Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Am I infected?

Unread postby AwesomeAsColor » August 21st, 2012, 9:05 pm

Description of Problem
A few weeks ago my computer started behaving erratically. It started with a Blue Screen of Death(BSOD) randomly while installing something. Initially I did not catch the stop error and didn't think about it again until a few days later when it happened a second time. I suddenly started getting BSODs frequently, and I started to research the error code/codes which initially was 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF9B1FB674, 0xFFFFFFFF9A557B00, 0x0).

I found many sites reference this as possible malware so I started to look deeper into possible infections. I started to find more and more registry entries which may or may not have been some sort of infection. At this point I became a bit overwhelmed with the information and the amounting paranoia I was feeling.

Then last night I started running some checks when suddenly my internet cut out for about 30 minutes, just as I finally got ahold of a rep at the ISPs office it came back on. About 2-3 minutes after the internet came back on, my computer went BSOD and I restarted in safemode and found log files I have never seen before. At this point I am at a loss as to where to go from here. I do tend to think "I can fix this", and I hope that didn't result in me making things worse. Any help would be very appreciated! Thank You!

DDS Logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Awesome at 21:34:54 on 2012-08-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3454.2497 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59}\642494026516E60285 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFE936B7-82DE-46C2-BD40-E24CC960AE59}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\awesome\appdata\roaming\mozilla\firefox\profiles\c5348wjg.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\awesome\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\awesome\appdata\roaming\mozilla\firefox\profiles\c5348wjg.default\extensions\technicianconsole@logmeinrescue.com\plugins\npRescue.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-6-11 291840]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-20 655944]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-8-2 37944]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2012-8-20 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-20 22344]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-8-20 171520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-29 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-28 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-28 1343400]
.
=============== Created Last 30 ================
.
2012-08-22 01:27:32 -------- d-----w- c:\programdata\CPA_VA
2012-08-21 08:36:55 -------- d-----w- c:\users\awesome\appdata\local\ElevatedDiagnostics
2012-08-21 04:18:37 -------- d-----w- c:\programdata\Comodo
2012-08-21 04:18:35 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-21 04:18:35 -------- d-----w- c:\program files\COMODO
2012-08-21 03:52:52 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{100152be-1385-49bb-a3bc-24a7675e3e8a}\offreg.dll
2012-08-21 01:15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-21 01:15:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-21 00:34:03 -------- d-----w- c:\program files\ESET
2012-08-21 00:30:18 -------- d-----w- c:\users\awesome\appdata\roaming\Malwarebytes
2012-08-21 00:29:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-21 00:29:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 00:29:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-20 23:23:35 -------- d---a-w- C:\.Trash-999
2012-08-20 22:18:18 -------- d-----w- c:\users\awesome\appdata\local\Toshiba
2012-08-20 22:11:01 58888 ------w- c:\windows\system32\agrsmdel.exe
2012-08-20 22:11:01 -------- d-----w- c:\program files\ltmoh
2012-08-20 22:10:52 -------- d-----w- c:\windows\Options
2012-08-20 21:54:58 -------- d-----w- c:\windows\system32\sda
2012-08-20 21:54:33 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-08-20 21:54:32 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2012-08-20 21:54:32 171520 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-08-20 21:23:40 831488 ----a-w- c:\windows\RtlExUpd.dll
2012-08-20 21:23:40 -------- d--h--w- c:\program files\Temp
2012-08-20 21:23:38 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-08-20 21:23:38 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-08-20 21:23:38 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-08-20 21:23:38 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-08-20 21:23:38 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-08-20 21:23:36 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-08-20 21:23:35 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2012-08-20 21:15:12 128344 ----a-w- c:\windows\system32\TODDSrv.exe
2012-08-20 21:11:01 -------- d-----w- C:\sle0v190
2012-08-20 21:10:38 -------- d-----w- c:\windows\pss
2012-08-20 19:21:46 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-08-20 19:21:45 9728 ----a-w- c:\windows\system32\TCMSVR.dll
2012-08-20 19:21:44 7680 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2012-08-20 19:18:34 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-08-20 19:18:33 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-08-20 19:18:33 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-08-20 19:18:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-08-20 19:18:33 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-08-20 19:18:33 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-08-20 19:18:32 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-08-20 19:18:32 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-08-20 18:23:03 -------- d-----w- c:\program files\HWiNFO32
2012-08-20 17:06:53 -------- d-----w- c:\program files\WhoCrashed
2012-08-20 16:29:37 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-20 06:20:38 917504 ----a-w- c:\windows\system32\Flash.ocx
2012-08-20 05:12:52 -------- d-----w- c:\program files\NetDragon
2012-08-20 03:59:29 -------- d-----w- c:\users\awesome\appdata\local\Diagnostics
2012-08-18 11:50:47 -------- d-----w- c:\users\awesome\appdata\local\LogMeIn Rescue
2012-08-18 11:50:11 -------- d-----w- c:\program files\LogMeIn Rescue Technician Console
2012-08-18 11:21:59 -------- d-----w- c:\program files\LogMeIn Rescue
2012-08-18 04:34:58 -------- d-----w- c:\users\awesome\appdata\roaming\TunkDesign
2012-08-18 01:01:53 -------- d-----w- c:\program files\Code Laboratories
2012-08-17 17:17:16 -------- d-----w- c:\programdata\ALM
2012-08-17 15:42:09 -------- d-----w- c:\users\awesome\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-17 14:36:00 -------- d-----w- c:\users\awesome\Adobe Flash Builder 4.6
2012-08-17 14:25:05 -------- d-----w- c:\program files\common files\PX Storage Engine
2012-08-17 14:24:59 -------- d-----w- c:\program files\My Company Name
2012-08-17 12:20:56 -------- d-----w- c:\users\awesome\appdata\roaming\.jclient
2012-08-17 11:10:38 -------- d-----w- c:\users\awesome\appdata\roaming\.blackMagicAndCheerios
2012-08-15 16:49:34 -------- d-----w- c:\program files\Sun
2012-08-15 03:56:52 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 03:56:47 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 03:56:47 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 03:56:45 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 03:56:43 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 03:56:43 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 03:56:41 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 03:25:50 70144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP8F.DLL
2012-08-08 03:25:50 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD8F.DLL
2012-08-08 03:25:22 224768 ----a-w- c:\windows\system32\CNMLM8F.DLL
2012-08-06 15:29:45 -------- d-----w- c:\users\awesome\appdata\local\Google
2012-08-06 11:23:17 -------- d-----w- c:\users\awesome\jagexcache1
2012-08-06 11:12:55 -------- d-----w- c:\users\awesome\jagexcache
2012-08-03 05:02:31 -------- d-----w- c:\program files\common files\Toshiba Shared
2012-08-03 03:44:40 -------- d-----w- c:\program files\Toshiba
2012-08-03 03:43:26 -------- d-----w- c:\users\awesome\appdata\roaming\WinBatch
2012-08-03 03:37:51 -------- d-----w- C:\ToshibaUpdate
2012-08-03 03:35:36 -------- d-----w- c:\users\awesome\appdata\local\AMD
2012-08-03 03:34:36 -------- d-----w- c:\users\awesome\appdata\local\ATI
2012-08-03 03:34:15 -------- d-----w- c:\program files\AMD APP
2012-08-03 03:33:13 -------- d-----w- c:\programdata\AMD
2012-08-03 03:33:05 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-08-03 03:32:39 -------- d-----w- c:\program files\ATI
2012-08-03 03:31:37 -------- d-----w- C:\AMD
2012-08-03 03:26:41 -------- d-----w- c:\program files\ATI Technologies
2012-08-03 03:26:26 221184 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2012-08-03 03:26:25 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-03 03:26:25 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-03 03:26:25 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-03 03:26:25 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-08-03 03:26:02 -------- d-----w- C:\ATI
2012-08-02 18:47:12 -------- d-----w- c:\users\awesome\appdata\roaming\.Spoutcraft
2012-08-02 04:47:34 -------- d-----w- c:\windows\system32\appmgmt
2012-08-02 04:33:29 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-01 17:54:02 -------- d-----w- c:\users\awesome\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-01 17:51:11 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-01 16:03:20 -------- d-----w- c:\users\awesome\appdata\local\Adobe
2012-08-01 15:52:20 -------- d-----w- c:\users\awesome\appdata\roaming\SignCut
2012-08-01 15:52:20 -------- d-----w- c:\program files\SignCut
2012-08-01 14:02:08 -------- d-----w- c:\program files\BitTorrent
2012-08-01 14:01:24 -------- d-----w- c:\users\awesome\appdata\roaming\BitTorrent
2012-07-31 14:35:35 -------- d-----w- c:\program files\Microsoft
2012-07-31 14:34:35 -------- d-----w- c:\users\awesome\appdata\roaming\HpUpdate
2012-07-31 14:34:22 527208 ------w- c:\windows\system32\HPDiscoPM5312.dll
2012-07-31 14:34:06 -------- d-----w- c:\program files\HP
2012-07-31 14:33:55 -------- d-----w- c:\users\awesome\appdata\local\HP
2012-07-31 12:09:52 -------- d-----w- c:\users\awesome\appdata\roaming\TS3Client
2012-07-31 12:01:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-07-31 08:59:08 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-31 08:59:03 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{100152be-1385-49bb-a3bc-24a7675e3e8a}\mpengine.dll
2012-07-30 20:00:01 -------- d-----w- c:\users\awesome\appdata\roaming\MultiSkypeLauncher
2012-07-30 19:59:25 -------- d-----w- c:\program files\MultiSkypeLauncher
2012-07-30 17:39:36 -------- d-----w- c:\program files\VideoLAN
2012-07-30 14:54:55 -------- d-----w- c:\users\awesome\appdata\local\Microsoft Games
2012-07-30 14:53:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-30 14:53:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-30 14:52:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-30 14:51:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-07-30 14:51:10 -------- d-----w- c:\users\awesome\appdata\local\Microsoft Help
2012-07-30 05:21:51 -------- d-----w- c:\users\awesome\appdata\roaming\Gyazo
2012-07-29 10:47:44 -------- d-----w- c:\program files\Gyazo
2012-07-29 10:10:06 -------- d-----w- c:\users\awesome\appdata\roaming\Mumble
2012-07-29 09:11:59 -------- d-----w- c:\program files\Mumble
2012-07-29 09:11:16 -------- d-----w- c:\program files\Clownfish
2012-07-29 06:42:32 -------- d-----w- c:\windows\Panther
2012-07-29 06:42:17 -------- d-sh--w- C:\Boot
2012-07-29 05:17:35 -------- d-----w- c:\users\awesome\appdata\local\Macromedia
2012-07-29 05:07:32 -------- d-----w- c:\users\awesome\appdata\roaming\.techniclauncher
2012-07-29 05:06:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 05:06:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 03:57:05 -------- d-----w- c:\users\awesome\appdata\roaming\.minecraft
2012-07-29 03:41:06 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-29 03:39:36 -------- d-----w- c:\windows\system32\Wat
2012-07-29 03:35:23 -------- d-----w- c:\windows\PCHEALTH
2012-07-29 03:25:23 -------- d-----w- c:\program files\Synaptics
2012-07-29 03:18:20 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-29 03:18:20 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-29 03:18:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-29 03:18:20 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-29 03:18:03 -------- d-----r- c:\program files\Skype
2012-07-29 03:14:13 -------- d-----w- c:\program files\Oracle
2012-07-29 03:14:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-29 03:14:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-29 03:13:40 -------- d-sh--w- c:\windows\Installer
2012-07-29 03:11:19 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-29 03:04:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-07-29 03:04:44 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-07-29 03:04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-07-29 03:04:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-29 03:04:35 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-29 03:04:29 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-07-29 03:04:28 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-07-29 03:04:27 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-07-29 03:04:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-07-29 03:03:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-29 03:01:59 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-29 03:01:59 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-29 02:52:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-29 02:52:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-29 02:52:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-29 02:52:12 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 01:36:58 42208 ----a-w- c:\windows\system32\drivers\point32.sys
2012-06-26 06:03:32 68904 ----a-w- c:\windows\system32\CLEyeDevices.dll
2012-06-25 02:24:46 46432 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-06-11 17:50:42 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50:24 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 17:50:14 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 17:49:22 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-11 17:48:30 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-28 11:09:04 2104416 ----a-w- c:\windows\system32\coin91.dll
.
============= FINISH: 21:35:14.22 ===============
You do not have the required permissions to view the files attached to this post.
AwesomeAsColor
Active Member
 
Posts: 7
Joined: August 21st, 2012, 7:37 pm
Advertisement
Register to Remove

Re: Am I infected?

Unread postby Cypher » August 22nd, 2012, 5:56 am

Posting Logs as Attachments

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.

The section here explains why you should not post attachments unless the helper assisting you requests that you do so.

If you still require assistance, please start a new topic and copy and paste your DDS logs (DDS.txt and Attach.txt) and wait for a new helper. Thank you for your understanding.


This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware