Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found Rootkit and possible other hidden Maleware.


  • This topic is locked This topic is locked
2 replies to this topic

#1 ghonzo

ghonzo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 24 September 2016 - 07:10 AM

So I guess my wife was downloading something and ended up infecting my laptop.

Ran Malwarebye, Adware, CCleaner and HitmanPro and removed the maleware. Went into Safe Mode did the same thing found nothing. I then Ran Gmer and found out there is a rootkit through my firefox maintenance log (hidden). Tried to scan using Gmer and it keeps crashing probably cause of the rootkit. Been scrambling all night now trying to fix this and I gave up and now seeking help.

 

Currently running ESET to see if it will find anything. So far I know I can't open my Window Defender and there is a group policy being placed and I cannot turn off that group policy. Tried going to a safe restore point and still can't get rid of it. Was about to do a clean installation using the MSI software but I figured I would ask here first and try to remove the rootkit before I go ahead and do a clean install to prevent any lingering crap I don't want.

 

So far this is my current log off dds

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.10586.589  BrowserJavaVersion: 11.101.2
Run by User at 4:58:52 on 2016-09-24
Microsoft Windows 10 Home  10.0.10586.0.1252.1.1033.18.16299.13532 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security *Enabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security *Enabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [Uninstall C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [SUPER CHARGER] C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\KILLER~1.LNK - C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - D:\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\55E6465627F5458656F5355616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\75F6C666071636B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\C496E6B63797371313335363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\D4F62716E64616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\E45736C656162726F6D626 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{496fe7ee-c949-4ed7-9ec2-3ea237d81b43}\F4C494655425D20534F5E4564777F627B6 : DHCPNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{e7f14d9d-8f86-43f9-9eca-3ca1ec9508fb} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NahimicMSIUILauncher] C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe /noUI
x64-Run: [MsiTrueColor] "C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe" startup_folder
x64-Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe
x64-Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1    www.spywareinfo.com
Hosts: 162.222.194.13    cocomo.tremorhub.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\tbiin3jm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2016-7-27 272640]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-8-2 262400]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2016-6-1 52992]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-4-14 1455552]
R0 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2016-1-19 19152]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-9-18 218624]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2016-8-4 313096]
R1 BfLwf;KIller Bandwidth Control;C:\WINDOWS\System32\drivers\bwcW10x64.sys [2015-7-7 114736]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\WINDOWS\System32\drivers\cmderd.sys [2015-11-18 21720]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\WINDOWS\System32\drivers\cmdhlp.sys [2015-8-5 35056]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
R3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
R3 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
R3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e2xw10x64.sys [2016-2-18 170128]
R3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
R3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-9-24 192216]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NETwNb64;___ Intel® Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-6-21 3776792]
R3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
R3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2016-2-20 33960]
R3 ssdevfactory;SteelSeries Device Factory Service;C:\WINDOWS\System32\drivers\ssdevfactory.sys [2015-6-1 32792]
R3 sshid;SteelSeries HID Service;C:\WINDOWS\System32\drivers\sshid.sys [2016-1-18 51400]
R3 ssps2;SteelSeries PS/2 Keyboard;C:\WINDOWS\System32\drivers\ssps2.sys [2015-5-28 32768]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
R3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
R3 USBPcap;USBPcap Capture Service;C:\WINDOWS\System32\drivers\USBPcap.sys [2015-12-10 41720]
S0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
S0 avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-6-20 77056]
S1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-5-13 163072]
S1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2016-8-23 310016]
S1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2016-6-1 260352]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\System32\drivers\cmdguard.sys [2015-11-18 828144]
S1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
S1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-8-26 5285344]
S2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-9-13 1149712]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-8-26 760024]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-1-18 143144]
S2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2016-9-19 42792]
S2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-7-17 1165368]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-23 18856]
S2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
S2 IDMWFP;IDMWFP;C:\WINDOWS\System32\drivers\idmwfp.sys [2016-7-13 207928]
S2 igfxCUIService2.0.0.0;Intel® HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-2-20 373160]
S2 isaHelperSvc;Intel® Security Assist Helper;C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
S2 Killer Service V2;Killer Service V2;C:\Program Files\Killer Networking\Network Manager\KillerService.exe [2015-7-7 402432]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-9-24 1514464]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-9-24 1136608]
S2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\SCM\MSIService.exe [2015-4-21 160768]
S2 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2015-10-20 218816]
S2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [2015-7-17 162800]
S2 MsiTrueColorService;MSI True Color Service by Portrait Displays;C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [2015-6-25 175344]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-7-17 1881144]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-1-20 2522680]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2015-10-20 2459328]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-9-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-9-24 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-9-24 171928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-6-12 3831200]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-8-26 674552]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-4-12 245760]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-21 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-8-5 2265792]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-1-18 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 129152]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;C:\Users\Oliver\Downloads\hitmanpro_x64(1).exe [2016-9-24 11579432]
S3 iai2c;Intel® Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel® Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 ibtusb;Intel® Wireless Bluetooth®;C:\WINDOWS\System32\drivers\ibtusb.sys [2016-1-18 299280]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-7-16 472872]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 Intel® Security Assist;Intel® Security Assist;C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [2015-5-19 335872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-9-24 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-9-24 65408]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2015-10-20 50368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-6-12 268192]
S3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [2015-7-17 13368]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-7-17 28216]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-7-17 3634232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-1-20 56384]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2016-1-21 178824]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2016-1-19 12504]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-7-17 411712]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-18 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-25 221824]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-14 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-9-18 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2016-1-19 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-12 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-9-18 364456]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [2016-3-29 49384]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-1 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-12 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 RsFx0202;RsFx0202 Driver;C:\WINDOWS\System32\drivers\RsFx0202.sys [2015-10-20 339648]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-09-24 11:51:31    --------    d-----w-    C:\Program Files (x86)\ESET
2016-09-24 11:43:02    21040    ----a-w-    C:\WINDOWS\System32\sdnclean64.exe
2016-09-24 11:43:01    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2016-09-24 11:42:59    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-24 10:30:16    --------    d-----w-    C:\Users\Oliver\AppData\Local\MFAData
2016-09-24 10:30:16    --------    d-----w-    C:\ProgramData\MFAData
2016-09-24 10:29:23    --------    d-----w-    C:\Program Files (x86)\AVG
2016-09-24 10:28:54    --------    d-----w-    C:\Users\Oliver\AppData\Local\AvgSetupLog
2016-09-24 10:16:20    12030488    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29A510C5-447F-456B-80F0-00425BA9E91D}\mpengine.dll
2016-09-24 10:13:44    192216    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-09-24 10:13:33    65408    ----a-w-    C:\WINDOWS\System32\drivers\mwac.sys
2016-09-24 10:13:33    27008    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2016-09-24 10:13:33    140672    ----a-w-    C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-09-24 10:13:33    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-24 10:12:52    --------    d-----w-    C:\ProgramData\HitmanPro
2016-09-24 10:12:13    12030488    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-09-24 10:09:45    --------    d--h--w-    C:\$SysReset
2016-09-24 10:02:10    --------    d--h--w-    C:\$AVG
2016-09-24 09:48:25    --------    d-----w-    C:\AdwCleaner
2016-09-24 09:34:53    509384    ---h--w-    C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-09-23 21:02:55    509384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2016-09-23 21:02:55    34016    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2016-09-23 21:02:55    226488    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-09-23 06:15:55    269600    ----a-w-    C:\WINDOWS\SysWow64\vulkan-1.dll
2016-09-23 06:15:55    261920    ----a-w-    C:\WINDOWS\System32\vulkan-1.dll
2016-09-23 06:15:55    125216    ----a-w-    C:\WINDOWS\System32\vulkaninfo.exe
2016-09-23 06:15:55    110880    ----a-w-    C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-09-23 06:15:54    --------    d-----w-    C:\Program Files (x86)\VulkanRT
2016-09-20 01:15:24    42792    ----a-w-    C:\WINDOWS\System32\DbxSvc.exe
2016-09-20 01:07:38    73840    ----a-w-    C:\WINDOWS\System32\drivers\dbx-dev.sys
2016-09-20 01:07:28    73840    ----a-w-    C:\WINDOWS\System32\drivers\dbx-stable.sys
2016-09-20 01:07:28    73840    ----a-w-    C:\WINDOWS\System32\drivers\dbx-canary.sys
2016-09-19 05:39:59    581632    ----a-w-    C:\WINDOWS\SysWow64\apphelp.dll
2016-09-19 05:38:59    980352    ----a-w-    C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-09-19 05:16:25    1167568    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{242FF59B-E897-47DC-9820-15B0E3B6EE7E}\gapaengine.dll
2016-09-01 03:52:44    --------    d-----w-    C:\Users\Oliver\AppData\Local\Discord
2016-08-30 01:53:04    --------    d-----w-    C:\Fraps
2016-08-25 18:07:17    81856    ----a-w-    C:\WINDOWS\System32\nv3dappshextr.dll
2016-08-25 18:07:17    7255045    ----a-w-    C:\WINDOWS\System32\nvcoproc.bin
2016-08-25 18:07:17    69568    ----a-w-    C:\WINDOWS\System32\nvshext.dll
2016-08-25 18:07:17    6386048    ----a-w-    C:\WINDOWS\System32\nvcpl.dll
2016-08-25 18:07:17    548920    ----a-w-    C:\WINDOWS\System32\nv3dappshext.dll
2016-08-25 18:07:17    392128    ----a-w-    C:\WINDOWS\System32\nvmctray.dll
2016-08-25 18:07:17    2468288    ----a-w-    C:\WINDOWS\System32\nvsvc64.dll
2016-08-25 18:07:17    1762752    ----a-w-    C:\WINDOWS\System32\nvsvcr.dll
2016-08-25 18:07:17    1365048    ----a-w-    C:\WINDOWS\System32\nvvsvc.exe
.
==================== Find3M  ====================
.
2016-09-24 11:20:05    180    ----a-w-    C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-24 10:30:30    21632    ----a-w-    C:\WINDOWS\System32\drivers\avgboota.sys
2016-09-24 10:30:30    163072    ----a-w-    C:\WINDOWS\System32\drivers\avgdiska.sys
2016-09-24 10:30:29    77056    ----a-w-    C:\WINDOWS\System32\drivers\avguniva.sys
2016-09-24 10:30:29    52992    ----a-w-    C:\WINDOWS\System32\drivers\avgrkx64.sys
2016-09-24 10:30:29    360736    ----a-w-    C:\WINDOWS\System32\drivers\avgloga.sys
2016-09-24 10:30:29    313096    ----a-w-    C:\WINDOWS\System32\drivers\avgwfpa.sys
2016-09-24 10:30:29    310016    ----a-w-    C:\WINDOWS\System32\drivers\avgidsdrivera.sys
2016-09-24 10:30:29    272640    ----a-w-    C:\WINDOWS\System32\drivers\avgidsha.sys
2016-09-24 10:30:29    262400    ----a-w-    C:\WINDOWS\System32\drivers\avgmfx64.sys
2016-09-24 10:30:29    260352    ----a-w-    C:\WINDOWS\System32\drivers\avgldx64.sys
2016-09-20 17:09:14    18944    ----a-w-    C:\WINDOWS\System32\mqcertui.dll
2016-09-19 11:55:16    828408    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-09-19 11:55:16    176632    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-09-19 05:39:59    552960    ----a-w-    C:\WINDOWS\SysWow64\AppointmentApis.dll
2016-09-19 05:38:59    759808    ----a-w-    C:\WINDOWS\SysWow64\SearchIndexer.exe
2016-09-19 05:22:58    635904    ----a-w-    C:\WINDOWS\SysWow64\mqsnap.dll
2016-09-19 05:22:58    14848    ----a-w-    C:\WINDOWS\SysWow64\mqcertui.dll
2016-08-09 18:15:29    58880    ----a-w-    C:\WINDOWS\System32\MusNotificationUx.exe
2016-07-28 00:04:57    207928    ----a-w-    C:\WINDOWS\System32\drivers\idmwfp.sys
2016-07-27 23:20:12    504488    ------w-    C:\WINDOWS\System32\MpSigStub.exe
2016-07-22 17:33:04    110144    ----a-w-    C:\WINDOWS\SysWow64\WindowsAccessBridge-64.dll
2016-07-22 17:33:04    110144    ----a-w-    C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2016-07-22 17:32:43    97856    ----a-w-    C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2016-07-12 23:02:52    32768    ----a-w-    C:\WINDOWS\SysWow64\msscntrs.dll
2016-07-12 23:01:57    321536    ----a-w-    C:\WINDOWS\System32\GlobCollationHost.dll
2016-07-12 20:36:54    612352    ----a-w-    C:\WINDOWS\System32\EKIJ5000MON.dll
2016-07-12 20:36:54    141312    ----a-w-    C:\WINDOWS\System32\EKIJCOINST09.dll
2016-06-27 01:17:02    2160912    ----a-w-    C:\WINDOWS\System32\WudfUpdate_01009.dll
2016-06-27 01:17:02    142048    ----a-w-    C:\WINDOWS\System32\drivers\UMDF\WirelessDevice.dll
2016-06-27 01:16:51    466728    ----a-w-    C:\WINDOWS\System32\coin99ip.dll
2016-06-27 01:16:46    49384    ----a-w-    C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys
2016-06-27 01:16:34    47616    ----a-w-    C:\WINDOWS\System32\drivers\dc3d.sys
2016-06-27 01:16:34    1721576    ----a-w-    C:\WINDOWS\System32\WdfCoInstaller01009.dll
2016-06-27 01:16:23    466728    ----a-w-    C:\WINDOWS\System32\coin99itp.dll
.
============= FINISH:  4:58:59.21 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 25 September 2016 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Please post the logs.

=============

Run this tool also.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Let me know what problems you are having with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 01 October 2016 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users