Pretty spooked, possible virus?

**JakeKM** · 2014-06-04, 17:17

Okay, so 1-2 months ago I had the problem of my computer randomly typing on it's own, typing one of my passwords I use. It would happen randomly, never at a set time, and maybe once or twice a week max. It wouldn't open any programs or anything, just typed it in whatever I had selected at the moment. Sometimes it was in a video game I was playing, other times maybe my browser. At the time I ran various scans, Malwarebytes, Spybot, Herdprotect, Microsoft security essentials, Avast. I also deleted alot of unused programs, torrents, game mods, exc. No issues past that! Fastforward to yesterday, I came back to my computer, which was on a screensaver, I shook the mouse to wake the computer up, sat down, and in my browser it typed a few random letters and then "online". Opened up a google search and after that nothing happened. I did go through my virus scanners again yesterday. If this affects the logs I'll be posting I do apologize. I was terrified.

Thank you for any help, really appreciate it.

I do have a keyboard with macro functions, while I don't use the macro stuff I was hoping it may have something to do with. I do type "online" ALOT, reading books online, watching some shows online.

I have a saved erunt backup as asked.

Below is the DDS logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by JakeM at 7:13:46 on 2014-06-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12251.8197 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files (x86)\Glyph\GlyphClient.exe
C:\Program Files (x86)\Glyph\glyphcrashhandler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [Uninstall C:\Users\JakeM\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\JakeM\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\JakeM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Curse.lnk - C:\Users\JakeM\AppData\Roaming\Curse Client\Bin\Curse.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1D73608B-1E80-4A18-A1D8-CF7E86F284D6} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{368E7549-E7E9-4CE5-BB9E-090BAA8A0994} : DHCPNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{368E7549-E7E9-4CE5-BB9E-090BAA8A0994}\2656C6B696E6E2236323 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JakeM\AppData\Roaming\Mozilla\Firefox\Profiles\j9e2suox.default\
FF - prefs.js: browser.search.selectedEngine - appbario18 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-19 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-19 208416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-4-19 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-19 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-19 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-19 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-19 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-19 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-2-15 71032]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-2-15 384888]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-4-20 9216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-16 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-16 161560]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-12 255376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-3 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-3 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-3 171928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-16 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-2-9 59520]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-2-9 84736]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-5-16 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-16 646248]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-2-15 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-15 49152]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-5-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-16 79360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-24 410008]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-24 102808]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-12 1488448]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-2-16 128472]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-06-04 12:01:08 -------- d-----w- C:\Users\JakeM\6-4-2014
2014-06-03 22:40:33 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3000C9A1-E96D-439C-AC63-E203EA0FFFE3}\offreg.dll
2014-06-03 20:24:04 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3000C9A1-E96D-439C-AC63-E203EA0FFFE3}\mpengine.dll
2014-06-03 20:21:27 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-03 20:21:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-03 20:21:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-02 13:47:24 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-01 17:51:36 -------- d-----w- C:\Users\JakeM\AppData\Roaming\Curse Client
2014-06-01 17:51:24 -------- d-----w- C:\Users\JakeM\AppData\Roaming\Curse
2014-05-24 20:56:49 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B41DF5FF-E235-4E2E-9EA9-3A250F59B382}\gapaengine.dll
2014-05-24 12:38:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-24 04:35:13 -------- d-----w- C:\Riot Games
2014-05-24 04:33:37 -------- d-----w- C:\Users\JakeM\AppData\Roaming\Riot Games
2014-05-21 12:21:40 -------- d-----w- C:\Program Files (x86)\GPU-Z
2014-05-17 08:43:12 -------- d-----w- C:\Program Files\Ventrilo
2014-05-14 01:29:04 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 01:29:04 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2014-06-03 22:49:29 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-15 12:37:57 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 12:37:57 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-14 03:47:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:47:15 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 14:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 14:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 14:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-30 14:58:08 291760 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-30 14:58:08 291760 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-30 14:53:54 291488 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-30 00:24:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-04-19 23:30:56 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-19 23:30:56 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-19 23:30:56 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-19 23:30:56 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-19 23:30:56 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-19 23:30:55 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 18:08:39 100769 ----a-w- C:\Program Files (x86)\Uninstal.exe
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-04-24 10:55:44 49078969 ----a-w- C:\Program Files (x86)\RaiderZ_Setup.exe
2009-12-19 12:07:51 1302528 ----a-w- C:\Program Files (x86)\Softwrap.dll
2009-12-19 12:07:40 3306496 ----a-w- C:\Program Files (x86)\Game_Maker.exe
.
============= FINISH: 7:14:09.90 ===============

Below is the aswMBR logs

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-04 07:33:35
-----------------------------
07:33:35.262 OS Version: Windows x64 6.1.7601 Service Pack 1
07:33:35.262 Number of processors: 8 586 0x3A09
07:33:35.262 ComputerName: JAKEM-PC UserName: JakeM
07:33:38.359 Initialize success
07:33:41.328 AVAST engine defs: 14060301
07:33:54.166 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:33:54.169 Disk 0 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 3
07:33:54.252 Disk 0 MBR read successfully
07:33:54.255 Disk 0 MBR scan
07:33:54.259 Disk 0 Windows 7 default MBR code
07:33:54.262 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048
07:33:54.271 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936
07:33:54.275 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1888171 MB offset 40052736
07:33:54.298 Disk 0 scanning C:\Windows\system32\drivers
07:33:59.962 Service scanning
07:34:13.184 Modules scanning
07:34:13.193 Disk 0 trace - called modules:
07:34:13.208 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
07:34:13.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a782790]
07:34:13.220 3 CLASSPNP.SYS[fffff88001d1a43f] -> nt!IofCallDriver -> [0xfffffa800a2137e0]
07:34:13.226 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a2bd050]
07:34:15.707 AVAST engine scan C:\Windows
07:34:20.040 AVAST engine scan C:\Windows\system32
07:36:55.029 AVAST engine scan C:\Windows\system32\drivers
07:37:08.412 AVAST engine scan C:\Users\JakeM
07:56:40.929 AVAST engine scan C:\ProgramData
08:04:12.620 Scan finished successfully
08:05:03.286 Disk 0 MBR has been saved successfully to "C:\Users\JakeM\Desktop\MBR.dat"
08:05:03.304 The log file has been saved successfully to "C:\Users\JakeM\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-04 07:33:35
-----------------------------
07:33:35.262 OS Version: Windows x64 6.1.7601 Service Pack 1
07:33:35.262 Number of processors: 8 586 0x3A09
07:33:35.262 ComputerName: JAKEM-PC UserName: JakeM
07:33:38.359 Initialize success
07:33:41.328 AVAST engine defs: 14060301
07:33:54.166 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:33:54.169 Disk 0 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 3
07:33:54.252 Disk 0 MBR read successfully
07:33:54.255 Disk 0 MBR scan
07:33:54.259 Disk 0 Windows 7 default MBR code
07:33:54.262 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048
07:33:54.271 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936
07:33:54.275 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1888171 MB offset 40052736
07:33:54.298 Disk 0 scanning C:\Windows\system32\drivers
07:33:59.962 Service scanning
07:34:13.184 Modules scanning
07:34:13.193 Disk 0 trace - called modules:
07:34:13.208 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
07:34:13.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a782790]
07:34:13.220 3 CLASSPNP.SYS[fffff88001d1a43f] -> nt!IofCallDriver -> [0xfffffa800a2137e0]
07:34:13.226 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a2bd050]
07:34:15.707 AVAST engine scan C:\Windows
07:34:20.040 AVAST engine scan C:\Windows\system32
07:36:55.029 AVAST engine scan C:\Windows\system32\drivers
07:37:08.412 AVAST engine scan C:\Users\JakeM
07:56:40.929 AVAST engine scan C:\ProgramData
08:04:12.620 Scan finished successfully
08:05:03.286 Disk 0 MBR has been saved successfully to "C:\Users\JakeM\Desktop\MBR.dat"
08:05:03.304 The log file has been saved successfully to "C:\Users\JakeM\Desktop\aswMBR.txt"
08:15:18.871 Disk 0 MBR has been saved successfully to "C:\Users\JakeM\Desktop\MBR.dat"
08:15:18.874 The log file has been saved successfully to "C:\Users\JakeM\Desktop\aswMBR.txt"

**shelf life** · 2014-06-04, 23:58

Hi JakeKM,

Have you ever created a Macro for use with the keyboard? They would be stored somewhere on your machine. Is it a name brand keyboard like logitech? Then we could find the default save location. Malware, I suppose its possible but effective malware runs under the surface and would never launch a app and start typing letters, maybe if its some script kiddie Remote Access Trojan (RAT). I will get a better look at the info in the logs.

**JakeKM** · 2014-06-05, 00:39

Originally Posted by shelf life

Hi JakeKM,

Have you ever created a Macro for use with the keyboard? They would be stored somewhere on your machine. Is it a name brand keyboard like logitech? Then we could find the default save location. Malware, I suppose its possible but effective malware runs under the surface and would never launch a app and start typing letters, maybe if its some script kiddie Remote Access Trojan (RAT). I will get a better look at the info in the logs.

Hey thanks for the response, so I found the support page for my keyboard, found the folder and there are two macros in there. Looked more into it and one of them does spell out my old password from the issue I had a couple months ago

May have made it by accident, I do not know. Deleted it. The other macro was NOT what my computer typed in yesterday morning however. So we solved one of the ghost typing incidents. The other is unexplained still.

Thanks for the tip on looking into the macro function. Still worried about the other case though.

**JakeKM** · 2014-06-05, 01:06

Originally Posted by JakeKM

Hey thanks for the response, so I found the support page for my keyboard, found the folder and there are two macros in there. Looked more into it and one of them does spell out my old password from the issue I had a couple months ago

May have made it by accident, I do not know. Deleted it. The other macro was NOT what my computer typed in yesterday morning however. So we solved one of the ghost typing incidents. The other is unexplained still.

Thanks for the tip on looking into the macro function. Still worried about the other case though.

Scratch all this. I went through the second one again and the second part is in the macro. I'm going to disable the macro functions. Thanks for your time and help. REALLY appreciate it.

**shelf life** · 2014-06-05, 03:13

Ok, your welcome. On a side note you have two antivirus installed, MS Security Essentials and Avast. Only need one active AV on a machine, I would remove one via the add/remove programs panel. I would keep Avast and remove MSSE myself.
Happy Safe surfing out there.

Thread: Pretty spooked, possible virus?

Thread Tools

Display

Pretty spooked, possible virus?

Posting Permissions