Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Symptoms

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware Symptoms

Unread postby KingJ » April 9th, 2014, 11:25 pm

I went AFK for about 30 mins, and the "w" key was typing by itsself, I didn't think much of it but I rebooted to be sure and the screen black screened and took 10-15 mins to load, also when I ran the aswMBR scan, my screen bluescreened (BSOD). Also their are ddos attacks coming from my own pc on my router log.

DDS (Ver_2012-11-20.01)
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:57:29 PM
System Uptime: 4/7/2014 12:40:49 AM (71 hours ago)
Motherboard: Hewlett-Packard | | 18DE
Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 273 GiB total, 207.935 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.537 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Manufacturer: Microsoft
Name: HP Truevision HD
PNP Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Service: usbvideo
==== System Restore Points ===================
RP56: 3/27/2014 12:08:57 AM - End of disinfection
RP57: 4/3/2014 1:24:14 PM - Scheduled Checkpoint
==== Installed Programs ======================
4 Elements II
Adobe Flash Player 12 Plugin
Aeria Ignite
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
Bejeweled 3
BlueStacks App Player
BlueStacks Notification Center
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Comodo IceDragon
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberGhost 5
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Ghost Recon Online (NCSA-Live)
Glary Utilities 4.7
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HitmanPro 3.7
Hoyle Card Games
HP 3D DriveGuard
HP Connected Backup
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
Jewel Match 3
John Deere Drive Green
Kaspersky Security Scan
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Exploit version
Malwarebytes Anti-Malware version
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.3
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mystery P.I. - Curious Case of Counterfeit Cove
OpenVPN Client
Opera Stable 16.0.1196.80
Opera Stable 20.0.1387.91
Peggle Nights
Polar Bowler
Polar Golfer
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Sandboxie 4.08 (64-bit)
Secunia PSI (
Security Task Manager 1.8g
SecurityKISS Tunnel v0.3.0
Skype™ 6.14
Soldier Front 2
Steganos Online Shield
Synaptics Pointing Device Driver
Tales of Lagoona
TAP-Windows 9.9.2
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
WildTangent Games App
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
==== Event Viewer Messages From Past Week ========
4/9/2014 7:40:58 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address with the system having network hardware address A4-DB-30-E9-43-61. Network operations on this system may be disrupted as a result.
4/9/2014 3:45:18 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address with the system having network hardware address 50-46-5D-18-56-AF. Network operations on this system may be disrupted as a result.
4/7/2014 12:47:50 AM, Error: Service Control Manager [7034] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 3 time(s).
4/7/2014 12:47:33 AM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/7/2014 12:47:09 AM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/7/2014 12:47:06 AM, Error: Service Control Manager [7034] - The COMODO IceDragon Update Service service terminated unexpectedly. It has done this 1 time(s).
4/7/2014 12:44:00 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/7/2014 12:44:00 AM, Error: Service Control Manager [7024] -
4/7/2014 12:43:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CyberGhost VPN 5 Client Service service to connect.
4/7/2014 12:43:29 AM, Error: Service Control Manager [7000] - The CyberGhost VPN 5 Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/6/2014 11:49:04 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Joshua at 23:23:51 on 2014-04-09
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1142 [GMT -4:00]
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\prism\openvpn-client.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\..\core\openvpn.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.91\opera.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [LightShot] C:\Users\Joshua\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\LaunchAgent.vbs" "C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe -silent"
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer =
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75} : DHCPNameServer =
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75}\7596C637F6E6D2E4564777F627B6 : DHCPNameServer =
TCP: Interfaces\{5D0E9356-0488-42E6-BA48-27AFC7FB2212} : DHCPNameServer =
TCP: Interfaces\{7AAA880A-D7A6-4540-94B8-E48368215DF6} : DHCPNameServer =
TCP: Interfaces\{AC223A55-595D-41EA-8E64-79FDCBD5D1C7} : DHCPNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\hg9h9e2n.default-1378448872379\
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
============= SERVICES / DRIVERS ===============
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-5 62168]
R1 LV_Tracker;LV_Tracker;C:\Windows\System32\Drivers\LV_TrackerX64.sys [2012-7-17 63024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-5-13 199008]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-5 319288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-9 701512]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-9 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-5-13 294544]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2013-12-2 1204424]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-13 690832]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\Drivers\tapoas.sys [2012-7-15 30720]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-5-13 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S2 AgentService;AgentService;C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [2012-11-27 7154000]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2013-11-13 64112]
S2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-12-19 1821384]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
S2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [2013-12-10 317792]
S2 Online Shield Starter Service;Online Shield Starter Service;C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [2014-2-24 318328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-14 48736]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-10 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-10 43832]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-8-12 42184]
S3 wmbclass;USB Mobile Broadband Adapter Driver;C:\Windows\System32\Drivers\wmbclass.sys [2013-7-14 230912]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
=============== File Associations ===============
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
=============== Created Last 30 ================
2014-04-09 03:21:15 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A42C3242-64C5-4980-B950-A3F57714FD39}\mpengine.dll
2014-04-08 17:33:46 10521840 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-04-07 03:07:08 -------- d-----w- C:\Users\Joshua\AppData\Roaming\SUPERAntiSpyware.com
2014-04-07 03:06:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-04-07 03:06:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-04-07 03:03:36 -------- d-----w- C:\Program Files\UVK - Ultra Virus Killer
2014-03-16 15:47:11 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-13 16:57:39 385 ----a-w- C:\Windows\System32\_zipIt.vbs
2014-03-13 03:04:00 233056 ----a-w- C:\Windows\System32\drivers\11090394.sys
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 01:33:09 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 01:33:09 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 01:33:08 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 01:33:08 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 00:44:47 -------- d-----w- C:\ProgramData\GlarySoft
2014-03-12 00:39:15 -------- d-----w- C:\Users\Joshua\AppData\Roaming\GlarySoft
2014-03-12 00:39:13 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-03-12 00:38:43 -------- d-----w- C:\Program Files (x86)\Glary Utilities 4
==================== Find3M ====================
2014-03-17 18:22:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
============= FINISH: 23:25:46.53 ===============
Active Member
Posts: 4
Joined: March 12th, 2014, 10:42 pm
Register to Remove

Re: Possible Malware Symptoms

Unread postby Cypher » April 12th, 2014, 10:05 am

Posting at multiple forums

You are already receiving help with this problem at another forum:


May I draw your attention to the ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.
See the section here where we tell you why this is not a good idea.

This topic is now closed
User avatar
Posts: 14936
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware