Jump to content

Possible Infections


Recommended Posts

Hello everyone.  I am trying to figure out a problem with my Fiances computer.  In the past few days I have attempted to remove many tasks that were eating up system memory and generally causing system disruptions.  I think I got rid of the Iexplorer.exe that was running in the background and I have been attempting to remove a fedex virus from her computer but whenever I restart this thing comes back up.  I am curious if I am on the right track or if there is anything I am missing so far.  Below is my log files in case they are needed.  Thank you for your time and have a nice day.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.25.2
Run by HP at 16:01:11 on 2014-06-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7667.2430 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\HP\My Games\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
svchost.exe
C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Windows\system32\msconfig.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\HP\Downloads\RogueKillerX64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=888596&fr=spigot-yhp-ie
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Homepage Print 2BHO: {EFC91ACA-519F-428D-8472-81E158609D25} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll
TB: Homepage Print 2: {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll
EB: Homepage Print 2: {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [steam] "C:\Users\HP\My Games\Steam\steam.exe" -silent
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [ROC_ROC_APR2013_AV] C:\Users\HP\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [Akamai NetSession Interface] "C:\Users\HP\AppData\Local\Akamai\netsession_win.exe"
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\HP\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 --CMPID 0913a
uRun: [DeskDriveStartup] C:\Program Files (x86)\Blue Onion Software\DeskDrive\DeskDrive.exe
uRun: [AVG-Secure-Search-Update_1113a] C:\Users\HP\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 /CMPID=1113a
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\HP\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 /CMPID=0214c
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
uRun: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [ckqgcmre] "C:\Users\HP\AppData\Local\gapnlbjx.exe"
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [brHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\459676562702E45647 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\4596765627E45647 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\47967656274796D656 : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-1-8 56336]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-24 50464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-4-13 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-5-29 282112]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-14 533096]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Users\HP\My Applications\Elements 11 Organizer\PhotoshopElementsFileAgent.exe --> C:\Users\HP\My Applications\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2014-6-6 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2014-6-6 21872]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-12-2 96184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-06-30 18:52:20 90112 ----a-w- C:\Users\HP\AppData\Local\gapnlbjx.exe
2014-06-30 17:43:59 92688 ----a-w- C:\Users\HP\AppData\Local\csxomcib.exe
2014-06-30 15:53:13 -------- d-----w- C:\Program Files\CCleaner
2014-06-30 15:40:59 -------- d-----w- C:\Users\HP\AppData\Local\CrashDumps
2014-06-30 15:39:56 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-06-30 15:39:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2014-06-30 14:48:54 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieUserList
2014-06-30 14:48:54 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieSiteList
2014-06-29 21:16:42 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-29 21:08:10 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-29 20:46:56 -------- d-----r- C:\Antivirus Programs
2014-06-29 20:34:20 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-29 20:29:05 86528 ----a-w- C:\Users\HP\AppData\Local\ulmmsdem.exe
2014-06-20 14:42:53 87040 ----a-r- C:\Windows\System32\BrNetSti.dll
2014-06-20 14:36:53 -------- d-----w- C:\ProgramData\zeon
2014-06-20 14:35:30 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2014-06-16 15:58:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-16 15:58:41 -------- d-----w- C:\Program Files\iTunes
2014-06-16 15:58:41 -------- d-----w- C:\Program Files\iPod
2014-06-16 15:58:41 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-13 13:43:29 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-13 13:43:29 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-13 13:43:29 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-13 13:43:29 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-13 13:43:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-13 13:43:28 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-13 13:43:28 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-13 13:43:27 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-13 13:43:27 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-13 13:43:27 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-13 13:43:27 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-13 13:43:27 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-13 13:38:26 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-13 13:38:25 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-06 05:42:48 95344 ----a-w- C:\Windows\System32\drivers\BrSerIb.sys
2014-06-06 05:42:48 54272 ----a-w- C:\Windows\System32\BrUsi12c.dll
2014-06-06 05:42:48 21872 ----a-w- C:\Windows\System32\drivers\BrUsbSib.sys
2014-06-06 05:42:44 20592 ----a-w- C:\Windows\System32\brciser.dll
2014-06-06 05:42:44 12800 ----a-w- C:\Windows\System32\BrCiImg.dll
2014-06-04 15:07:41 -------- d-----w- C:\Program Files\Western Digital
.
==================== Find3M  ====================
.
2014-06-30 15:39:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-25 12:28:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-25 12:28:08 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-02 16:02:10 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 18:19:46 0 --sh--r- C:\Windows\FFSSET.BIN
2014-05-21 19:00:37 20551680 ----a-w- C:\Windows\System32\imageres.dll
2014-05-18 20:18:04 45400 ----a-w- C:\Windows\SysWow64\DiscHandler.exe
2014-05-13 18:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 18:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 18:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 18:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 18:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 18:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 18:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 18:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-05-13 15:05:56 4009984 ----a-w- C:\Windows\System32\ffmpeg.dll
2014-05-13 15:05:40 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2014-05-13 15:05:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-05-13 15:05:22 4374528 ----a-w- C:\Windows\System32\ffdshow.ax
2014-05-13 15:04:56 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2014-05-13 15:04:26 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2014-05-13 15:04:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2014-05-13 15:04:26 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2014-05-13 15:04:26 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2014-05-13 15:04:24 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2014-05-13 15:04:24 183296 ----a-w- C:\Windows\System32\ff_unrar.dll
2014-05-13 15:04:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2014-05-13 15:02:30 3916288 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2014-05-13 15:01:48 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-05-13 15:01:46 3502592 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2014-05-13 15:01:12 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00:58 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00:58 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2014-05-13 15:00:56 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2014-05-13 15:00:56 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00:56 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2014-05-13 15:00:54 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2014-05-13 15:00:52 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2014-05-01 16:02:04 428792 ----a-w- C:\Windows\System32\cdxareader.ax
2014-05-01 15:56:18 368888 ----a-w- C:\Windows\SysWow64\cdxareader.ax
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-09 13:13:00 489064 ----a-w- C:\SecurityScanner.dll
2014-04-08 20:50:26 235520 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2014-04-08 20:50:16 632320 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2014-04-08 15:30:10 7682192 ----a-w- C:\Windows\System32\avcodec-lav-55.dll
2014-04-08 15:30:10 570512 ----a-w- C:\Windows\System32\LAVSplitter.ax
2014-04-08 15:30:10 441488 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2014-04-08 15:30:10 430736 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2014-04-08 15:30:10 401040 ----a-w- C:\Windows\System32\avutil-lav-52.dll
2014-04-08 15:30:10 302224 ----a-w- C:\Windows\System32\LAVAudio.ax
2014-04-08 15:30:10 286352 ----a-w- C:\Windows\System32\libbluray.dll
2014-04-08 15:30:10 250512 ----a-w- C:\Windows\System32\avfilter-lav-4.dll
2014-04-08 15:30:10 161424 ----a-w- C:\Windows\System32\avresample-lav-1.dll
2014-04-08 15:30:10 1251984 ----a-w- C:\Windows\System32\avformat-lav-55.dll
2014-04-08 15:30:10 1109136 ----a-w- C:\Windows\System32\LAVVideo.ax
2014-04-08 15:29:48 411280 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2014-04-08 15:29:48 238736 ----a-w- C:\Windows\SysWow64\libbluray.dll
2014-04-08 15:29:46 934544 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2014-04-08 15:29:46 7186064 ----a-w- C:\Windows\SysWow64\avcodec-lav-55.dll
2014-04-08 15:29:46 478864 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2014-04-08 15:29:46 412304 ----a-w- C:\Windows\SysWow64\avutil-lav-52.dll
2014-04-08 15:29:46 344720 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2014-04-08 15:29:46 263824 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2014-04-08 15:29:46 241296 ----a-w- C:\Windows\SysWow64\avfilter-lav-4.dll
2014-04-08 15:29:46 152208 ----a-w- C:\Windows\SysWow64\avresample-lav-1.dll
2014-04-08 15:29:46 1293456 ----a-w- C:\Windows\SysWow64\avformat-lav-55.dll
2014-04-02 23:53:38 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
.
============= FINISH: 16:51:16.57 ===============
 
Link to post
Share on other sites

Hello and :welcome: , Amokagon:

 

We can't analyze scan logs or work on malware diagnostics and removal in this sub-section of the forum.

So, if you think you might be infected, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the cleanup process.

Thanks,

Link to post
Share on other sites

Hi:

 

You are most welcome.

 

FWIW There is no need to "move" this topic (and only the mod team can do that).

As DDS has been replaced by other, better scanners, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

It will walk you through the preliminary scanning steps with a newer tool and provide instructions about how to get help in the malware removal section or help desk. :)

 

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.