Jump to content

CollinsUCC

Members
 View Profile  See their activity

  • Posts

    19

  • Joined

  • Last visited

 Content Type 

Everything posted by CollinsUCC

  1. CollinsUCC
    Thank you very much for helping me remove the trojan! I shall be sending a donation very soon! Thanks again
  2. CollinsUCC
    Ok here's the log from the security check: Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Norton 360 Premier Edition WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  3. CollinsUCC
    Oh wow really?? Thank you! Ok I'm very ready for cleanup
  4. CollinsUCC
    Here's the log from Farbar: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013 Ran by Micheal at 2013-09-28 21:21:07 Run:2 Running from C:\Users\Micheal\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe C:\Users\Micheal\AppData\Local\Temp\RarSFX3\Svchost.exe C:\Users\Micheal\AppData\Roaming\data\Svchost.exe C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk C:\Users\Micheal\AppData\Roaming\data\calculator.exe C:\Users\Micheal\AppData\Roaming\data\miner.dll C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll C:\Users\Micheal\AppData\Roaming\data\coinutil.dll C:\Users\Micheal\AppData\Roaming\data\openssl.dll C:\Users\Micheal\AppData\Roaming\data\phatk.cl C:\Users\Micheal\AppData\Roaming\data\Adobe.bat C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il C:\Users\Micheal\AppData\Roaming\data\btc.il C:\Users\Micheal\AppData\Roaming\data\phatk.ptx C:\Users\Micheal\AppData\Roaming\data ***************** C:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe => Moved successfully. Could not move "C:\Users\Micheal\AppData\Local\Temp\RarSFX3\Svchost.exe" => Scheduled to move on reboot. Could not move "C:\Users\Micheal\AppData\Roaming\data\Svchost.exe " => Scheduled to move on reboot. C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe => Moved successfully. C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\calculator.exe => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\miner.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\coinutil.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\openssl.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\phatk.cl => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Adobe.bat => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\btc.il => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\phatk.ptx => Moved successfully. C:\Users\Micheal\AppData\Roaming\data => Moved successfully. =========== Result of Scheduled Files to move =========== C:\Users\Micheal\AppData\Local\Temp\RarSFX3\Svchost.exe => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Svchost.exe => Is moved successfully. ==== End of Fixlog ==== ~~~~~~~~~~~~~~~~~~~~~~~~ And here's the log from Malwarebytes: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.28.10 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Micheal :: MICHEALS [administrator] 28/09/2013 21:29:01 mbam-log-2013-09-28 (21-29-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222188 Time elapsed: 2 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Is it a bad thing it found nothing? Everything seemd to be ok for the moment! CPU and GPU are idle and the folder AppData/Roaming/data is gone . . . would a full scan of malwarebytes be any good? Where did Farbar move the files to? Thank you, CollinsUCC
  5. CollinsUCC
    Ok so the log didn't update after I pressed finish but I was able to export the results if that's any good? Here's the export: C:\FRST\Quarantine\miner.dll probably a variant of Win32/BitCoinMiner.H applicationC:\FRST\Quarantine\Svchost.exe probably a variant of Win32/BitCoinMiner.H applicationC:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe probably a variant of Win32/BitCoinMiner.H applicationC:\Users\Micheal\AppData\Local\Temp\RarSFX3\Svchost.exe probably a variant of Win32/BitCoinMiner.H applicationC:\Users\Micheal\AppData\Roaming\data\miner.dll probably a variant of Win32/BitCoinMiner.H applicationC:\Users\Micheal\AppData\Roaming\data\Svchost.exe probably a variant of Win32/BitCoinMiner.H applicationC:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe probably a variant of Win32/BitCoinMiner.H applicationOperating memory multiple threats Hope this helps
  6. CollinsUCC
    Will I press finish on the ESET scanner? The scan is finished but there's nothing in the log? Will it be updated if I finish? Log: ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK
  7. CollinsUCC
    Here's the SystemLook log: SystemLook 30.07.11 by jpshortstuff Log created at 16:47 on 28/09/2013 by Micheal Administrator - Elevation successful ========== Filefind ========== Searching for "nslookup.exe" C:\Windows\System32\nslookup.exe --a---- 130560 bytes [02:11 26/07/2012] [03:08 26/07/2012] 71195133DEB84F22938F404C2ED26C7D C:\Windows\SysWOW64\nslookup.exe --a---- 111104 bytes [02:17 26/07/2012] [03:20 26/07/2012] 556F24DFDFC1907D644C20B187DF5F38 C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.2.9200.16384_none_244a1b54f036c47c\nslookup.exe --a---- 130560 bytes [02:11 26/07/2012] [03:08 26/07/2012] 71195133DEB84F22938F404C2ED26C7D C:\Windows\WinSxS\x86_microsoft-windows-nslookup_31bf3856ad364e35_6.2.9200.16384_none_c82b7fd137d95346\nslookup.exe --a---- 111104 bytes [02:17 26/07/2012] [03:20 26/07/2012] 556F24DFDFC1907D644C20B187DF5F38 -= EOF =- ~~~~~~~~~~~~~~~~ ESET scanner is still scanning, 93%
  8. CollinsUCC
    The only program I could find with the nslookup.exe search was the calculator application within the folder AppData which was already scanned by virustotal. https://www.virustotal.com/en/file/7ef95f5d242d59624fc06238202890afd05773181e7122a4451b60fbd3deeb3b/analysis/ ~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Quickscan log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.28.06 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688Micheal :: MICHEALS [administrator] 28/09/2013 15:10:00mbam-log-2013-09-28 (15-10-00).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222517Time elapsed: 4 minute(s), 16 second(s) Memory Processes Detected: 1C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> 6696 -> Delete on reboot. Memory Modules Detected: 4C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot. Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Users\Micheal\AppData\Roaming\data (Trojan.Bitminer) -> Delete on reboot. Files Detected: 13C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\phatk.cl (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Adobe.bat (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\btc.il (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\phatk.ptx (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Svchost.exe (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk (Trojan.Agent) -> Quarantined and deleted successfully. After the reboot the folders are back but now's there 2 nslookup.exe's, one that links to calcualator and one that links to mstsc??? ~~~~~~~~~~~~~~~~~~~~~ ESET online scanner is currently scanning and I'll post the logs when it's finished. It has found 7 threats so far that I've never seen before . . . "BitCoinMinerH application". I''l post when it's finished
  9. CollinsUCC
    I'm so sorry! I havent been able to access the forum for the past day! Thanks for staying with me. In regards to your question, yes and no. . . . All programs in the task manager are running idle, but, if I kill the process "nslookup.exe" my screen flashes (and my nvidia driver restarts) and GPU returns to normal . . . only for about 2-3 mins, then nslookup.exe starts again, ill attatch a screen shot. Oh and also, the folder ".../Users/AppData/Roaming/data" where Trojans are is back. Any other suggestions? Here's the pic, my apologies but its the best I could do.
  10. CollinsUCC
    Oh and the GPU is still 100%
  11. CollinsUCC
    No I did not as it did not find anything harmfull. If your referring to the quick scan I did yesterday before the FARBAR fix yes I did.
  12. CollinsUCC
    Malwarebytes found nothing Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.26.05 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688Micheal :: MICHEALS [administrator] 26/09/2013 16:31:56mbam-log-2013-09-26 (16-31-56).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 4 minute(s), 30 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  13. CollinsUCC
    Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013 Ran by Micheal at 2013-09-26 09:46:10 Run:1 Running from C:\Users\Micheal\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Micheal\Downloads\coretemp_1236.exe C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe C:\Users\Micheal\AppData\Roaming\data\miner.dll C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll C:\Users\Micheal\AppData\Roaming\data\phatk.cl . C:\Users\Micheal\AppData\Roaming\data\Adobe.bat C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il C:\Users\Micheal\AppData\Roaming\data\btc.il C:\Users\Micheal\AppData\Roaming\data\calculator.exe C:\Users\Micheal\AppData\Roaming\data\coinutil.dll C:\Users\Micheal\AppData\Roaming\data\mstsc.exe C:\Users\Micheal\AppData\Roaming\data\openssl.dll C:\Users\Micheal\AppData\Roaming\data\phatk.ptx C:\Users\Micheal\AppData\Roaming\data\Svchost.exe C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk C:\Users\Micheal\AppData\Roaming\data\calculator.exe C:\Users\Micheal\AppData\Roaming\data\mstsc.exe C:\Users\Micheal\AppData\Roaming\data\miner.dll C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll C:\Users\Micheal\AppData\Roaming\data\coinutil.dll C:\Users\Micheal\AppData\Roaming\data\openssl.dll C:\Users\Micheal\AppData\Roaming\data ***************** "C:\Users\Micheal\Downloads\coretemp_1236.exe " => File/Directory not found. "C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe " => File/Directory not found. C:\Users\Micheal\AppData\Roaming\data\miner.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\phatk.cl . => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Adobe.bat => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\btc.il => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\calculator.exe => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\coinutil.dll => Moved successfully. "C:\Users\Micheal\AppData\Roaming\data\mstsc.exe " => File/Directory not found. C:\Users\Micheal\AppData\Roaming\data\openssl.dll => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\phatk.ptx => Moved successfully. C:\Users\Micheal\AppData\Roaming\data\Svchost.exe => Moved successfully. C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk => Moved successfully. "C:\Users\Micheal\AppData\Roaming\data\calculator.exe " => File/Directory not found. "C:\Users\Micheal\AppData\Roaming\data\mstsc.exe " => File/Directory not found. "C:\Users\Micheal\AppData\Roaming\data\miner.dll " => File/Directory not found. "C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll " => File/Directory not found. "C:\Users\Micheal\AppData\Roaming\data\coinutil.dll " => File/Directory not found. "C:\Users\Micheal\AppData\Roaming\data\openssl.dll " => File/Directory not found. C:\Users\Micheal\AppData\Roaming\data => Moved successfully. ==== End of Fixlog ====
  14. CollinsUCC
    I couldn't paste so I attatched both, sorry for the late reply FRST.txt Addition.txt
  15. CollinsUCC
    Ok after reboot, two nslookup.exe's are still running, GPU is still on full load and CPU is at 75% and the files in ...../Roaming/data are still there .
  16. CollinsUCC
    Ok system restore done, here's the adwcleaner log: # AdwCleaner v3.005 - Report created 26/09/2013 at 00:57:05# Updated 22/09/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Micheal - MICHEALS# Running from : C:\Users\Micheal\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16688 -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [887 octets] - [26/09/2013 00:54:38]AdwCleaner[s0].txt - [813 octets] - [26/09/2013 00:57:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [872 octets] ########## And heres the log file from Malwarebytes, looks pretty scary! Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.25.09 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688Micheal :: MICHEALS [administrator] 26/09/2013 01:04:58mbam-log-2013-09-26 (01-04-58).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222158Time elapsed: 3 minute(s), 18 second(s) Memory Processes Detected: 2C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> 3380 -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\mstsc.exe (Trojan.Bitminer) -> 4116 -> Delete on reboot. Memory Modules Detected: 4C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot. Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Users\Micheal\AppData\Roaming\data (Trojan.Bitminer) -> Delete on reboot. Files Detected: 16C:\Users\Micheal\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\phatk.cl (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Adobe.bat (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\btc.il (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\mstsc.exe (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.C:\Users\Micheal\AppData\Roaming\data\phatk.ptx (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\data\Svchost.exe (Trojan.Bitminer) -> Quarantined and deleted successfully.C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  17. CollinsUCC
    Oh apologies about that! Here's the log: RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Micheal [Admin rights]Mode : Scan -- Date : 09/25/2013 21:26:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 2 ¤¤¤[Micheal][sUSP PATH] Adobe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk @C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe [-][-] -> FOUND[Micheal][HJNAME] Svchost.exe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk @C:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe [-][x] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD10JPVT-75A1YT0 +++++--- User ---[MBR] e42b76d1a2c81f34e30e83721b6b2e71[bSP] 86314bb338cf52113c8ccf82cc418ab0 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09252013_212657.txt >>
  18. CollinsUCC
    .Thanks for the quick reply, The 2 DDS files are below: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 19/09/2013 18:45:58 System Uptime: 25/09/2013 15:41:01 (1 hours ago) . Motherboard: Dell Inc. | | 072P0M Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 930 GiB total, 860.186 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP4: 23/09/2013 02:20:55 - Installed Microsoft Flight Simulator X . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) 8GadgetPack CCleaner Core Temp 1.0 RC5 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Dell Touchpad FileZilla Client 3.7.3 Google Chrome Google Update Helper IDT Audio Intel PROSet Wireless Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Turbo Boost Technology Monitor 2.6 Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Flight Simulator X Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Español Microsoft Office Shared 32-bit MUI (English) 2013 Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft SkyDrive Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word MUI (English) 2013 MSXML 4.0 SP2 Parser and SDK Norton 360 Notepad++ NVIDIA Control Panel 327.23 NVIDIA Graphics Driver 327.23 NVIDIA Install Application NVIDIA Optimus 8.3.14 NVIDIA PhysX NVIDIA PhysX System Software 9.13.0725 NVIDIA Update Components Outils de vérification linguistique 2013 de Microsoft Office - Français Quickset64 Rayman Legends Realtek USB 2.0 Card Reader RocketDock 1.3.5 StartIsBack Steam Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition Update for Microsoft Office 2013 (KB2810014) 64-Bit Edition Update for Microsoft Office 2013 (KB2810017) 64-Bit Edition Update for Microsoft Office 2013 (KB2810018) 64-Bit Edition Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2767865) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition Uplay VLC media player 2.0.8 XBMC . ==== Event Viewer Messages From Past Week ======== . 24/09/2013 23:42:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 24/09/2013 23:42:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "Unavailable" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} 24/09/2013 23:42:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 24/09/2013 23:41:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 24/09/2013 23:41:55, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 24/09/2013 23:40:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 24/09/2013 18:56:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} 24/09/2013 18:54:01, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 23/09/2013 22:53:55, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). 23/09/2013 18:45:50, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s). 23/09/2013 18:44:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004fb7cdf, 0xfffff880033404a8, 0xfffff8800333fce0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092313-33281-01. 23/09/2013 17:10:04, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 22/09/2013 19:38:49, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The component store has been corrupted. 20/09/2013 17:09:30, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 20/09/2013 13:47:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service. 20/09/2013 13:47:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service. 20/09/2013 10:52:38, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126 20/09/2013 10:52:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 20/09/2013 10:52:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 20/09/2013 10:51:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service. 20/09/2013 10:50:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service. 20/09/2013 10:21:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. 20/09/2013 10:20:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 20/09/2013 10:20:36, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 20/09/2013 09:52:54, Error: BTHUSB [30] - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled. 19/09/2013 18:48:06, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 19/09/2013 18:18:50, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed 19/09/2013 18:18:50, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005. 19/09/2013 18:16:55, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready. 19/09/2013 18:12:16, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File =========================== and DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688 Run by Micheal at 16:01:58 on 2013-09-25 Microsoft Windows 8 6.2.9200.0.1252.44.1033.18.6004.3819 [GMT 1:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Users\Micheal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskmgr.exe C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE C:\Program Files\Microsoft Office\Office15\MsoSync.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\IPS\ipsbho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coieplg.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [skyDrive] "C:\Users\Micheal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe.lnk - C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SVCHOS~1.LNK - C:\Users\Micheal\AppData\Local\Temp\RarSFX2\Svchost.exe StartupFolder: C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll TCP: NameServer = 89.101.160.5 89.101.160.4 TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193} : DHCPNameServer = 89.101.160.5 89.101.160.4 TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\140707470213 : DHCPNameServer = 192.168.88.1 TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\140707470233 : DHCPNameServer = 192.168.88.1 TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\4584C4020527F6027583B2 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\67F6461666F6E656D254635344 : DHCPNameServer = 192.168.1.1 0.0.0.0 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832] R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-9-23 32032] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1500010.003\SymDS64.sys [2013-9-20 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1500010.003\SymEFA64.sys [2013-9-20 1147480] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336] R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1500010.003\ccSetx64.sys [2013-9-20 150104] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20130924.001\IDSviA64.sys [2013-9-25 520280] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\Ironx64.sys [2013-9-20 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\symnets.sys [2013-9-20 590424] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-9-20 1091520] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-9-20 1112000] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-20 7168] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-9-20 2451456] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-20 166720] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe [2013-9-20 264360] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-20 365376] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344] R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-9-20 110592] R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-9-20 825344] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-20 140376] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-9-20 55848] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-9-20 342528] R3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\SymELAM.sys [2013-9-20 23568] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-9-20 315536] S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088] . =============== Created Last 30 ================ . 2013-09-24 22:44:54 -------- d-----w- C:\Users\Micheal\AppData\Roaming\data 2013-09-24 17:52:51 -------- d-----w- C:\Windows\pss 2013-09-24 12:40:09 -------- d-----w- C:\Users\Micheal\AppData\Local\Ubisoft Game Launcher 2013-09-24 12:25:28 -------- d-----w- C:\Users\Micheal\AppData\Roaming\NVIDIA 2013-09-23 23:04:15 -------- d-----w- C:\Windows\SysWow64\NV 2013-09-23 23:04:15 -------- d-----w- C:\Windows\System32\NV 2013-09-23 23:04:00 920864 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-09-23 23:04:00 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2013-09-23 23:04:00 6599968 ----a-w- C:\Windows\System32\nvcpl.dll 2013-09-23 23:04:00 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-09-23 23:04:00 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-09-23 23:04:00 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-09-23 23:04:00 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-09-23 23:04:00 219424 ----a-w- C:\Windows\System32\nvmctray.dll 2013-09-23 23:04:00 1042208 ----a-w- C:\Windows\System32\nv3dappshext.dll 2013-09-23 23:03:26 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-09-23 22:04:18 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP 2013-09-23 20:59:29 -------- d-----w- C:\ProgramData\Steam 2013-09-23 20:59:28 -------- d-----w- C:\ProgramData\Orbit 2013-09-23 20:48:59 -------- d--h--w- C:\Windows\msdownld.tmp 2013-09-23 20:48:50 -------- d-----w- C:\Windows\SysWow64\directx 2013-09-23 20:17:45 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Malwarebytes 2013-09-23 20:17:35 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-23 20:17:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-23 20:17:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-23 15:55:08 -------- d--h--w- C:\SkyDriveTemp 2013-09-23 15:46:20 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive 2013-09-23 15:46:16 -------- d-----r- C:\Users\Micheal\SkyDrive 2013-09-23 15:46:07 -------- d-----w- C:\ProgramData\Microsoft SkyDrive 2013-09-23 15:20:25 -------- d-----w- C:\Users\Micheal\AppData\Roaming\XBMC 2013-09-23 15:17:26 -------- d-----w- C:\Program Files (x86)\Rayman Legends 2013-09-23 14:44:59 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll 2013-09-23 14:44:59 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe 2013-09-23 14:44:59 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2013-09-23 14:44:59 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-09-23 14:44:59 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll 2013-09-23 14:44:59 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-09-23 14:40:24 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-23 14:40:24 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-23 14:16:33 -------- d-----w- C:\Users\Micheal\AppData\Local\Programs 2013-09-23 14:11:04 144896 ----a-w- C:\Windows\System32\tssdisai.dll 2013-09-23 01:53:59 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-09-23 01:53:59 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-09-23 01:35:25 109568 ----a-w- C:\Windows\System32\dskquota.dll 2013-09-23 01:35:24 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll 2013-09-23 01:24:01 -------- d-----w- C:\Program Files (x86)\Microsoft Games 2013-09-23 01:18:49 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll 2013-09-23 01:18:49 677888 ----a-w- C:\Windows\System32\mfnetcore.dll 2013-09-23 01:18:49 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll 2013-09-23 01:18:49 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll 2013-09-23 01:18:48 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll 2013-09-23 01:18:48 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll 2013-09-22 23:43:59 785408 ----a-w- C:\Windows\System32\audiosrv.dll 2013-09-22 23:41:30 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys 2013-09-22 23:41:13 2397184 ----a-w- C:\Windows\System32\WpcMon.exe 2013-09-22 23:41:09 3847168 ----a-w- C:\Windows\System32\d2d1.dll 2013-09-22 23:41:05 3964416 ----a-w- C:\Windows\System32\WinSAT.exe 2013-09-22 23:39:58 98816 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-22 23:37:58 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll 2013-09-22 23:36:39 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll 2013-09-22 19:52:11 -------- d-----w- C:\Users\Micheal\VirtualBox VMs 2013-09-22 19:51:41 -------- d-----w- C:\Users\Micheal\.VirtualBox 2013-09-22 19:39:23 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-09-22 19:39:09 119056 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-09-22 19:07:36 -------- d-----w- C:\Users\Micheal\AppData\Roaming\IDT 2013-09-22 18:33:59 -------- d-----r- C:\Windows\BrowserChoice 2013-09-21 20:21:17 99840 ----a-w- C:\Program Files\Windows Sidebar\wlsrvc.dll 2013-09-21 20:21:17 83456 ----a-w- C:\Program Files\Windows Sidebar\sbdrop.dll 2013-09-21 20:21:17 487424 ----a-w- C:\Program Files\Windows Sidebar\8GadgetPack.exe 2013-09-21 20:21:17 1371648 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe 2013-09-21 20:21:13 77824 ----a-w- C:\Program Files (x86)\Windows Sidebar\sbdrop.dll 2013-09-21 20:21:13 63488 ----a-w- C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll 2013-09-21 20:21:13 150016 ----a-w- C:\Program Files\Windows Sidebar\dwmapi.dll 2013-09-21 20:21:13 134144 ----a-w- C:\Program Files (x86)\Windows Sidebar\dwmapi.dll 2013-09-21 20:21:13 1144832 ----a-w- C:\Program Files (x86)\Windows Sidebar\sidebar.exe 2013-09-21 20:16:46 -------- d-----w- C:\Windows\AutoKMS 2013-09-21 20:16:20 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2013-09-21 19:58:18 -------- d-----w- C:\Program Files\Core Temp 2013-09-21 19:51:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2013-09-21 19:50:56 -------- d-----w- C:\Windows\PCHEALTH 2013-09-21 19:50:56 -------- d-----w- C:\Program Files\Microsoft SQL Server 2013-09-21 19:48:06 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2013-09-21 19:48:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-09-21 19:47:51 -------- d-----w- C:\Users\Micheal\AppData\Local\Microsoft Help 2013-09-21 19:46:44 -------- d-----w- C:\Users\Micheal\AppData\Local\NVIDIA 2013-09-21 19:34:53 -------- d-----w- C:\Program Files (x86)\RocketDock 2013-09-21 03:31:22 -------- d-----w- C:\Windows\System32\MRT 2013-09-21 02:01:58 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-09-21 02:00:38 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-09-21 01:59:04 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-09-21 01:59:04 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-09-21 01:59:00 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-09-21 01:59:00 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-09-21 01:57:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll 2013-09-21 01:57:52 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll 2013-09-21 01:44:38 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-09-21 01:43:59 945152 ----a-w- C:\Windows\System32\resetengmig.dll 2013-09-21 01:43:59 443392 ----a-w- C:\Windows\System32\ReAgent.dll 2013-09-21 01:43:59 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-09-21 01:43:59 132096 ----a-w- C:\Windows\System32\sysreset.exe 2013-09-21 01:43:59 1011200 ----a-w- C:\Windows\System32\reseteng.dll 2013-09-21 01:43:47 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-09-21 01:43:47 112872 ----a-w- C:\Windows\System32\consent.exe 2013-09-21 01:43:43 405504 ----a-w- C:\Windows\System32\pcasvc.dll 2013-09-21 01:43:43 31232 ----a-w- C:\Windows\System32\pcadm.dll 2013-09-21 01:43:43 13312 ----a-w- C:\Windows\System32\pcalua.exe 2013-09-21 01:43:43 11776 ----a-w- C:\Windows\System32\pcaevts.dll 2013-09-21 01:39:53 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-09-21 01:37:45 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-09-21 01:36:57 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-09-21 01:35:58 4038144 ----a-w- C:\Windows\System32\win32k.sys 2013-09-21 01:33:49 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin 2013-09-20 16:32:25 -------- d-----w- C:\Users\Micheal\AppData\Roaming\uTorrent 2013-09-20 16:13:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation 2013-09-20 16:13:20 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Intel Corporation 2013-09-20 16:00:09 -------- d-----w- C:\temp 2013-09-20 15:56:39 -------- d-----w- C:\Users\Micheal\AppData\Local\CrashDumps 2013-09-20 15:55:03 277024 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe 2013-09-20 15:55:03 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2817.dll 2013-09-20 15:55:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll 2013-09-20 15:55:02 28672 ----a-w- C:\Windows\System32\igfxexps.dll 2013-09-20 15:55:00 11157504 ----a-w- C:\Windows\SysWow64\igd10umd32.dll 2013-09-20 15:54:59 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys 2013-09-20 15:54:59 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll 2013-09-20 15:49:01 -------- d-----w- C:\Program Files (x86)\Cisco 2013-09-20 09:33:16 -------- d--h--w- C:\Windows\System32\WLANProfiles 2013-09-20 09:33:00 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Intel 2013-09-20 09:32:33 -------- d-----w- C:\Users\Micheal\Roaming 2013-09-20 09:32:33 -------- d-----w- C:\ProgramData\Roaming 2013-09-20 09:25:39 -------- d-----w- C:\ProgramData\Intel.sav 2013-09-20 09:23:12 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2013-09-20 09:22:56 825344 ----a-w- C:\Windows\System32\drivers\btmhsf.sys 2013-09-20 09:22:56 55848 ----a-w- C:\Windows\System32\drivers\iBtFltCoex.sys 2013-09-20 09:22:56 1721216 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2013-09-20 09:22:56 110592 ----a-w- C:\Windows\System32\drivers\btmaux.sys 2013-09-20 09:19:00 -------- d-----w- C:\Program Files\DellTPad 2013-09-20 09:18:13 113048 ----a-w- C:\Windows\System32\Vxdif.dll 2013-09-20 09:18:11 445304 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys 2013-09-20 09:16:31 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-09-20 09:16:31 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-09-20 09:15:48 854616 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\srtsp64.sys 2013-09-20 09:15:48 590424 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\symnets.sys 2013-09-20 09:15:48 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymDS64.sys 2013-09-20 09:15:48 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\srtspx64.sys 2013-09-20 09:15:48 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\Ironx64.sys 2013-09-20 09:15:48 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymELAM.sys 2013-09-20 09:15:48 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymEFA64.sys 2013-09-20 09:15:47 150104 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\ccSetx64.sys 2013-09-20 09:15:07 -------- d-----w- C:\Windows\System32\drivers\N360x64\1500010.003 2013-09-20 09:15:07 -------- d-----w- C:\Windows\System32\drivers\N360x64 2013-09-20 09:15:05 -------- d-----w- C:\Program Files (x86)\Norton 360 2013-09-20 09:14:47 -------- d-----w- C:\ProgramData\NortonInstaller 2013-09-20 09:14:47 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2013-09-20 09:14:33 -------- d-----w- C:\Windows\SysWow64\sda 2013-09-20 09:14:24 315536 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys 2013-09-20 09:14:23 9888912 ----a-w- C:\Windows\SysWow64\RtsUVStoricon.dll 2013-09-20 09:14:23 -------- d-----w- C:\Program Files (x86)\Realtek 2013-09-20 09:09:52 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2013-09-20 09:09:52 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2013-09-20 09:08:26 -------- d-----w- C:\Program Files\CCleaner 2013-09-20 09:08:23 -------- d-----w- C:\Program Files (x86)\XBMC 2013-09-20 09:07:41 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-09-20 09:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2013-09-20 09:07:26 -------- d-----w- C:\Program Files (x86)\Steam 2013-09-20 09:06:51 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2013-09-20 09:05:48 -------- d-----w- C:\ProgramData\Norton 2013-09-20 09:05:19 -------- d-----w- C:\Users\Micheal\AppData\Local\Google 2013-09-20 08:59:22 -------- d-----w- C:\Users\Micheal\AppData\Local\Sidebar7 2013-09-20 08:57:07 -------- d-----w- C:\Program Files (x86)\StartIsBack 2013-09-20 08:54:14 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll 2013-09-20 08:53:44 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2013-09-20 08:52:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2013-09-20 08:49:54 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-09-20 08:49:23 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-09-20 08:48:52 540160 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2013-09-20 08:48:51 450048 ----a-w- C:\Windows\System32\stcplx64.dll 2013-09-20 08:48:49 656896 ------w- C:\Windows\System32\stapi64.dll 2013-09-20 08:48:49 255488 ----a-w- C:\Windows\System32\st646418.dll 2013-09-20 08:48:49 1988096 ----a-w- C:\Windows\System32\stapo64.dll 2013-09-20 08:48:48 734720 ----a-w- C:\Windows\SysWow64\IMAPO32.dll 2013-09-20 08:48:48 576856 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll 2013-09-20 08:48:48 339288 ----a-w- C:\Windows\System32\MaxxAudioAPO3064.dll 2013-09-20 08:48:47 -------- d-----w- C:\Program Files\IDT 2013-09-20 02:11:08 -------- d-----w- C:\Windows\Panther 2013-09-20 02:01:20 -------- d-----w- C:\Windows.old 2013-09-19 18:41:23 56832 ----a-w- C:\Windows\System32\OpenCL.dll 2013-09-19 18:41:23 56320 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-09-19 18:40:54 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-09-19 18:40:54 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-09-19 18:11:34 -------- d-----w- C:\Program Files\Dell 2013-09-19 17:47:05 -------- d-----r- C:\Users\Micheal\Searches 2013-09-19 17:47:05 -------- d-----r- C:\Users\Micheal\Contacts 2013-09-19 17:46:14 -------- d-----w- C:\Users\Micheal\AppData\Local\VirtualStore 2013-09-19 17:46:07 -------- d-----w- C:\Users\Micheal\AppData\Local\Packages 2013-09-19 17:46:06 -------- d-----w- C:\ProgramData\PRICache 2013-09-19 17:22:19 -------- d-sh--w- C:\Recovery 2013-09-06 13:25:40 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-09-06 13:25:38 204048 ------w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-08-27 13:19:31 1841513 ----a-w- C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe . ==================== Find3M ==================== . 2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys 2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll 2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe 2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe 2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe 2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll 2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll 2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll 2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll 2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll 2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll 2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll 2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll 2013-08-10 05:21:51 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-08-10 05:21:51 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-08-10 03:58:51 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-08-03 06:40:49 462336 ----a-w- C:\Windows\System32\sysmon.ocx 2013-08-03 06:40:17 566784 ----a-w- C:\Windows\System32\wvc.dll 2013-08-03 06:40:01 1374208 ----a-w- C:\Windows\System32\wdc.dll 2013-08-03 05:14:15 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx 2013-08-03 05:13:57 437248 ----a-w- C:\Windows\SysWow64\wvc.dll 2013-08-03 05:13:43 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll 2013-08-02 06:28:29 10116608 ----a-w- C:\Windows\System32\twinui.dll 2013-08-02 06:26:53 2304512 ----a-w- C:\Windows\System32\authui.dll 2013-08-02 05:08:18 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-08-02 05:06:50 2035712 ----a-w- C:\Windows\SysWow64\authui.dll 2013-08-01 10:41:31 2233688 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-07-27 03:58:39 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-07-24 23:10:08 158208 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-07-24 23:06:39 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll 2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll 2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll 2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll 2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll 2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys 2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe 2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe 2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll 2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll 2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll 2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll 2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll 2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll 2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll 2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll 2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll 2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe 2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe 2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll . ============= FINISH: 16:02:13.07 ===============
  19. CollinsUCC
    Hi all, I am having some difficulty removing a trojan from my laptop. When I boot up my GPU and CPU are on full load and my laptop gets very slow. I ran Malwarebytes in safe mode and it found 17 trojans and removed them but it seems there back again. Before I ran the scan and removal, I was able too see 2 processes in task manager called "nslookup.exe" running 48% - 50% of my cpu. After the removal, the processes are still there but are idle. Even though there idle, when I kill the processes in task manager my GPU and CPU return to normal for 3-4 minutes before a popup in the toolbar says "nvidia driver failed but has rebooted" and my screen goes blank and nslookup.exe is back and I'm in full load again. Please help as I'm stuck at what to do! Thanks, CollinsUCC
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.