Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware in svchost.exe


  • This topic is locked This topic is locked
29 replies to this topic

#1 71619997a

71619997a

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 26 January 2014 - 05:29 PM

Hi,

 

I'm suspecting that there is something wrong with my computer. First, my computer shuts down sometimes becuase DCOM Server something or Plug and Play services terminate unexpectedly. I have used MBAM and it came up with some adware. I deleted that but to no effect. Recently, I downloaded Avast and Web Shield keeps finding objects infected by URL:Mal in svchost.exe with names like greenpzone.net/task/2000/, zentallor19.com/task/2000/, tagspan9.info/task/2000/, quata45.info/task/2000, and some others. All of the names end with /task/2000. Also, if this is relevant, I ran SFC /SCANNOW and it stopped at 5% because "Windows Resource Protection could not perform the requested operation". Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2
Run by gmarks at 16:53:00 on 2014-01-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3976.595 [GMT -5:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
C:\Users\gmarks\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Jump Flip: {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
uRun: [f.lux] "C:\Users\gmarks\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\gmarks\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{01BF59E0-C265-4F9B-8703-0959151D9708} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{01BF59E0-C265-4F9B-8703-0959151D9708}\764716 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{F07E2299-514F-4978-99D2-CD24FD247A22} : DHCPNameServer = 10.0.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-26 207904]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-25 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-11-1 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-12-31 19224]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-26 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-26 421704]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-6 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-5 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2013-12-31 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-18 283064]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-26 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-26 50344]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-12 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-9-12 523680]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-3-15 33560]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-12-31 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-12-31 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-12-31 165144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-26 701512]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-12-31 1134584]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-12-31 363800]
R2 Update Jump Flip;Update Jump Flip;C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [2014-1-15 102176]
R2 Util Jump Flip;Util Jump Flip;C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [2014-1-17 102176]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2012-3-20 2694224]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-26 80184]
R3 clwvd;CyberLink Webcam Sharing Manager;C:\Windows\System32\drivers\clwvd.sys [2012-8-27 40944]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-3-15 1420160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-31 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-12-31 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-12-31 789272]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-26 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-12-31 648808]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-6 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-3-6 103552]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-3-6 220288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-12-31 173656]
S3 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-3-6 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-3-6 213504]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-01-26 21:05:54 -------- d-----w- C:\Users\gmarks\AppData\Roaming\AVAST Software
2014-01-26 20:55:26 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-01-26 20:55:25 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-26 20:55:24 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-26 20:55:24 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-26 20:55:23 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-26 20:55:22 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-26 20:55:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-26 20:54:28 -------- d-----w- C:\Program Files\AVAST Software
2014-01-26 20:52:42 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-26 20:47:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-26 20:32:45 -------- d-----w- C:\e45f39dab0fe60d4ff31ebe1af
2014-01-26 20:17:34 -------- d-----w- C:\7056bb7c9bf14f3ee0
2014-01-26 19:51:51 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-01-26 19:51:51 -------- d-----w- C:\ProgramData\Package Cache
2014-01-26 18:38:35 -------- d-----w- C:\Users\gmarks\AppData\Roaming\MySQL
2014-01-26 18:16:22 -------- d-----w- C:\Program Files\MySQL
2014-01-26 17:57:02 -------- d-----w- C:\ProgramData\MySQL
2014-01-26 17:57:02 -------- d-----w- C:\Program Files (x86)\MySQL
2014-01-26 15:44:59 -------- d-----w- C:\Program Files (x86)\Worms Armageddon1
2014-01-26 05:11:56 -------- d-----w- C:\Program Files (x86)\Worms Armageddon
2014-01-23 22:00:07 -------- d-----w- C:\Users\gmarks\AppData\Local\Adobe
2014-01-23 21:54:46 -------- d-----w- C:\Users\gmarks\AppData\Roaming\IrfanView
2014-01-23 21:54:46 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-01-23 12:08:35 -------- d-----w- C:\9274eeba9fe5107aa2cb84
2014-01-19 17:07:00 -------- d-----w- C:\Users\gmarks\AppData\Local\FLT
2014-01-19 16:04:43 -------- d-----w- C:\Program Files (x86)\BioShockInfiniteFLT
2014-01-19 04:26:24 -------- d-----w- C:\Windows\System32\appmgmt
2014-01-19 04:19:13 -------- d-----w- C:\Program Files (x86)\AnyToISO
2014-01-19 03:57:10 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-01-19 03:57:04 -------- d-----w- C:\Users\gmarks\AppData\Roaming\DAEMON Tools Lite
2014-01-19 03:57:03 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2014-01-19 03:56:05 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2014-01-18 20:28:42 -------- d-----w- C:\ProgramData\RELOADED
2014-01-18 20:18:45 -------- d-----w- C:\Program Files (x86)\Call of Juarez Gunslinger
2014-01-18 15:00:08 -------- d-----w- C:\Program Files (x86)\BioShock Infinite
2014-01-18 05:25:11 -------- d-----w- C:\Program Files (x86)\Call of Juarez Gunslinger - Copy
2014-01-18 01:14:57 -------- d-----w- C:\Program Files (x86)\Euro Truck Simulator 2
2014-01-17 22:29:09 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Nidhogg
2014-01-17 22:29:08 -------- d-----w- C:\ProgramData\Steam
2014-01-17 22:24:56 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Python-Eggs
2014-01-17 22:24:48 -------- d-----w- C:\Users\gmarks\AppData\Roaming\BitLord
2014-01-17 22:23:40 -------- d-----w- C:\Users\gmarks\.android
2014-01-17 22:23:36 -------- d-----w- C:\Users\gmarks\AppData\Local\cache
2014-01-17 22:23:20 -------- d-----w- C:\Users\gmarks\AppData\Roaming\newnext.me
2014-01-17 22:23:20 -------- d-----w- C:\Users\gmarks\AppData\Local\genienext
2014-01-17 22:23:19 -------- d-----w- C:\Users\gmarks\AppData\Local\Mobogenie
2014-01-17 22:22:51 -------- d-----w- C:\Program Files (x86)\Jump Flip
2014-01-17 22:22:31 -------- d-----w- C:\Program Files (x86)\Mobogenie
2014-01-17 22:22:08 -------- d-----w- C:\Program Files (x86)\BitLord 2
2014-01-17 21:59:11 -------- d-----w- C:\Users\gmarks\AppData\Roaming\uTorrent
2014-01-17 21:32:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 02:00:01 -------- d-----w- C:\Users\gmarks\AppData\Local\Gaijin Games
2014-01-16 01:57:58 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2014-01-12 04:40:51 -------- d-----w- C:\Users\gmarks\AppData\Roaming\BitTorrent
2014-01-11 20:58:35 -------- d-----w- C:\Users\gmarks\AppData\Local\Hewlett-Packard_Developme
2014-01-11 16:08:16 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2014-01-11 16:08:15 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2014-01-11 16:08:14 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-01-11 16:07:31 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-01-11 04:53:17 -------- d-----w- C:\Program Files (x86)\Steam
2014-01-11 04:53:17 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-01-10 02:48:26 -------- d-----w- C:\Windows\System32\MRT
2014-01-09 12:10:27 -------- d-----w- C:\Users\gmarks\AppData\Roaming\dispcalGUI
2014-01-09 12:10:19 -------- d-----w- C:\ProgramData\dispcalGUI
2014-01-09 12:10:19 -------- d-----w- C:\Program Files (x86)\dispcalGUI
2014-01-09 12:05:43 -------- d-----w- C:\Users\gmarks\AppData\Local\FluxSoftware
2014-01-05 18:09:25 -------- d-----w- C:\Users\gmarks\.jmc
2014-01-05 18:09:17 -------- d-----w- C:\Users\gmarks\.eclipse
2014-01-05 16:08:21 -------- d-----w- C:\ComboFix
2014-01-05 15:45:28 -------- d-----w- C:\Users\gmarks\AppData\Roaming\TeraCopy
2014-01-05 15:45:23 -------- d-----w- C:\Program Files\TeraCopy
2014-01-05 00:56:58 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-01-05 00:56:52 -------- d-----w- C:\Users\gmarks\AppData\Local\SearchProtect
2014-01-05 00:56:34 -------- d-----w- C:\ProgramData\Conduit
2014-01-05 00:56:33 -------- d-----w- C:\Program Files (x86)\entrusted11
2014-01-05 00:55:53 -------- d-----w- C:\Users\gmarks\AppData\Local\NativeMessaging
2014-01-05 00:55:29 -------- d-----w- C:\Program Files\OutfoxTV
2014-01-05 00:55:24 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2014-01-05 00:37:13 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-04 03:39:33 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Malwarebytes
2014-01-04 03:39:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-04 03:39:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 03:39:01 -------- d-----w- C:\Users\gmarks\AppData\Local\Programs
2014-01-03 22:58:32 -------- d-----w- C:\Users\gmarks\AppData\Local\ElevatedDiagnostics
2014-01-02 23:32:13 83968 ----a-w- C:\Windows\System32\E_YD4BHSA.DLL
2014-01-02 23:32:13 120320 ----a-w- C:\Windows\System32\E_YLMHSA.DLL
2014-01-02 23:31:42 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2014-01-02 23:31:42 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2014-01-02 23:31:42 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2014-01-02 23:31:39 -------- d-----w- C:\Program Files (x86)\epson
2014-01-02 23:27:02 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-01-02 23:27:01 -------- d-----w- C:\ProgramData\EPSON
2014-01-02 12:06:11 -------- d-----w- C:\5bd092cda664b8b46e0fe258
2014-01-02 00:04:04 -------- d-----w- C:\ProgramData\Oracle
2014-01-01 23:39:13 -------- d-----w- C:\Crash
2014-01-01 22:20:34 -------- d-----w- C:\Users\gmarks\AppData\Local\Hewlett-Packard
2014-01-01 03:51:31 -------- d-----w- C:\Users\gmarks\AppData\Local\Power2Go8
2014-01-01 03:51:29 -------- d-----w- C:\Users\gmarks\AppData\Local\PDFC
2014-01-01 03:42:25 -------- d-sh--w- C:\Users\gmarks\AppData\Roaming\Cyberduck Updater AU
2014-01-01 03:40:28 -------- d-sh--w- C:\Users\gmarks\wc
2014-01-01 03:40:21 -------- d-sh--w- C:\Users\gmarks\AppData\Roaming\wyUpdate AU
2014-01-01 03:40:18 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Cyberduck
2014-01-01 03:39:29 -------- d-----w- C:\Program Files (x86)\Cyberduck
2013-12-31 17:27:42 -------- d-----w- C:\Users\gmarks\AppData\Local\Google
2013-12-31 17:26:18 -------- d-----w- C:\Users\gmarks\AppData\Local\Deployment
2013-12-31 17:26:18 -------- d-----w- C:\Users\gmarks\AppData\Local\Apps
2013-12-31 17:24:06 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-31 17:24:06 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-31 17:24:06 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-31 17:24:06 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-31 17:24:06 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-31 17:24:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-31 17:24:06 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-31 17:22:24 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-12-31 17:22:23 229888 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-31 17:20:48 983936 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-12-31 17:20:48 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-12-31 17:17:44 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-12-31 17:17:43 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-12-31 17:17:43 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-12-31 17:15:07 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-12-31 17:13:50 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-12-31 17:12:27 163840 ----a-w- C:\Windows\System32\umpo.dll
2013-12-31 17:09:54 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2013-12-31 17:09:16 -------- d-----w- C:\Users\gmarks\AppData\Local\WinZip
2013-12-31 17:04:10 92536 ----a-w- C:\Windows\System32\drivers\CLVirtualDrive.sys
2013-12-31 17:04:07 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2013-12-31 17:03:13 -------- d-----w- C:\Users\gmarks\AppData\Roaming\AVG2014
2013-12-31 17:02:21 -------- d-----w- C:\Users\gmarks\AppData\Roaming\TuneUp Software
2013-12-31 17:02:05 -------- d-----w- C:\ProgramData\AVG2014
2013-12-31 17:02:05 -------- d-----w- C:\$AVG
2013-12-31 17:01:55 -------- d-----w- C:\Program Files (x86)\AVG
2013-12-31 17:00:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-31 17:00:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-31 17:00:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-12-31 17:00:52 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-31 17:00:30 20968 ----a-w- C:\Windows\System32\pdfc_port.dll
2013-12-31 17:00:28 -------- d-----w- C:\Program Files (x86)\PDF Complete
2013-12-31 17:00:23 -------- d-----w- C:\ProgramData\PDFC
2013-12-31 16:59:29 -------- d-----w- C:\ProgramData\install_clap
2013-12-31 16:57:53 -------- d-----w- C:\Windows\Hewlett-Packard
2013-12-31 16:57:33 -------- d-----w- C:\Users\gmarks\AppData\Local\Avg2014
2013-12-31 16:57:09 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2013-12-31 16:56:53 -------- d--h--w- C:\ProgramData\Common Files
2013-12-31 16:56:53 -------- d-----w- C:\Users\gmarks\AppData\Local\MFAData
2013-12-31 16:56:53 -------- d-----w- C:\Users\gmarks\AppData\Local\Avg2013
2013-12-31 16:56:53 -------- d-----w- C:\ProgramData\MFAData
2013-12-31 16:56:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-31 16:56:39 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-31 16:55:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-12-31 16:55:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-12-31 16:55:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-12-31 16:54:21 -------- d-----w- C:\Users\gmarks\AppData\Local\Packages
2013-12-31 16:53:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-12-31 16:53:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-12-31 16:53:18 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-12-31 16:52:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-12-31 16:52:26 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Intel Corporation
2013-12-31 16:51:23 -------- d-----w- C:\Users\gmarks\AppData\Roaming\Synaptics
2013-12-31 16:21:36 -------- d-----w- C:\ProgramData\Validity
2013-12-31 16:21:28 -------- d-----w- C:\Program Files\Validity Sensors
2013-12-31 16:21:13 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-12-31 16:21:04 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-12-31 16:21:03 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-12-31 16:21:01 41984 ----a-r- C:\Windows\System32\drivers\USB3Ver.dll
2013-12-31 16:20:40 -------- d-----w- C:\Program Files\Synaptics
2013-12-31 16:20:35 228624 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2013-12-31 16:20:35 150800 ----a-w- C:\Windows\System32\SynTPCo9.dll
2013-12-31 16:20:35 1048576 ----a-w- C:\Windows\System32\syndata.bin
2013-12-31 16:20:34 723184 ----a-w- C:\Windows\System32\SynCOM.dll
2013-12-31 16:20:34 68880 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2013-12-31 16:19:35 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-12-31 16:19:35 648808 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-12-31 16:19:35 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-12-31 16:19:18 -------- d-----w- C:\Program Files (x86)\Realtek
2013-12-31 16:19:08 13900 ----a-r- C:\Windows\System32\RTNICVer.dll
2013-12-31 16:18:41 -------- d-----w- C:\Program Files (x86)\JMicron
2013-12-31 16:18:38 203352 ----a-w- C:\Windows\SysWow64\jmcricon.dll
2013-12-31 16:18:38 203352 ----a-w- C:\Windows\System32\jmcricon.dll
2013-12-31 16:18:38 173656 ----a-w- C:\Windows\System32\drivers\jmcr.sys
2013-12-31 16:18:38 -------- d-----w- C:\Windows\SysWow64\SDA
2013-12-31 16:18:08 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2013-12-31 16:15:32 15128 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-12-31 16:15:12 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-12-31 16:15:00 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-12-31 16:14:19 7563264 ----a-w- C:\Windows\System32\IDTNHP.dll
2013-12-31 16:14:19 6539264 ----a-w- C:\Windows\System32\IDTNGUI.exe
2013-12-31 16:14:19 464384 ----a-w- C:\Windows\System32\slapoi64.dll
2013-12-31 16:14:19 4639232 ----a-w- C:\Windows\System32\stlang64.dll
2013-12-31 16:14:19 249344 ----a-w- C:\Windows\System32\IDTNJ.exe
2013-12-31 16:14:19 223744 ----a-w- C:\Windows\System32\HPToneCtrls64.dll
2013-12-31 16:14:19 2184704 ----a-w- C:\Windows\System32\IDTNX.dll
2013-12-31 16:14:19 1819648 ----a-w- C:\Windows\System32\IDTNC64.cpl
2013-12-31 16:14:19 1425408 ----a-w- C:\Windows\sttray64.exe
2013-12-31 16:14:18 -------- d-----w- C:\Windows\System32\SRSLabs
2013-12-31 16:13:55 655360 ------w- C:\Windows\System32\stapi64.dll
2013-12-31 16:13:55 536064 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2013-12-31 16:13:55 448512 ----a-w- C:\Windows\System32\stcplx64.dll
2013-12-31 16:13:55 255488 ----a-w- C:\Windows\System32\staco64.dll
2013-12-31 16:13:55 1977856 ----a-w- C:\Windows\System32\stapo64.dll
2013-12-31 16:13:52 -------- d-----w- C:\Program Files\IDT
2013-12-31 16:12:30 -------- d-----w- C:\Users\gmarks\AppData\Roaming\hpqLog
2013-12-31 16:12:01 402272 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll
2013-12-31 16:12:01 400736 ----a-w- C:\Windows\System32\rsnp2uvc.dll
2013-12-31 16:12:01 379232 ----a-w- C:\Windows\System32\vsnp2uvc.dll
2013-12-31 16:12:01 311648 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll
2013-12-31 16:12:01 26464 ----a-w- C:\Windows\snuvcdsm.exe
2013-12-31 16:12:01 246112 ----a-w- C:\Windows\System32\csnp2uvc.dll
2013-12-31 16:12:01 1866080 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys
2013-12-31 16:12:01 -------- d-----w- C:\Program Files (x86)\Common Files\SNP2UVC
2013-12-31 16:11:38 4096 ----a-r- C:\Windows\SysWow64\sigfile.exe
2013-12-31 16:10:25 64128 ------w- C:\Windows\System32\athihvui.dll
2013-12-31 16:10:25 443008 ------w- C:\Windows\System32\athihvs.dll
2013-12-31 16:10:25 3718144 ----a-w- C:\Windows\System32\drivers\athrx.sys
2013-12-31 16:10:25 -------- d-----w- C:\Windows\System32\nn-NO
2013-12-31 16:10:25 -------- d-----w- C:\Windows\Options
2013-12-31 16:10:21 -------- d-----w- C:\Program Files (x86)\Qualcomm Atheros
2013-12-31 16:10:21 -------- d-----w- C:\Program Files (x86)\Cisco
2013-12-31 16:09:57 -------- d-----w- C:\ProgramData\Qualcomm Atheros
2013-12-31 16:09:31 582144 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL
2013-12-31 16:09:31 368912 ----a-w- C:\Windows\SysWow64\VBAR332.DLL
2013-12-31 16:09:31 252176 ----a-w- C:\Windows\SysWow64\MSRD2X35.DLL
2013-12-31 16:09:31 24848 ----a-w- C:\Windows\SysWow64\MSJTER35.DLL
2013-12-31 16:09:31 123664 ----a-w- C:\Windows\SysWow64\MSJINT35.DLL
2013-12-31 16:09:31 1045776 ----a-w- C:\Windows\SysWow64\MSJET35.DLL
2013-12-31 15:45:41 -------- d-sh--w- C:\Windows\Installer
2013-12-31 15:45:04 -------- d-----w- C:\SWSetup
2013-12-31 15:45:01 -------- d-----w- C:\System.sav
2013-12-31 15:41:17 -------- d-----w- C:\Users\gmarks\AppData\Local\Diagnostics
2013-12-31 14:51:56 -------- d-----w- C:\Windows\Panther
2013-12-31 14:51:33 -------- d-----w- C:\Windows\System32\OEM
.
==================== Find3M  ====================
.
2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-30 08:52:54 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2013-10-30 08:52:48 422640 ----a-w- C:\Windows\System32\SynTPCo19.dll
.
============= FINISH: 16:55:55.34 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 26 January 2014 - 10:23 PM


Hello 71619997a

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 27 January 2014 - 09:35 AM

OK, new update. Avast found some virus in rpcss.dll. I looked it up, and it has something to do with DCOM and Plug and Play. But now, when I turn on my computer, it starts windows and then goes to a black screen for 20 seconds or so before it returns to the booting screen and does it all over again. Please help me!


Edited by 71619997a, 27 January 2014 - 10:59 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 27 January 2014 - 01:31 PM

Hello 71619997a


Can you get into safe mode


If you get into safe mode then remove avast and avg and see if you can get into normal mode so we can work


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 27 January 2014 - 02:57 PM

No, I can't. I can access BIOS and other things such as system diagnostics. If you need to know, I am using an HP Probook 4540s. When I turn on my computer, I swipe my fingerprint or put in a password to log in, and then it gives me the Starting WIndows screen. It black screens, and after about 20 seconds it goes back to the authentication. 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 27 January 2014 - 08:59 PM


Hello 71619997a

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 January 2014 - 10:36 AM

My BIOS doesn't have advanced boot options. It has some options under "System Configuration": Boot Mode: that has Legacy, UEFI Hybrid, or UEFI Native, and I'm using Legacy. Then, under Legacy Boot Order, it has the Optical Disk Drive, then Notebook Hard Drive, USB Floppy, USB CD-ROM, USB Hard Drive, Notebook Ethernet, SD Card. I'm assuming I need to put one of the USB ones in the first slot so I can boot from USB or something like that? Please advise :(

 

 

Also, from the HP website,

 

 

 

You will rarely use this option. This option opens the file system and allows technicians from customer service or your IT management to run diagnostics.

 

Will this help in accessing a command prompt or doing something?


Edited by 71619997a, 28 January 2014 - 10:43 AM.


#8 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 January 2014 - 11:09 AM

OK, Startup Repair ran and I think it did a System Restore, now my computer can boot. Should I use AdwCleaner and Junkware Removal Tool now? Should I also use FRST64? 



#9 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 January 2014 - 11:46 AM

Nope, I could only boot once and now the problem has returned. I still do not know how to access Advanced Boot Options from my computer. My BIOS looks very different to that of any other computer. It doesn't have the same options. But, from an above post,

 

It has some options under "System Configuration": Boot Mode: that has Legacy, UEFI Hybrid, or UEFI Native, and I'm using Legacy. Then, under Legacy Boot Order, it has the Optical Disk Drive, then Notebook Hard Drive, USB Floppy, USB CD-ROM, USB Hard Drive, Notebook Ethernet, SD Card. I'm assuming I need to put one of the USB ones in the first slot so I can boot from USB or something like that? 

 

Also, from the HP website,

 

 

 

You will rarely use this option. This option opens the file system and allows technicians from customer service or your IT management to run diagnostics.

 

Will this help in accessing a command prompt or doing something?

 

ALSO, does it matter if there is some random stuff on my USB, or do I need to erase its content before I use FRST?


Edited by 71619997a, 28 January 2014 - 11:48 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 28 January 2014 - 04:46 PM

Hello

Do you have access to another win 7 64 bit computer?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 January 2014 - 05:08 PM

Yes, I will in a few hours.

Also, is there a way to access Start-Up Repair manually so I can choose an earlier System Restore point? And would you recommend this? It seems like I only get a single boot and then this happens again.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 28 January 2014 - 08:47 PM

we can create a system repair disk using the other win 7 computer and that should help you get to the recovery options to run FRST

http://pcsupport.about.com/od/windows7/ht/system-repair-disc-windows-7.htm
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 29 January 2014 - 01:47 PM

Might be a while until I get access to te other computer, can I use a windows 7 install disk?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:34 PM

Posted 29 January 2014 - 03:30 PM

Yes you can do that


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 71619997a

71619997a
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 29 January 2014 - 03:39 PM

I got Repair to run again and am on a single boot... If I run FRST and it makes me restart, I'll lose the boot. Will it reboot my computer? Also, is there some way to ensure I go into advanced boot options on setup? Also, avast! is finding a rootkit called Win64:Patched-A [Trj] in rpcss.dll and AVG finds a trojan in FRST64.exe called MSIL2.ITN. How should I proceed?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users