Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if infected, Computer is acting funky.


  • This topic is locked This topic is locked
3 replies to this topic

#1 froggyfixit

froggyfixit

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 10 June 2014 - 05:38 PM

I am not sure if this is the right place since I am unsure if I am infected, but yall are the people I turn to when I cant find the answers. I Installed a new GPU (upgraded from HD 6670 to r9 270x) and my computer has been acting strange ever since. I got the games to work after a few uninstalls and reinstalls of the AMD drivers. I found a system process would cancel any full screen thing I had going but only if the program used dx11 (if conhost.exe is running, the dx11 program wont open. Tested with Civ 5, 3dMark Demo, and Saints row the third), the process is conhost.exe. I would kill it, and would be able to go back into my game but I could not go back in if that was still running. I do not recall any risky clicks or anything like that, but I did use a driver sweeper program before installing this card (in safe mode as it suggested) Below are the dds logs. (quick edit, realized I had Daemon tools running, I have disabled the virtual drive already.. Sorry about that)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Sean at 18:23:33 on 2014-06-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.14300.12331 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
G:\Program Files (x86)\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
G:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files (x86)\Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Program Files (x86)\Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [DAEMON Tools Lite] "G:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "G:\Program Files (x86)\Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - G:\Program Files (x86)\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: UseDefaultTile = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DontDisplayLockedUserId = dword:2
IE: E&xport to Microsoft Excel - G:\PROGRA~1\Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - G:\PROGRA~1\Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - G:\Program Files (x86)\Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - G:\Program Files (x86)\Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3B7F0E84-ACC8-4CD3-B60A-FEE78DBD3B64} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - <orphaned>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files (x86)\Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-5 83176]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-5 43240]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-20 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-5-22 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-5-22 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2014-5-18 225504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2014-4-16 1375600]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-6-2 241728]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-5-27 106816]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-5-27 227648]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-7-6 138568]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-7-6 415560]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2014-4-16 1930240]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-4-8 94720]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-4-16 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-10 60640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-2-28 520416]
S3 GPUZ;GPUZ;C:\Windows\Temp\GPUZ.sys [2014-6-10 27008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-4-16 565352]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-16 1255736]
.
=============== Created Last 30 ================
.
2014-06-10 22:01:50 -------- d-----w- C:\Program Files\AMD Quick Stream
2014-06-10 22:01:48 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-06-10 21:59:26 60640 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2014-06-10 21:23:07 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A438F364-BC44-445C-B335-59DCD0DE937C}\mpengine.dll
2014-06-10 21:08:09 -------- d-----w- C:\Users\Sean\AppData\Local\Futuremark_Corporation
2014-06-10 21:07:17 -------- d-----w- C:\Program Files\Futuremark
2014-06-10 19:41:12 -------- d-----w- C:\Users\Sean\AppData\Local\Futuremark
2014-06-10 19:39:42 -------- d-----w- C:\Program Files (x86)\Futuremark
2014-06-10 19:35:07 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2014-06-10 19:25:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-06-10 19:25:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-06-10 19:19:06 -------- d-----w- C:\Users\Sean\AppData\Local\ATI
2014-06-10 19:18:05 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-06-10 19:03:32 0 ----a-w- C:\Windows\ativpsrm.bin
2014-06-10 19:03:05 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-06-10 19:02:45 -------- d-----w- C:\Program Files\ATI Technologies
2014-06-10 19:02:43 -------- d-----w- C:\Program Files\ATI
2014-06-10 03:29:00 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-09 01:50:16 -------- d-----w- C:\Users\Sean\AppData\Local\Stardock
2014-06-09 01:43:18 -------- d-----w- C:\ProgramData\Stardock
2014-06-05 21:10:43 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{303B3715-7B04-4CE3-A3F2-B410F78A9DA5}\gapaengine.dll
2014-06-03 01:47:33 -------- d-----w- C:\Users\Sean\AppData\Roaming\16
2014-05-23 02:28:16 127872 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-05-23 02:28:16 117560 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-05-23 02:28:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-05-23 02:28:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-05-23 02:28:06 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-05-23 02:28:06 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-05-23 02:28:04 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-05-23 02:28:02 1108432 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-05-23 02:27:54 9015224 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-05-23 02:27:48 7102496 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-05-23 02:27:42 6879016 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-05-23 02:27:38 7892000 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-05-23 02:27:34 8108312 ----a-w- C:\Windows\System32\atiumd64.dll
2014-05-23 02:24:24 276192 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-05-23 02:22:08 15950336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys.old
2014-05-23 02:22:08 15950336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-05-23 01:56:56 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-05-23 01:55:58 27529216 ----a-w- C:\Windows\System32\atio6axx.dll
2014-05-23 01:52:44 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-05-23 01:47:48 231424 ----a-w- C:\Windows\System32\clinfo.exe
2014-05-23 01:47:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-05-23 01:47:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-05-23 01:47:38 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-05-23 01:47:38 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-05-23 01:47:36 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-05-23 01:47:30 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-05-23 01:47:26 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-05-23 01:47:22 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-05-23 01:47:18 32874496 ----a-w- C:\Windows\System32\amdocl64.dll
2014-05-23 01:46:06 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-05-23 01:45:54 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-05-23 01:45:38 5224960 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-05-23 01:45:26 27841024 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-05-23 01:43:48 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-23 01:43:44 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-23 01:40:52 23028224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-05-23 01:38:08 366592 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-05-23 01:38:02 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-05-23 01:38:00 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-05-23 01:37:52 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-05-23 01:37:50 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-05-23 01:37:44 4180992 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-05-23 01:37:34 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-05-23 01:35:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-05-23 01:31:00 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-05-23 01:30:50 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-05-23 01:27:46 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-05-23 01:27:42 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-05-23 01:25:46 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-05-23 01:25:38 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-05-23 01:25:32 588800 ----a-w- C:\Windows\System32\atieclxx.exe
2014-05-23 01:25:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-05-23 01:24:34 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-05-23 01:18:54 826368 ----a-w- C:\Windows\System32\coinst_14.200.dll
2014-05-23 01:12:34 1207296 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-05-23 01:12:26 898560 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-05-23 01:12:16 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-05-23 01:12:12 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-05-23 01:12:12 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-05-23 01:12:10 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-05-23 01:12:00 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-05-23 01:11:52 557056 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-05-23 01:11:36 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-05-23 01:11:32 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-05-23 01:11:24 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-05-23 01:11:20 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-05-23 01:05:52 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-05-22 16:55:24 -------- d-----w- C:\ProgramData\vsosdk
2014-05-21 00:41:29 -------- d-----w- C:\Program Files (x86)\StreamTorrent 1.0
2014-05-21 00:32:57 -------- d-----w- C:\Users\Sean\AppData\Roaming\streamtorrent
2014-05-20 21:11:31 -------- d-----w- C:\Users\Sean\AppData\Local\IsolatedStorage
2014-05-20 21:11:25 -------- d-----w- C:\Program Files (x86)\NZXT
2014-05-18 15:52:33 -------- d-----w- C:\Users\Sean\AppData\Local\AppEx Networks
2014-05-18 15:28:00 225504 ----a-w- C:\Windows\System32\drivers\appexDrv.sys
2014-05-18 15:25:30 -------- d-----w- C:\Users\Sean\AppData\Roaming\library_dir
2014-05-18 01:33:47 -------- d-----w- C:\Windows\AutoKMS
2014-05-14 21:07:37 -------- d-----w- C:\Users\Sean\AppData\Local\Risen2
2014-05-14 01:32:04 649504 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
2014-05-13 21:38:02 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-05-13 21:38:02 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
.
==================== Find3M  ====================
.
2014-06-10 22:03:30 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-06-10 19:06:01 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-23 02:28:08 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-05-23 02:28:04 1328352 ----a-w- C:\Windows\System32\aticfx64.dll
2014-05-23 02:27:56 10516488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-05-12 11:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 11:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:02 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-20 14:35:23 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-04-16 18:19:45 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-16 17:38:34 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-16 17:38:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-08 14:20:34 94720 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2014-04-08 14:18:48 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 18:23:43.27 ===============

Attached Files


Edited by froggyfixit, 10 June 2014 - 05:41 PM.


BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:01:01 PM

Posted 14 June 2014 - 02:20 PM

Hello froggyfixit, 


I will be helping with your computer problems.

Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen

I'm analyzing what you posted, but since some days have passed is better to have some updated logs.

If the problem is not solved, in your next reply please post a fresh DDS log and the updated Attach.txt file.

 


Regards 



#3 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:01:01 PM

Posted 17 June 2014 - 02:02 PM

Hello froggyfixit, 

 

are you still with us?

If you will not reply in the next two days, the topic will be closed.

 

 

Regards



#4 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:01:01 PM

Posted 19 June 2014 - 05:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users