Possible Infections?

Amokagon · June 30, 2014

Hello everyone. I am trying to figure out a problem with my Fiances computer. In the past few days I have attempted to remove many tasks that were eating up system memory and generally causing system disruptions. I think I got rid of the Iexplorer.exe that was running in the background and I have been attempting to remove a fedex virus from her computer but whenever I restart this thing comes back up. I am curious if I am on the right track or if there is anything I am missing so far. Below is my log files in case they are needed. Thank you for your time and have a nice day.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.25.2

Run by HP at 16:01:11 on 2014-06-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.2430 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

c:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\TiltWheelMouse.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\HP\My Games\Steam\Steam.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe

svchost.exe

C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\explorer.exe

C:\Windows\system32\msconfig.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\HP\Downloads\RogueKillerX64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.yahoo.com/?type=888596&fr=spigot-yhp-ie

uDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

uProxyOverride = <local>;*.local

mWinlogon: Userinit = userinit.exe,

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Homepage Print 2BHO: {EFC91ACA-519F-428D-8472-81E158609D25} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll

TB: Homepage Print 2: {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll

EB: Homepage Print 2: {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [steam] "C:\Users\HP\My Games\Steam\steam.exe" -silent

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [ROC_ROC_APR2013_AV] C:\Users\HP\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

uRun: [Akamai NetSession Interface] "C:\Users\HP\AppData\Local\Akamai\netsession_win.exe"

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [AVG-Secure-Search-Update_0913a] C:\Users\HP\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 --CMPID 0913a

uRun: [DeskDriveStartup] C:\Program Files (x86)\Blue Onion Software\DeskDrive\DeskDrive.exe

uRun: [AVG-Secure-Search-Update_1113a] C:\Users\HP\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 /CMPID=1113a

uRun: [AVG-Secure-Search-Update_0214c] C:\Users\HP\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=d8b027dbe1b147d3a5e93909b42c1f33-e89413045487590aeb9c94c6dc0b735f27132fe4 /CMPID=0214c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe

uRun: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [ckqgcmre] "C:\Users\HP\AppData\Local\gapnlbjx.exe"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [brHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601

StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\459676562702E45647 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\4596765627E45647 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{31C07EDD-8506-401D-BF31-41E62CFB4E08}\47967656274796D656 : DHCPNameServer = 192.168.1.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [MouseDriver] TiltWheelMouse.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-1-8 56336]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-24 50464]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-4-13 1153368]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-5-29 282112]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-14 533096]

R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]

S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Users\HP\My Applications\Elements 11 Organizer\PhotoshopElementsFileAgent.exe --> C:\Users\HP\My Applications\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2014-6-6 95344]

S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2014-6-6 21872]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]

S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-12-2 96184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-3 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2014-06-30 18:52:20 90112 ----a-w- C:\Users\HP\AppData\Local\gapnlbjx.exe

2014-06-30 17:43:59 92688 ----a-w- C:\Users\HP\AppData\Local\csxomcib.exe

2014-06-30 15:53:13 -------- d-----w- C:\Program Files\CCleaner

2014-06-30 15:40:59 -------- d-----w- C:\Users\HP\AppData\Local\CrashDumps

2014-06-30 15:39:56 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2014-06-30 15:39:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2014-06-30 14:48:54 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieUserList

2014-06-30 14:48:54 -------- d-sh--w- C:\Users\HP\AppData\Local\EmieSiteList

2014-06-29 21:16:42 -------- d-----w- C:\ProgramData\RogueKiller

2014-06-29 21:08:10 -------- d-----w- C:\TDSSKiller_Quarantine

2014-06-29 20:46:56 -------- d-----r- C:\Antivirus Programs

2014-06-29 20:34:20 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll

2014-06-29 20:29:05 86528 ----a-w- C:\Users\HP\AppData\Local\ulmmsdem.exe

2014-06-20 14:42:53 87040 ----a-r- C:\Windows\System32\BrNetSti.dll

2014-06-20 14:36:53 -------- d-----w- C:\ProgramData\zeon

2014-06-20 14:35:30 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared

2014-06-16 15:58:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-06-16 15:58:41 -------- d-----w- C:\Program Files\iTunes

2014-06-16 15:58:41 -------- d-----w- C:\Program Files\iPod

2014-06-16 15:58:41 -------- d-----w- C:\Program Files (x86)\iTunes

2014-06-13 13:43:29 801280 ----a-w- C:\Windows\System32\usp10.dll

2014-06-13 13:43:29 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2014-06-13 13:43:29 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2014-06-13 13:43:29 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2014-06-13 13:43:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2014-06-13 13:43:28 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2014-06-13 13:43:28 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll

2014-06-13 13:43:27 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll

2014-06-13 13:43:27 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-06-13 13:43:27 2048 ----a-w- C:\Windows\System32\msxml6r.dll

2014-06-13 13:43:27 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2014-06-13 13:43:27 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2014-06-13 13:38:26 506368 ----a-w- C:\Windows\System32\aepdu.dll

2014-06-13 13:38:25 424448 ----a-w- C:\Windows\System32\aeinv.dll

2014-06-06 05:42:48 95344 ----a-w- C:\Windows\System32\drivers\BrSerIb.sys

2014-06-06 05:42:48 54272 ----a-w- C:\Windows\System32\BrUsi12c.dll

2014-06-06 05:42:48 21872 ----a-w- C:\Windows\System32\drivers\BrUsbSib.sys

2014-06-06 05:42:44 20592 ----a-w- C:\Windows\System32\brciser.dll

2014-06-06 05:42:44 12800 ----a-w- C:\Windows\System32\BrCiImg.dll

2014-06-04 15:07:41 -------- d-----w- C:\Program Files\Western Digital

.

==================== Find3M ====================

.

2014-06-30 15:39:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-06-25 12:28:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-06-25 12:28:08 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-06-02 16:02:10 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll

2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll

2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-05-29 18:19:46 0 --sh--r- C:\Windows\FFSSET.BIN

2014-05-21 19:00:37 20551680 ----a-w- C:\Windows\System32\imageres.dll

2014-05-18 20:18:04 45400 ----a-w- C:\Windows\SysWow64\DiscHandler.exe

2014-05-13 18:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2014-05-13 18:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2014-05-13 18:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2014-05-13 18:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2014-05-13 18:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2014-05-13 18:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2014-05-13 18:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2014-05-13 18:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2014-05-13 15:05:56 4009984 ----a-w- C:\Windows\System32\ffmpeg.dll

2014-05-13 15:05:40 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll

2014-05-13 15:05:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll

2014-05-13 15:05:22 4374528 ----a-w- C:\Windows\System32\ffdshow.ax

2014-05-13 15:04:56 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll

2014-05-13 15:04:26 222720 ----a-w- C:\Windows\System32\ff_libdts.dll

2014-05-13 15:04:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll

2014-05-13 15:04:26 116224 ----a-w- C:\Windows\System32\ff_liba52.dll

2014-05-13 15:04:26 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll

2014-05-13 15:04:24 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll

2014-05-13 15:04:24 183296 ----a-w- C:\Windows\System32\ff_unrar.dll

2014-05-13 15:04:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll

2014-05-13 15:02:30 3916288 ----a-w- C:\Windows\SysWow64\ffmpeg.dll

2014-05-13 15:01:48 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2014-05-13 15:01:46 3502592 ----a-w- C:\Windows\SysWow64\ffdshow.ax

2014-05-13 15:01:12 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll

2014-05-13 15:00:58 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll

2014-05-13 15:00:58 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll

2014-05-13 15:00:56 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll

2014-05-13 15:00:56 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll

2014-05-13 15:00:56 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll

2014-05-13 15:00:54 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll

2014-05-13 15:00:52 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll

2014-05-01 16:02:04 428792 ----a-w- C:\Windows\System32\cdxareader.ax

2014-05-01 15:56:18 368888 ----a-w- C:\Windows\SysWow64\cdxareader.ax

2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll

2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll

2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe

2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2014-04-09 13:13:00 489064 ----a-w- C:\SecurityScanner.dll

2014-04-08 20:50:26 235520 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2014-04-08 20:50:16 632320 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2014-04-08 15:30:10 7682192 ----a-w- C:\Windows\System32\avcodec-lav-55.dll

2014-04-08 15:30:10 570512 ----a-w- C:\Windows\System32\LAVSplitter.ax

2014-04-08 15:30:10 441488 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll

2014-04-08 15:30:10 430736 ----a-w- C:\Windows\System32\swscale-lav-2.dll

2014-04-08 15:30:10 401040 ----a-w- C:\Windows\System32\avutil-lav-52.dll

2014-04-08 15:30:10 302224 ----a-w- C:\Windows\System32\LAVAudio.ax

2014-04-08 15:30:10 286352 ----a-w- C:\Windows\System32\libbluray.dll

2014-04-08 15:30:10 250512 ----a-w- C:\Windows\System32\avfilter-lav-4.dll

2014-04-08 15:30:10 161424 ----a-w- C:\Windows\System32\avresample-lav-1.dll

2014-04-08 15:30:10 1251984 ----a-w- C:\Windows\System32\avformat-lav-55.dll

2014-04-08 15:30:10 1109136 ----a-w- C:\Windows\System32\LAVVideo.ax

2014-04-08 15:29:48 411280 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll

2014-04-08 15:29:48 238736 ----a-w- C:\Windows\SysWow64\libbluray.dll

2014-04-08 15:29:46 934544 ----a-w- C:\Windows\SysWow64\LAVVideo.ax

2014-04-08 15:29:46 7186064 ----a-w- C:\Windows\SysWow64\avcodec-lav-55.dll

2014-04-08 15:29:46 478864 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax

2014-04-08 15:29:46 412304 ----a-w- C:\Windows\SysWow64\avutil-lav-52.dll

2014-04-08 15:29:46 344720 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll

2014-04-08 15:29:46 263824 ----a-w- C:\Windows\SysWow64\LAVAudio.ax

2014-04-08 15:29:46 241296 ----a-w- C:\Windows\SysWow64\avfilter-lav-4.dll

2014-04-08 15:29:46 152208 ----a-w- C:\Windows\SysWow64\avresample-lav-1.dll

2014-04-08 15:29:46 1293456 ----a-w- C:\Windows\SysWow64\avformat-lav-55.dll

2014-04-02 23:53:38 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

.

============= FINISH: 16:51:16.57 ===============

MrCharlie · July 1, 2014

Welcome to the forum.

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Please run a Quick Scan with Malwarebytes (if possible)

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button. (make sure the Addition box is checked)
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

AdvancedSetup · July 13, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Possible Infections?

Recommended Posts

Amokagon

Link to post

Share on other sites

MrCharlie

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information