Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please take a look at this DDS log, feel i might be infected, no certain signs


  • This topic is locked This topic is locked
29 replies to this topic

#1 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 06 September 2014 - 06:47 PM

I have noticed my computer slowing down over the past few days, i've also had some problems with the internet. The internet problems being that on some occasions i have tried to open pages in chrome but the "Connecting..." stage takes forever and the page does not load until i close and reopen the browser(that has happened just now as i am trying to post this post, in the time taken to visit google and some news pages 5 times this still hadn't "waited for"). I've seen more files in task manager than i have in the past, but they all look quite legit. AVG free, my main antivirus, finds nothing. MBAM free, finds nothing. MBAR finds nothing. ESET online scanner gives no results, Rkill does not find anything. SecurityCheck.exe finds nothing. But i still have some suspicions. If someone would be kind enough to look over this log and tell me if there is anything suspicious that might indicate infection it would really help. I have not installed new programs on my windows 8 machine for several months EXCEPT for doing a reinstall of my AVG antivirus and installing piriform's "speccy". other things i can report are seeing constant "automatic maintenance" prompts in my system tray, upon clicking the flag icon there is a message to "run automatic maintenance now to optimize your computer", running this does nothing visibly apparent except make the screen flare up brightly for a few seconds, as soon as this "maintenance" finishes the prompt is back to run it again. I can also report rare total freezes of the whole computer (cursor does not respond to mouse movements) for 30 seconds or so occasionally when opening web pages. I can open exe files with no problem, i can visit security websites with no problem, I haven't seen unusual pop-ups or extra adverts, my default search engine (google) and home page (also google) have not changed in any of my browsers (chrome, FF and IE), i have not noticed any personal files missing, I haven't seen unusual error messages, task manager opens without problems. Hopefully someone will be able to provide a definite answer to whether I have any type of infection, and also in knowing whether an infection could have infiltrated my backups. The DDS.txt log is attached, When I ran DDS it showed as a black box with green text within it's own program (not within a command prompt style window). The DDS program was quite specific in NOT posting the attach.txt log unless asked for(does it contain really private and sensitive info or something?), it is waiting to be uploaded should you require it. At the time of running DDS I had taken out my ethernet cable(I Keep "flight mode" permanently on on the computer as I use wired connections in preference to wireless whenever possible) so was not connected to the internet. My laptop is a Toshiba Satellite pro, it was bought in august/september/october 2013. I am as far as I know fully up to date with windows security updates, I avoid using IE and do most of my browsing with chrome, I have FF incase I need it at some point, i have IE because it was pre-installed. The programs I run most on this machine are google chrome(browser), sketchup( 3d modelling), belnder (3d rendering). I do not think I have any windows installation media about, all my personal files and installers for a couple of my programs (sketchup and blender) are backed up on USB, cd-rw and online. I have quite a bit of experience with computers but NOT with the registry (except for merely looking at it), command prompt, coding, programming, setting up from scratch or fiddling with windows's deepest settings. I make a habit of scanning every file I download, except images, with MBAM and AVG before opening it. I always keep the setting in my folder options to ensure full file extensions are always shown (for file.jpg.png  for example). My machine has quite a few programs pre-installed on it.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054
Run by personal info removed at 0:05:24 on 2014-09-07
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.3979.2153 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\personal info removed
\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AVG-Secure-Search-Update_0814av] C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=665594040dc747d39dcba11d94690100-bdb527e1ce41070524c77cdce9e4a40f26d7971f /CMPID=0814av
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\personal info removed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
personal info removed
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.235.192.1
TCP: Interfaces\{0A58E177-44F0-462A-B0D5-02F8D96B8949} : DHCPNameServer = 10.235.192.1
TCP: Interfaces\{1423E7E4-013E-4041-9151-F2E142041865} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2DEA570A-F43C-4EFD-857B-766FC08F9CDB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F3EEAC4-0743-4D45-BE4A-CC1031FC7BFF} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{69170C52-A926-4986-B0A9-611C89B102C7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A4FFB84C-6C80-4594-8C1F-98A29B59D107} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C67238EB-F208-49BC-B06A-5872169B00AC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D2FBCD64-017D-4781-BA1C-379477A32F43} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-22 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-22 166720]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-9-12 232288]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-28 201872]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-22 365376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-8-22 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\Drivers\btfilter.sys [2012-7-11 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-11-8 174592]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-3-8 311184]
.
=============== Created Last 30 ================
.
2014-09-03 21:27:58 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av
2014-09-03 21:27:37 -------- d-----w- C:\ProgramData\Avg_Update_0814av
2014-09-02 19:15:38 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\AVG2014
2014-09-02 19:14:53 -------- d--h--w- C:\$AVG
2014-09-02 19:14:53 -------- d-----w- C:\ProgramData\AVG2014
2014-09-02 19:14:22 -------- d-----w- C:\Program Files (x86)\AVG
personal info removed
2014-09-02 19:03:45 -------- d-----w- C:\ProgramData\MFAData
personal info removed
2014-08-28 17:34:42 -------- d-----w- C:\Program Files\Speccy
2014-08-27 22:17:55 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-24 19:43:50 -------- d-----w- C:\Windows\pss
2014-08-20 14:00:50 262312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-12 18:58:33 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-12 18:58:32 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-12 18:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-12 18:49:43 1312768 ----a-w- C:\Windows\System32\rpcrt4.dll
.
==================== Find3M  ====================
.
2014-09-06 23:04:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-06 19:15:50 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-12 19:15:33 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-12 19:15:33 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-12 19:15:11 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-12 19:15:09 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-12 19:15:09 1623040 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-12 19:15:06 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-07 06:33:36 712192 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 03:09:52 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-06 09:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-08-02 00:15:04 704480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15:04 105440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-24 12:10:54 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-07-24 12:10:46 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-07-24 12:10:46 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 10:52:20 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-24 08:03:01 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-07-21 20:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-07-12 04:41:28 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-12 04:41:26 8704 ----a-w- C:\Windows\System32\KBDRUM.DLL
2014-07-12 04:41:18 6656 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-12 04:16:30 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-12 04:16:23 8192 ----a-w- C:\Windows\SysWow64\KBDRUM.DLL
2014-07-12 04:15:54 6144 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-08 22:33:04 181248 ----a-w- C:\Windows\System32\Defrag.exe
2014-07-08 22:32:55 1539584 ----a-w- C:\Windows\System32\storagewmi.dll
2014-07-08 22:32:25 340480 ----a-w- C:\Windows\System32\defragsvc.dll
2014-07-08 22:30:54 1220608 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2014-07-07 05:52:33 74752 ----a-w- C:\Windows\System32\wcmcsp.dll
2014-07-07 05:52:33 263680 ----a-w- C:\Windows\System32\wcmsvc.dll
2014-07-04 10:52:10 328000 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-07-03 01:59:28 1824784 ----a-w- C:\Windows\System32\ntdll.dll
2014-07-03 00:30:17 1408952 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
2014-06-30 11:43:18 270104 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
2014-06-30 11:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-28 07:01:48 96768 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2014-06-28 06:57:15 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-06-28 06:56:03 117248 ----a-w- C:\Windows\System32\dwmapi.dll
2014-06-27 03:42:55 618496 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-06-27 03:41:15 247296 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-06-25 07:09:25 733184 ----a-w- C:\Windows\System32\win32spl.dll
2014-06-25 07:07:52 1023488 ----a-w- C:\Windows\System32\localspl.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 23:27:08 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-06-17 23:24:48 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-06-17 23:23:47 2238464 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-06-17 15:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 15:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 15:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 15:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-06-13 01:57:00 1453400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-13 01:55:08 199680 ----a-w- C:\Windows\System32\cdd.dll
2014-06-12 23:35:25 8857600 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-06-12 23:34:55 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-06-12 23:34:51 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2014-06-12 23:29:54 10116608 ----a-w- C:\Windows\System32\twinui.dll
2014-06-12 23:29:26 2306560 ----a-w- C:\Windows\System32\authui.dll
2014-06-12 23:29:24 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2014-06-11 14:47:22 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-06-11 04:40:01 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-06-10 22:44:20 1403896 ----a-w- C:\Windows\System32\winload.efi
.
============= FINISH:  0:05:44.45 ===============
 
Thank you.
When you reply please remind me to post another copy of this DDS log done right then, incase anything has changed in the time it takes you to respond to this thread.
 
I AM VERY SORRY FOR THE DOUBLE POST, THE CONNECTION WAS PLAYING UP.

" Please note that since this DDS log was posted I have run windows update and various automatic updates on my browsers and antivirus. I Can post a new DDS log easily if it helps, along with making a new "attach.txt". "

Edited by quietman7, 08 November 2014 - 10:32 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 11 September 2014 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547183 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 12 September 2014 - 06:40 AM

A new DDS log is attached, once again i can add "attach.txt" should you think it necessary (i'm still not sure why attach.txt is not supposed to just be posted like a nomral log). The first post here contains all the details i could give about my system and my problem. To clarify question 3 in the helpbot's "point 2", i do NOT have the installation disc available. please note that since that first DDS log was run i have updated windows (on tuesday/wednesday 9th/10th), i let chrome and firefox automatically update and i have had definition updates continue to happen to my AVG antivirus
The new DDS log is below and shows the state of my system at 12:32 uk time 12/09/2014, it was run with chrome open and no other programs were running at the time. note also that at the time of running DDS i had taken out my internet connection cable, but left chrome open, and then plugged the cable back in after running the scan. Another point is that my system is set up to have 2 main "sections" on it's drive, C:\ and D:\  C contains all my programs, temp files and windows files, D:\ has all my personal documents and also is where the dds.com file was saved when i downloaded it. I don't know if the existence of the two "sections(i'm not sure of the proper name)" matters for the purposes of diagnosing infections or if it is apparent from the log files.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by personal info removed at 12:32:31 on 2014-09-12
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.3979.2345 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AVG-Secure-Search-Update_0814av] C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe /PROMPT /mid=665594040dc747d39dcba11d94690100-bdb527e1ce41070524c77cdce9e4a40f26d7971f /CMPID=0814av
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\personal info removed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
personal info removed
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.235.192.1
TCP: Interfaces\{0A58E177-44F0-462A-B0D5-02F8D96B8949} : DHCPNameServer = 10.235.192.1
TCP: Interfaces\{1423E7E4-013E-4041-9151-F2E142041865} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2DEA570A-F43C-4EFD-857B-766FC08F9CDB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F3EEAC4-0743-4D45-BE4A-CC1031FC7BFF} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{69170C52-A926-4986-B0A9-611C89B102C7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A4FFB84C-6C80-4594-8C1F-98A29B59D107} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C67238EB-F208-49BC-B06A-5872169B00AC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D2FBCD64-017D-4781-BA1C-379477A32F43} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-22 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-22 166720]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-9-12 232288]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-28 201872]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-22 365376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-8-22 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\Drivers\btfilter.sys [2012-7-11 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-11-8 174592]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-3-8 311184]
.
=============== Created Last 30 ================
.
2014-09-10 21:55:23 536776 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2014-09-10 21:55:22 678600 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2014-09-10 21:53:51 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-10 21:53:50 755712 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:53:39 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 21:53:39 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-09-10 21:53:22 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 21:53:20 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 21:49:54 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-09-10 21:49:54 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-09-03 21:27:58 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av
2014-09-03 21:27:37 -------- d-----w- C:\ProgramData\Avg_Update_0814av
2014-09-02 19:15:38 -------- d-----w- C:\Users\personal info removed\AppData\Roaming\AVG2014
2014-09-02 19:14:53 -------- d--h--w- C:\$AVG
2014-09-02 19:14:53 -------- d-----w- C:\ProgramData\AVG2014
2014-09-02 19:14:22 -------- d-----w- C:\Program Files (x86)\AVG
personal info removed
2014-08-28 17:34:42 -------- d-----w- C:\Program Files\Speccy
2014-08-27 22:17:55 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-24 19:43:50 -------- d-----w- C:\Windows\pss
2014-08-20 14:00:50 262312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
.
==================== Find3M  ====================
.
2014-09-11 19:47:14 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-06 19:15:50 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-30 05:48:18 10115072 ----a-w- C:\Windows\System32\twinui.dll
2014-08-30 05:47:29 2885632 ----a-w- C:\Windows\System32\msi.dll
2014-08-30 05:46:33 2306560 ----a-w- C:\Windows\System32\authui.dll
2014-08-30 04:05:16 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll
2014-08-30 04:04:35 2416128 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-30 04:03:50 2037760 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-06 09:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-24 13:50:54 447296 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-07-21 20:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-16 23:28:11 27648 ----a-w- C:\Windows\SysWow64\sscore.dll
2014-07-16 22:59:01 35840 ----a-w- C:\Windows\System32\sscore.dll
2014-07-16 22:59:01 305664 ----a-w- C:\Windows\System32\srvsvc.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-07-12 06:45:14 1549824 ----a-w- C:\Windows\System32\msdtctm.dll
2014-07-12 04:41:28 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-12 04:41:26 8704 ----a-w- C:\Windows\System32\KBDRUM.DLL
2014-07-12 04:41:18 6656 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-12 04:36:25 211456 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-07-12 04:36:01 674304 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-07-12 04:34:34 404480 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-07-12 04:34:22 250368 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-07-12 04:16:30 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-12 04:16:23 8192 ----a-w- C:\Windows\SysWow64\KBDRUM.DLL
2014-07-12 04:15:54 6144 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-08 22:33:04 181248 ----a-w- C:\Windows\System32\Defrag.exe
2014-07-08 22:32:55 1539584 ----a-w- C:\Windows\System32\storagewmi.dll
2014-07-08 22:32:25 340480 ----a-w- C:\Windows\System32\defragsvc.dll
2014-07-08 22:30:54 1220608 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2014-07-07 05:52:33 74752 ----a-w- C:\Windows\System32\wcmcsp.dll
2014-07-07 05:52:33 263680 ----a-w- C:\Windows\System32\wcmsvc.dll
2014-07-04 10:52:10 328000 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-07-03 01:59:28 1824784 ----a-w- C:\Windows\System32\ntdll.dll
2014-07-03 00:30:17 1408952 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
2014-06-30 11:43:18 270104 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
2014-06-30 11:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-28 07:01:48 96768 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2014-06-28 06:57:47 1341952 ----a-w- C:\Windows\System32\user32.dll
2014-06-28 06:57:15 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-06-28 06:56:03 117248 ----a-w- C:\Windows\System32\dwmapi.dll
2014-06-28 02:23:22 1126400 ----a-w- C:\Windows\SysWow64\user32.dll
2014-06-25 07:09:25 733184 ----a-w- C:\Windows\System32\win32spl.dll
2014-06-25 07:07:52 1023488 ----a-w- C:\Windows\System32\localspl.dll
2014-06-19 23:35:37 1312768 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-06-19 22:24:17 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 23:27:08 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-06-17 23:24:48 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-06-17 23:23:47 2238464 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-06-17 15:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 15:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 15:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 15:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 12:33:04.22 ===============
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 12 September 2014 - 09:15 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by personal info removed at 12:32:31 on 2014-09-12
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3979.2345 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\personal info removed\AppData\Roaming\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
personal info removed
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
personal info removed
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.235.192.1
TCP: Interfaces\{0A58E177-44F0-462A-B0D5-02F8D96B8949} : DHCPNameServer = 10.235.192.1
TCP: Interfaces\{1423E7E4-013E-4041-9151-F2E142041865} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2DEA570A-F43C-4EFD-857B-766FC08F9CDB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F3EEAC4-0743-4D45-BE4A-CC1031FC7BFF} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{69170C52-A926-4986-B0A9-611C89B102C7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A4FFB84C-6C80-4594-8C1F-98A29B59D107} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C67238EB-F208-49BC-B06A-5872169B00AC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D2FBCD64-017D-4781-BA1C-379477A32F43} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\personal info removed\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-22 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-22 166720]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2013-9-12 232288]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-28 201872]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-22 365376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-8-22 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\Drivers\btfilter.sys [2012-7-11 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-11-8 174592]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-3-8 311184]

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 12 September 2014 - 09:33 AM

Excuse me, you've just posted a copy of part of my DDS log, what is your post supposed to mean? do you have instructions for me to make more scans? do you have something more you want to see? do you have a diagnosis of whether i am infected and if so with what?


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 12 September 2014 - 01:26 PM


Excuse me. Here what I want you to do.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#7 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 12 September 2014 - 07:33 PM

I already have MBAM and adwcleaner on my system, should I download the latest versions or just use the ones I've got? 

 

To clarify you want the logs from MBAM, adwcleaner, anf FRST.txt pasted into my next reply. But Addition.txt is to be put in a zip file and uploaded as an attachment, (does it contain private info or something?) should i put a password on that zip(or 7z) file and tell you the password by PM? Do you still want Attach.txt that was generated when DDS was run?

 

 

The computer is running ok but a little slower than usual, as I said I'm suspicious I may have something but I haven't seen any really obvious signs (pop-ups, browser redirects, changes to personal files).

 

I will have the logs ready by tomorrow afternoon (1400 ish uk time), sorry I won't be able to get them to you any earlier. 

 

thanks for coming to assist me with this.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 08:34 AM

I have uninstalled my old versions of malwarebytes and adwcleaner and am downloading the new versions of those, plus farbar recovery scan tool now. I still have not had that clarification about the logs. that adwcleaner you have linked to, should i download that one or the one on this site?

thanks


Edited by rp88, 13 September 2014 - 08:36 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 13 September 2014 - 09:11 AM

You can paste all the logs. You may need to create more then one post.

Get the AdwCleaner from the link I gave you.
I understand it was updated yesterday.

#10 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 09:16 AM

I have the mbam logs here, i fully uninstalled mbam and then reinstalled the latest version from the link you gave me.
 
I scanned with it twice, one immediately after install and once again after tweaking some settings. the first one i did is coloured red, the second coloured green.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/09/2014
Scan Time: 14:41:57
Logfile: mbam13092014.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.13.02
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
personal info removed
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417437
Time Elapsed: 9 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/09/2014
Scan Time: 14:57:04
Logfile: mbam 13092014 2.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.13.02
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
personal info removed
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418239
Time Elapsed: 9 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 09:18 AM

I'm afraid i had already scanned with the latest bleeping computer version of adwcleaner before i saw your latest reply.
 
it is here, should i scan again with the version you linked to or are they the same?
 
# AdwCleaner v3.310 - Report created 13/09/2014 at 15:08:47
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : personal info removed
# Running from : D:\Users\personal info removed\Downloads\AdwCleaner 13092014.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v32.0 (x86 en-US)
 
[ File : C:\Userspersonal info removedk\AppData\Roaming\Mozilla\Firefox\Profiles\24xt9ip1.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\personal info removed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [953 octets] - [28/05/2014 18:52:53]
AdwCleaner[R10].txt - [1559 octets] - [31/08/2014 00:33:58]
AdwCleaner[R11].txt - [1720 octets] - [31/08/2014 04:14:10]
AdwCleaner[R12].txt - [1722 octets] - [31/08/2014 15:45:53]
AdwCleaner[R13].txt - [1784 octets] - [01/09/2014 18:02:51]
AdwCleaner[R14].txt - [1845 octets] - [02/09/2014 21:36:38]
AdwCleaner[R15].txt - [1173 octets] - [13/09/2014 15:08:47]
AdwCleaner[R1].txt - [1012 octets] - [30/05/2014 16:03:44]
AdwCleaner[R2].txt - [1074 octets] - [03/06/2014 23:30:40]
AdwCleaner[R3].txt - [1135 octets] - [05/06/2014 23:02:52]
AdwCleaner[R4].txt - [1196 octets] - [12/06/2014 22:37:47]
AdwCleaner[R5].txt - [1254 octets] - [19/06/2014 00:33:17]
AdwCleaner[R6].txt - [1314 octets] - [19/06/2014 21:32:37]
AdwCleaner[R7].txt - [1374 octets] - [20/06/2014 14:56:25]
AdwCleaner[R8].txt - [1434 octets] - [22/06/2014 22:00:23]
AdwCleaner[R9].txt - [1498 octets] - [04/08/2014 22:52:24]
AdwCleaner[S0].txt - [1782 octets] - [31/08/2014 04:15:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R15].txt - [1834 octets] ##########
 
 
 
 
 
frst log is coming up now
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 09:35 AM

personal info removed

Edited by quietman7, 08 November 2014 - 10:35 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 10:27 AM

As an extra note: i don't know if frst had anything to do with it but when i scanned my whole computer with my avg antivirus after posting those logs it was shockingly fast. It almost felt as if it wasn't doing it's job but rather was skipping over everything.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 13 September 2014 - 01:25 PM

Nothing suspicious was found on your logs.

Do you have any problems that you know of?

#15 rp88

rp88
  • Topic Starter

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:15 AM

Posted 13 September 2014 - 10:42 PM

I have noticed some changes in the way my system behaves, It's been somewhat slower (not vastly but enough to notice, deleting several gigabytes of old personal files and clearing temp folders and such had no effect on making the system any faster)  I've been seeing more svchost s than normal running in task manager, i've noticed very short duration flashes on the screen ( As in upon performing an action in a program, the whole screen sometimes briefly flashes with something other than the program i was using. Too fast to work out what the flashing thing was). I've also had a constant automatic maintenance prompt for ages (when I click to let it run it does "nothing(?)" and then is back under the flag icon in the system tray immediately afterwards  and wanting to be run again to do more of nothing(?). ). I've had a few weird crashes, and freezes where my system was not doing anything intensive at the time. I've also had points a week or two back when i think something may have been wrong with my antivirus. I had to fully reinstall it which means i might have been unprotected for some time before performing that reinstall. I have also noticed processes running in task manager that i had not seen before, some of them were certainly not there a few months back. Another thing i had begun to notice was when i ran a full system scan with AVG every few days the scan detected one more "locked file", this number of locked files it detects has been increasing recently where previously it was a fairly level number. I know that locked files aren't necessarily viruses but the fact that the number of them has been rising mkes me wonder if a virus had been trying make itself at home in one of them.  All those things combined have been enough to make me feel somewhat suspicious. Also as i will very soon be doing a lot of backing up of files, i need to make sure my system is clean so that the backups i create can be known with good certainty not to be infected.

 

When you say "Nothing suspicious was found on your logs" you mean to say you think my system is free of malware? I had already scanned with mbam and adwcleaner before i started this thread, if there was something they didn't spot back then i would think they would be unlikely to spot it now. Does the frst.txt and addition.txt provide a more certain verdict?

 

Thank you


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users