Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I might be infected with malware that controls my computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 evensteven

evensteven

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 07 October 2014 - 08:51 PM

I have been having problems with malware that has been controlling my computer randomly for the past week, it controls my computer without internet I believe but I am not so sure on that one but it seems like a person is controlling it since it makes spelling mistakes and such. It happens at the random time of the day and types and clicks on my screen

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by steve at 21:43:16 on 2014-10-07
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.16329.13277 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS\System Level Up Driver\SysLevelUp.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files\ASUS\ROG GameFirst II\spd.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\ASUS\ROG GameFirst II\cfosspeed.exe
C:\Users\steve\AppData\Roaming\Spotify\spotify.exe
C:\Users\steve\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\steve\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\steve\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\steve\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\steve\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1171\1.0.1171\TmopIEPlg32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1107\7.5.1107\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Spotify] "C:\Users\steve\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{8F16B51D-8659-4A10-9409-15F7C0ABDAC9} : DHCPNameServer = 192.168.0.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1107\7.5.1107\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1171\1.0.1171\TmopIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1171\1.0.1171\TmopIEPlg.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1107\7.5.1107\TmBpIe64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [ROG GameFirst II] C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\www\Installer.cmpt\resources\common.lproj\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" -ReFlush "none" "none"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1107\7.5.1107\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1171\1.0.1171\TmopIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-1-23 647736]
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2012-12-24 46392]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2012-12-24 76672]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-12-24 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-12-24 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-12-24 149120]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-4 1149760]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-23 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-23 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-4 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-4 860472]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-4 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-4 19440960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-4 411968]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-11-27 248640]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2012-12-24 77112]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-23 365376]
R3 AU8168;AU 8168 NT Driver;C:\Windows\System32\Drivers\au630x64.sys [2013-9-23 792648]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-14 240408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-10-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-10-4 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-10-4 64216]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-6-2 1928264]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-4 20288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-10-4 38048]
R3 rzendpt;rzendpt;C:\Windows\System32\Drivers\rzendpt.sys [2014-5-19 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\Drivers\rzudd.sys [2014-5-19 155816]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2012-12-24 33176]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-14 193816]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/23 15:06:11;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-23 243728]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-12-24 310952]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-24 690832]
S3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2012-12-24 98104]
.
=============== Created Last 30 ================
.
2014-10-07 20:48:48 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-07 20:48:23 -------- d-----w- C:\AdwCleaner
2014-10-07 20:47:29 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4513CFEC-717B-4C09-A023-842C15D24F5D}\mpengine.dll
2014-10-06 22:01:49 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-10-06 00:02:57 -------- d-----w- C:\Users\steve\AppData\Local\Spotify
2014-10-06 00:02:36 -------- d-----w- C:\Users\steve\AppData\Roaming\Spotify
2014-10-05 19:22:20 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-10-05 19:15:18 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-05 15:08:13 566784 ----a-w- C:\Windows\System32\wvc.dll
2014-10-05 15:07:51 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
2014-10-05 15:04:58 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-10-05 15:04:58 78336 ----a-w- C:\Windows\System32\drivers\IPMIDrv.sys
2014-10-05 15:04:58 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-10-05 15:04:58 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-10-05 15:04:58 215040 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-10-05 15:04:58 1120768 ----a-w- C:\Windows\System32\gpedit.dll
2014-10-05 15:04:58 1075200 ----a-w- C:\Windows\SysWow64\gpedit.dll
2014-10-05 15:03:26 94552 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2014-10-05 15:03:26 328024 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2014-10-05 14:52:37 78712 ----a-w- C:\Windows\SysWow64\GX900Hook.dll
2014-10-05 14:52:36 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-10-05 14:52:36 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-10-05 14:52:36 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-10-05 14:52:36 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-10-05 14:52:36 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-10-05 14:52:35 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-10-05 14:52:35 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-10-05 01:08:20 -------- d-----w- C:\Users\steve\AppData\Roaming\AVG2015
2014-10-05 01:08:16 -------- d-----w- C:\Users\steve\AppData\Roaming\TuneUp Software
2014-10-05 01:08:13 -------- d--h--w- C:\$AVG
2014-10-05 01:08:13 -------- d-----w- C:\ProgramData\AVG2015
2014-10-05 01:07:13 -------- d--h--w- C:\ProgramData\Common Files
2014-10-05 01:07:13 -------- d-----w- C:\Users\steve\AppData\Local\MFAData
2014-10-05 01:07:13 -------- d-----w- C:\Users\steve\AppData\Local\Avg2015
2014-10-05 01:07:13 -------- d-----w- C:\ProgramData\MFAData
2014-10-05 01:01:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-05 01:01:43 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-05 01:01:43 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-05 01:01:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-05 01:01:43 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-05 01:01:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 01:01:09 -------- d-----w- C:\Users\steve\AppData\Local\Programs
2014-10-05 00:51:08 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-10-05 00:51:07 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-10-05 00:17:52 -------- d-----w- C:\Users\steve\AppData\Local\PunkBuster
2014-10-05 00:09:25 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-05 00:02:39 -------- d-----w- C:\Users\steve\AppData\Local\NVIDIA Corporation
2014-10-05 00:02:39 -------- d-----w- C:\Users\steve\AppData\Local\NVIDIA
2014-10-05 00:02:38 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-05 00:02:38 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-05 00:02:38 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-05 00:02:38 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-05 00:02:36 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-10-05 00:02:36 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-10-05 00:02:36 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-10-05 00:01:02 -------- d-----w- C:\Users\steve\AppData\Local\ESN
2014-10-04 22:20:33 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-10-04 12:27:55 -------- d-----w- C:\Windows\System32\MRT
2014-10-04 12:27:28 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-10-04 12:27:28 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-10-04 03:10:34 -------- d-----w- C:\Users\steve\AppData\Local\Razer
2014-10-04 03:09:27 -------- d-----w- C:\Users\steve\AppData\Roaming\LolClient
2014-10-04 02:42:55 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2014-10-04 02:32:18 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-10-04 02:31:56 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2014-10-04 02:28:59 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-10-04 02:17:19 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2014-10-04 02:09:58 -------- d-----w- C:\Users\steve\AppData\Roaming\Origin
2014-10-04 02:09:58 -------- d-----w- C:\Users\steve\AppData\Local\Origin
2014-10-04 02:09:17 -------- d-----w- C:\ProgramData\Riot Games
2014-10-04 02:08:50 -------- d-----w- C:\ProgramData\Origin
2014-10-04 02:08:50 -------- d-----w- C:\ProgramData\Electronic Arts
2014-10-04 02:08:49 -------- d-----w- C:\Program Files (x86)\Origin
2014-10-04 02:08:07 -------- d-----w- C:\Program Files (x86)\Steam
2014-10-04 02:08:07 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-10-04 02:07:24 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2014-10-04 02:07:24 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2014-10-04 02:07:24 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-10-04 02:07:24 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-10-04 02:07:24 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-10-04 02:07:22 -------- d-----w- C:\Riot Games
2014-10-04 02:06:47 -------- d-----w- C:\Users\steve\AppData\Roaming\Riot Games
2014-10-04 02:06:19 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-10-04 02:05:19 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2014-10-04 02:05:08 -------- d-----w- C:\Users\steve\AppData\Local\Google
2014-10-04 02:04:54 -------- d-----w- C:\Users\steve\AppData\Local\Deployment
2014-10-04 02:04:54 -------- d-----w- C:\Users\steve\AppData\Local\Apps
2014-10-04 02:04:49 -------- d-----w- C:\Users\steve\AppData\Roaming\Intel Corporation
.
==================== Find3M  ====================
.
2014-10-05 00:17:52 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-04 23:57:55 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-10-04 23:57:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-13 21:53:36 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-09-11 15:37:55 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-23 06:47:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 03:33:25 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 03:33:01 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 21:43:31.16 ===============
 


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 PM

Posted 12 October 2014 - 02:38 PM

Hi, welcome to Bleeping Computer, sorry about the delay but we get quite busy around here.  DDS is a bit outdated and not being updated, lets run these scans instead so we can see whats going on

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.

 

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

 

I just want to see the report....Please Do Not Fix Anything

============================================================================

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties

 


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
    *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:31 PM

Posted 16 October 2014 - 06:58 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users