I was running WAMPServer and entering data. Then wamp 'crashed'. The contents of index.php in www folder was replaced by some other code by the hacker. There are website address in that file.
I checked one out and it is a French language site. There was also some email addresses. I sent an email to one. I'll see if they reply.
I uninstalled Wamp but the C:\wamp folder is still there. So I tried to delete it.
I got a permission denied error.
Here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 11.91.2
Run by worlD123 at 14:41:39 on 2016-09-18
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.2.1033.18.2038.771 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\wamp\wampmanager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUICnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-System: EnableLUA = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\world123\appdata\roaming\mozilla\firefox\profiles\9ip8nyz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2016-1-1 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2016-1-1 224616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-3-22 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2016-1-1 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-1-1 434144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-1-1 92256]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-8-30 197128]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2016-1-1 184592]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-1-1 34008]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-09-16 23:14:29 49608 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2016-09-16 23:14:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2016-09-16 23:14:29 19912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2016-09-16 23:14:29 109000 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2016-09-16 23:14:22 170952 ----a-w- c:\program files\mozilla firefox\mozavutil.dll
2016-09-16 23:14:22 1546184 ----a-w- c:\program files\mozilla firefox\mozavcodec.dll
2016-09-16 09:04:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\offreg.976.dll
2016-09-16 08:44:46 9654712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\mpengine.dll
2016-08-30 11:10:30 53208 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2016-09-13 19:23:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-13 19:23:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 11:11:19 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-30 11:10:40 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-30 11:10:40 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-30 11:10:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-30 11:10:40 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-08-30 11:10:40 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-30 11:10:19 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-07-26 21:24:26 406184 ------w- c:\windows\system32\MpSigStub.exe
2016-06-30 09:28:00 921280 ----a-w- c:\windows\ucrtbase.dll
.
============= FINISH: 14:42:42.86 ===============
The Attach File is attached.
I checked one out and it is a French language site. There was also some email addresses. I sent an email to one. I'll see if they reply.
I uninstalled Wamp but the C:\wamp folder is still there. So I tried to delete it.
I got a permission denied error.
Here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 11.91.2
Run by worlD123 at 14:41:39 on 2016-09-18
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.2.1033.18.2038.771 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\wamp\wampmanager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUICnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-System: EnableLUA = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\world123\appdata\roaming\mozilla\firefox\profiles\9ip8nyz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2016-1-1 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2016-1-1 224616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-3-22 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2016-1-1 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-1-1 434144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-1-1 92256]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-8-30 197128]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2016-1-1 184592]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-1-1 34008]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-09-16 23:14:29 49608 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2016-09-16 23:14:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2016-09-16 23:14:29 19912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2016-09-16 23:14:29 109000 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2016-09-16 23:14:22 170952 ----a-w- c:\program files\mozilla firefox\mozavutil.dll
2016-09-16 23:14:22 1546184 ----a-w- c:\program files\mozilla firefox\mozavcodec.dll
2016-09-16 09:04:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\offreg.976.dll
2016-09-16 08:44:46 9654712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\mpengine.dll
2016-08-30 11:10:30 53208 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2016-09-13 19:23:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-13 19:23:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 11:11:19 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-30 11:10:40 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-30 11:10:40 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-30 11:10:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-30 11:10:40 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-08-30 11:10:40 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-30 11:10:19 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-07-26 21:24:26 406184 ------w- c:\windows\system32\MpSigStub.exe
2016-06-30 09:28:00 921280 ----a-w- c:\windows\ucrtbase.dll
.
============= FINISH: 14:42:42.86 ===============
The Attach File is attached.