Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RPCSS.DLL infection


  • Please log in to reply
3 replies to this topic

#1 poker_jake88

poker_jake88

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 January 2014 - 03:28 PM

My AVG anti-virus software found a threat in this file C:/windows/System32/rpcss.dll.The only thing I downloaded recently is a resource pack for Minecraft, otherwise no other downloads.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by DC at 14:23:06 on 2014-01-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8175.3921 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Users\DC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{144FB6A9-E9A0-432D-8A03-0AB03892E078} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4A5D9593-584F-460F-9E82-2A7EAB9DCFBE} : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{E04D7131-3F27-4EC0-9EDD-F8BB9F31FE80} : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{E04D7131-3F27-4EC0-9EDD-F8BB9F31FE80}\3416E646C65677F6F64602F4B6C61686F6D6160234964797 : DHCPNameServer = 4.2.2.1 4.2.2.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\6styc80x.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\DC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-7-23 25056]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-10 46368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-11-29 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-11 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-10-14 72216]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-30 65657]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-13 1771544]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-7-23 303360]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-11-10 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 88832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-11 413800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 atillk64;atillk64;C:\ATI Winflash\atillk64.sys [2006-7-19 14608]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-12 1025352]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-7-23 1256192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-1-13 49152]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-8-12 21480]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-3 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-9-28 137336]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-3 30528]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-21 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-21 59392]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
=============== File Associations ===============
.
ShellExec: SmartPhotoEditor.exe: open="C:\Program Files (x86)\Smart Photo Editor Trial\SmartPhotoEditorTrial.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-28 19:19:14    --------    d-----w-    C:\Users\DC\AppData\Local\SkypeWebPlugin
2014-01-28 16:16:11    --------    d-----w-    C:\Users\DC\AppData\Roaming\.minecraft
2014-01-22 02:37:05    --------    d-----w-    C:\Users\DC\AppData\Roaming\Guild Wars 2
2014-01-21 22:14:46    --------    d-----w-    C:\Users\DC\AppData\Local\Blizzard Entertainment
2014-01-13 17:00:59    --------    d-----w-    C:\Program Files (x86)\Common Files\BattlEye
2014-01-02 16:29:58    --------    d-----w-    C:\Users\DC\AppData\Local\DayZ
2014-01-02 16:07:28    --------    d-----w-    C:\Program Files (x86)\SkypeWebPlugin
2014-01-01 22:36:51    --------    d-----w-    C:\ProgramData\Bohemia Interactive Studio
.
==================== Find3M  ====================
.
2014-01-28 01:40:33    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2014-01-28 01:40:33    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2014-01-28 01:40:33    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2014-01-21 18:05:41    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-12-24 21:44:39    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-11 09:01:05    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 09:01:05    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 18:34:58    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-11-29 18:29:56    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-11-29 17:59:40    157736    ----a-w-    C:\Windows\System32\amdhcp64.dll
2013-11-29 17:59:16    142304    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2013-11-29 17:58:30    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-11-29 17:58:30    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-11-29 17:58:06    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-11-29 17:58:06    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-11-29 17:55:02    143304    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-11-29 17:54:38    126336    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-11-29 17:53:44    115512    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-11-29 17:53:20    98496    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-11-29 17:52:34    1319064    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-11-29 17:51:42    1100728    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-11-29 17:50:42    9764088    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-11-29 17:50:16    8412680    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-11-29 17:49:10    8287008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-11-29 17:48:18    6630232    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-11-29 17:47:20    8927704    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-11-29 17:46:46    7751920    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-11-29 17:39:00    13201920    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-11-29 17:24:20    230912    ----a-w-    C:\Windows\System32\clinfo.exe
2013-11-29 17:24:08    1187342    ----a-w-    C:\Windows\System32\amdocl_as64.exe
2013-11-29 17:24:08    1061902    ----a-w-    C:\Windows\System32\amdocl_ld64.exe
2013-11-29 17:24:06    995342    ----a-w-    C:\Windows\SysWow64\amdocl_as32.exe
2013-11-29 17:24:06    798734    ----a-w-    C:\Windows\SysWow64\amdocl_ld32.exe
2013-11-29 17:24:04    100352    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-11-29 17:23:56    83968    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-11-29 17:23:50    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-11-29 17:23:46    73728    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-11-29 17:23:26    29363712    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-11-29 17:21:02    24846848    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-11-29 17:18:56    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-11-29 17:18:50    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-11-29 17:13:48    129536    ----a-w-    C:\Windows\System32\coinst_13.25.18.dll
2013-11-29 17:00:28    26350592    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-11-29 16:55:34    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-11-29 16:55:24    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-11-29 16:55:22    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-11-29 16:55:14    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-11-29 16:55:12    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-11-29 16:54:56    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-11-29 16:51:50    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-11-29 16:42:08    22156288    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-11-29 16:35:50    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-11-29 16:35:42    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-11-29 16:35:36    585216    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-11-29 16:34:42    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-11-29 16:33:10    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-11-29 16:05:04    1145344    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-11-29 16:04:52    825856    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-11-29 16:04:36    74752    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-11-29 16:04:32    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-11-29 16:04:32    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-11-29 16:04:26    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-11-29 16:04:18    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-11-29 16:04:08    624128    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-11-29 16:02:44    96256    ----a-w-    C:\Windows\System32\amdave64.dll
2013-11-29 16:02:38    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-11-29 16:02:28    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-11-29 16:02:22    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-11-29 16:00:30    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-11-26 19:40:41    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-11-02 16:37:21    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-02 16:35:08    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 14:23:53.45 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 30 January 2014 - 03:33 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 poker_jake88

poker_jake88
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 January 2014 - 03:38 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by DC (administrator) on DC-PC on 30-01-2014 14:35:10
Running from C:\Users\DC\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Users\DC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [WinampAgent] - "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-13] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-29] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\DC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-11] (Adobe Systems Incorporated)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {2edf5203-601f-11e2-ab86-1c6f65c66e22} - J:\MotoCastSetup.exe -a
MountPoints2: {71e5d139-c402-11e0-8985-806e6f6e6963} - D:\Belkin_Setup_and_Monitor_Install.exe
MountPoints2: {bc46d2c1-2da4-11e2-9786-1c6f65c66e22} - L:\MotoCastSetup.exe -a
Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD2E1ECC30C58CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={17A5C18D-45E4-4214-93A1-B3FD67071EA8}&mid=efeadce8fb2747d1a9f5cd26232287d1-adab794f4996506e01d918b705876161e9b36099&lang=en&ds=AVG&pr=fr&d=2011-10-18 23:11:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\DC\AppData\Roaming\Mozilla\Firefox\Profiles\6styc80x.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Skype.com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\DC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF Extension: AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011-09-16]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-13]

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-13] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [137336 2013-02-17] (Futuremark Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-27] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-27] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-13] (AVG Secure Search)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

S3 atillk64; C:\ATI Winflash\atillk64.sys [14608 2011-10-11] (ATI Technologies Inc.)
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-26] (AVG Technologies)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-09-16] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 cpuz130; \??\C:\Users\DC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 cpuz136; \??\C:\Users\DC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 14:35 - 2014-01-30 14:35 - 00023518 _____ C:\Users\DC\Downloads\FRST.txt
2014-01-30 14:34 - 2014-01-30 14:35 - 00000000 ____D C:\FRST
2014-01-30 14:34 - 2014-01-30 14:34 - 02079744 _____ (Farbar) C:\Users\DC\Downloads\FRST64.exe
2014-01-30 14:23 - 2014-01-30 14:27 - 00010725 _____ C:\Users\DC\Desktop\attach.txt
2014-01-30 14:23 - 2014-01-30 14:23 - 00025248 _____ C:\Users\DC\Desktop\dds.txt
2014-01-30 14:19 - 2014-01-30 14:19 - 00688992 ____R (Swearware) C:\Users\DC\Downloads\dds.com
2014-01-28 13:19 - 2014-01-28 13:19 - 00000000 ____D C:\Users\DC\AppData\Local\SkypeWebPlugin
2014-01-28 10:31 - 2014-01-28 10:32 - 123375837 _____ C:\Users\DC\Downloads\ArkTikALIENS Photo Real HD [512x512 1.5.zip
2014-01-28 10:21 - 2014-01-28 10:21 - 00675988 _____ C:\Users\DC\Desktop\Minecraft(1).exe
2014-01-28 10:16 - 2014-01-30 14:33 - 00000000 ____D C:\Users\DC\AppData\Roaming\.minecraft
2014-01-28 10:16 - 2014-01-28 10:16 - 00675988 _____ C:\Users\DC\Downloads\Minecraft.exe
2014-01-23 11:45 - 2014-01-23 11:45 - 00000101 _____ C:\Users\DC\Downloads\kdlh2.pls
2014-01-21 20:37 - 2014-01-21 20:37 - 00000000 ____D C:\Users\DC\AppData\Roaming\Guild Wars 2
2014-01-21 16:14 - 2014-01-21 16:14 - 00000000 ____D C:\Users\DC\AppData\Local\Blizzard Entertainment
2014-01-21 14:42 - 2014-01-21 14:52 - 00001242 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2014-01-21 14:41 - 2014-01-21 14:42 - 83293072 _____ (Blizzard Entertainment) C:\Users\DC\Downloads\World-of-Warcraft-Setup-enUS(1).exe
2014-01-21 14:38 - 2014-01-21 14:38 - 83293072 _____ (Blizzard Entertainment) C:\Users\DC\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-01-14 10:12 - 2014-01-30 14:17 - 00000085 _____ C:\Windows\system32\vbjjhc.xab
2014-01-14 10:12 - 2014-01-14 10:12 - 00000064 _____ C:\Windows\system32\mlyhtaq.jww
2014-01-14 10:12 - 2014-01-14 10:12 - 00000000 _____ C:\Windows\system32\zuoe.fxj
2014-01-14 09:55 - 2014-01-14 09:55 - 00219314 ____S C:\Windows\system32\zdhaqwl.xaq
2014-01-02 10:29 - 2014-01-25 12:05 - 00000000 ____D C:\Users\DC\Documents\DayZ
2014-01-02 10:29 - 2014-01-25 10:11 - 00000000 ____D C:\Users\DC\AppData\Local\DayZ
2014-01-02 10:07 - 2014-01-02 10:07 - 00000000 ____D C:\Program Files (x86)\SkypeWebPlugin
2014-01-02 10:06 - 2014-01-02 10:06 - 04538368 _____ C:\Users\DC\Downloads\SkypeWebPlugin-2.2.12059.16911.msi
2014-01-01 16:36 - 2014-01-01 16:36 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio

==================== One Month Modified Files and Folders =======

2014-01-30 14:35 - 2014-01-30 14:35 - 00023518 _____ C:\Users\DC\Downloads\FRST.txt
2014-01-30 14:35 - 2014-01-30 14:34 - 00000000 ____D C:\FRST
2014-01-30 14:34 - 2014-01-30 14:34 - 02079744 _____ (Farbar) C:\Users\DC\Downloads\FRST64.exe
2014-01-30 14:33 - 2014-01-28 10:16 - 00000000 ____D C:\Users\DC\AppData\Roaming\.minecraft
2014-01-30 14:33 - 2013-05-21 19:46 - 00000000 ____D C:\Users\DC\AppData\Roaming\Skype
2014-01-30 14:27 - 2014-01-30 14:23 - 00010725 _____ C:\Users\DC\Desktop\attach.txt
2014-01-30 14:23 - 2014-01-30 14:23 - 00025248 _____ C:\Users\DC\Desktop\dds.txt
2014-01-30 14:19 - 2014-01-30 14:19 - 00688992 ____R (Swearware) C:\Users\DC\Downloads\dds.com
2014-01-30 14:17 - 2014-01-14 10:12 - 00000085 _____ C:\Windows\system32\vbjjhc.xab
2014-01-30 14:01 - 2013-03-15 09:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 09:02 - 2011-08-12 13:58 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2014-01-29 19:40 - 2013-10-14 14:48 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-28 13:19 - 2014-01-28 13:19 - 00000000 ____D C:\Users\DC\AppData\Local\SkypeWebPlugin
2014-01-28 10:32 - 2014-01-28 10:31 - 123375837 _____ C:\Users\DC\Downloads\ArkTikALIENS Photo Real HD [512x512 1.5.zip
2014-01-28 10:21 - 2014-01-28 10:21 - 00675988 _____ C:\Users\DC\Desktop\Minecraft(1).exe
2014-01-28 10:16 - 2014-01-28 10:16 - 00675988 _____ C:\Users\DC\Downloads\Minecraft.exe
2014-01-28 09:16 - 2011-08-11 20:29 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-27 22:13 - 2011-08-11 14:59 - 00000000 ____D C:\Users\DC\Documents\BabasChess
2014-01-27 19:41 - 2011-08-11 03:24 - 01180429 _____ C:\Windows\WindowsUpdate.log
2014-01-27 19:40 - 2013-10-14 14:48 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-01-27 19:40 - 2013-10-14 14:48 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-01-27 19:40 - 2013-10-14 14:48 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-01-27 19:40 - 2013-10-14 14:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2014-01-26 08:44 - 2011-08-12 21:17 - 00000000 ____D C:\Users\DC\Documents\My Games
2014-01-25 15:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-25 12:05 - 2014-01-02 10:29 - 00000000 ____D C:\Users\DC\Documents\DayZ
2014-01-25 10:11 - 2014-01-02 10:29 - 00000000 ____D C:\Users\DC\AppData\Local\DayZ
2014-01-24 15:54 - 2009-07-13 22:51 - 00121975 _____ C:\Windows\setupact.log
2014-01-23 11:45 - 2014-01-23 11:45 - 00000101 _____ C:\Users\DC\Downloads\kdlh2.pls
2014-01-23 11:38 - 2013-08-27 07:31 - 00000000 ____D C:\Bovada
2014-01-21 20:37 - 2014-01-21 20:37 - 00000000 ____D C:\Users\DC\AppData\Roaming\Guild Wars 2
2014-01-21 20:37 - 2012-10-02 17:31 - 00000000 ____D C:\Users\DC\Documents\Guild Wars 2
2014-01-21 16:22 - 2013-08-20 19:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-21 16:14 - 2014-01-21 16:14 - 00000000 ____D C:\Users\DC\AppData\Local\Blizzard Entertainment
2014-01-21 15:53 - 2012-05-10 21:43 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-21 14:52 - 2014-01-21 14:42 - 00001242 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2014-01-21 14:42 - 2014-01-21 14:41 - 83293072 _____ (Blizzard Entertainment) C:\Users\DC\Downloads\World-of-Warcraft-Setup-enUS(1).exe
2014-01-21 14:38 - 2014-01-21 14:38 - 83293072 _____ (Blizzard Entertainment) C:\Users\DC\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-01-21 12:05 - 2012-02-14 20:28 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-15 18:19 - 2011-10-02 08:40 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-14 19:39 - 2009-07-13 22:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 19:39 - 2009-07-13 22:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 19:37 - 2009-07-13 23:13 - 00793546 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 19:31 - 2013-06-03 08:24 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-14 19:31 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 15:12 - 2012-02-13 20:02 - 00000000 ____D C:\Users\Megan
2014-01-14 11:26 - 2012-04-09 17:40 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT
2014-01-14 10:12 - 2014-01-14 10:12 - 00000064 _____ C:\Windows\system32\mlyhtaq.jww
2014-01-14 10:12 - 2014-01-14 10:12 - 00000000 _____ C:\Windows\system32\zuoe.fxj
2014-01-14 09:55 - 2014-01-14 09:55 - 00219314 ____S C:\Windows\system32\zdhaqwl.xaq
2014-01-13 14:41 - 2013-06-26 07:36 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-13 14:40 - 2011-10-18 22:11 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-02 10:09 - 2013-05-21 19:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-02 10:09 - 2013-05-21 19:46 - 00000000 ____D C:\ProgramData\Skype
2014-01-02 10:07 - 2014-01-02 10:07 - 00000000 ____D C:\Program Files (x86)\SkypeWebPlugin
2014-01-02 10:06 - 2014-01-02 10:06 - 04538368 _____ C:\Users\DC\Downloads\SkypeWebPlugin-2.2.12059.16911.msi
2014-01-01 16:39 - 2012-09-01 15:42 - 00000000 ____D C:\Users\DC\AppData\Local\ArmA 2 OA
2014-01-01 16:36 - 2014-01-01 16:36 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio

ZeroAccess:
C:\Windows\Installer\{3333353e-073f-da38-97bf-9b79cae6d00b}
C:\Windows\Installer\{3333353e-073f-da38-97bf-9b79cae6d00b}\@

ZeroAccess:
C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}
C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}\@
C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}\U\00000001.@
C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}\U\80000000.@
C:\Users\DC\AppData\Local\{3333353e-073f-da38-97bf-9b79cae6d00b}\U\800000cb.@

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\DC\prime95.exe


Some content of TEMP:
====================
C:\Users\DC\AppData\Local\Temp\11-8_vista64_win7_64_dd_ccc_ocl.exe
C:\Users\DC\AppData\Local\Temp\11-9_vista64_win7_64_dd_ccc_ocl.exe
C:\Users\DC\AppData\Local\Temp\AskSLib.dll
C:\Users\DC\AppData\Local\Temp\AutoRun.exe
C:\Users\DC\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\DC\AppData\Local\Temp\CommonInstaller.exe
C:\Users\DC\AppData\Local\Temp\DrvInst64.exe
C:\Users\DC\AppData\Local\Temp\eauninstall.exe
C:\Users\DC\AppData\Local\Temp\Gw2.exe
C:\Users\DC\AppData\Local\Temp\iGearedHelper.dll
C:\Users\DC\AppData\Local\Temp\installerdll184143.dll
C:\Users\DC\AppData\Local\Temp\installerdll225499.dll
C:\Users\DC\AppData\Local\Temp\installerdll230319.dll
C:\Users\DC\AppData\Local\Temp\installerdll238806.dll
C:\Users\DC\AppData\Local\Temp\installerdll3243962.dll
C:\Users\DC\AppData\Local\Temp\installerdll3250904.dll
C:\Users\DC\AppData\Local\Temp\installerdll4520503.dll
C:\Users\DC\AppData\Local\Temp\installerdll4521548.dll
C:\Users\DC\AppData\Local\Temp\installerdll4529769.dll
C:\Users\DC\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\DC\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\DC\AppData\Local\Temp\LMkRstPt.exe
C:\Users\DC\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\DC\AppData\Local\Temp\MSETUP4.EXE
C:\Users\DC\AppData\Local\Temp\OriginLauncher225499.exe
C:\Users\DC\AppData\Local\Temp\OriginLauncher4520503.exe
C:\Users\DC\AppData\Local\Temp\raptrpatch.exe
C:\Users\DC\AppData\Local\Temp\raptr_stub.exe
C:\Users\DC\AppData\Local\Temp\rootsupd.exe
C:\Users\DC\AppData\Local\Temp\Setup.exe
C:\Users\DC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\DC\AppData\Local\Temp\sfextra.dll
C:\Users\DC\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\DC\AppData\Local\Temp\SIntf16.dll
C:\Users\DC\AppData\Local\Temp\SIntf32.dll
C:\Users\DC\AppData\Local\Temp\SIntfNT.dll
C:\Users\DC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DC\AppData\Local\Temp\sonarinst.exe
C:\Users\DC\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\DC\AppData\Local\Temp\SRLDetectionLibrary1710643348037239485.dll
C:\Users\DC\AppData\Local\Temp\tmp4ECA.exe
C:\Users\DC\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\DC\AppData\Local\Temp\uninstall.exe
C:\Users\DC\AppData\Local\Temp\vcredist_x64.exe
C:\Users\DC\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DC\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\DC\AppData\Local\Temp\XIXom.exe
C:\Users\DC\AppData\Local\Temp\ZWDiW.exe
C:\Users\DC\AppData\Local\Temp\_is2BE0.exe
C:\Users\DC\AppData\Local\Temp\_isB633.exe
C:\Users\DC\AppData\Local\Temp\_isC003.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-08-21 19:11] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 36968F9BF49408511C4DC23BE645164B

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 00:59

==================== End Of Log ============================

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 30 January 2014 - 06:01 PM

Download the enclosed file.

 

Save it in the location FRST64 is.

 

Run FRST64 and click on the Fix button. Wait until finished.

 

The tool will make a log in the location FRST64 is, (Fixlog.txt). Please post it to your reply.

 

Once finished with the above, type the following in the edit box on FRST64, after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt)it will appear in the location FRST64 is, in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users