WINDOWS\System32\apisetschema.dll
2013-06-16 02:22:13    668248    ----a-w-    C:\WINDOWS\System32\advapi32.dll
2013-06-16 02:21:14    1638832    ----a-w-    C:\WINDOWS\System32\winload.efi
2013-06-16 02:21:14    1503496    ----a-w-    C:\WINDOWS\System32\winload.exe
2013-06-16 02:21:14    1474536    ----a-w-    C:\WINDOWS\System32\winresume.efi
2013-06-16 02:21:14    1344392    ----a-w-    C:\WINDOWS\System32\winresume.exe
.
============= FINISH: 23:33:38.07 ===============
 

 

Link to post
Share on other sites

  • Root Admin

Well you have 2 antivirus products running - you should only have 1 running.  Windows 8 comes with its own now.

 

You also do realize this is just a Preview version of Windows 8 and it will expire?

 

You do have something going on that is either an infection or software conflicts as you have a lot of issues shown in the logs.

 

Same as before, I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.