Jump to content

Trojan.Bitminer Removal


CollinsUCC
 Share

Recommended Posts

Hi all,

I am having some difficulty removing a trojan from my laptop. When I boot up my GPU and CPU are on full load and my laptop gets very slow. I ran Malwarebytes in safe mode and it found 17 trojans and removed them but it seems there back again. Before I ran the scan and removal, I was able too see 2 processes in task manager called "nslookup.exe" running 48% - 50% of my cpu. After the removal, the processes are still there but are idle. Even though there idle, when I kill the processes in task manager my GPU and CPU return to normal for 3-4 minutes before a popup in the toolbar says "nvidia driver failed but has rebooted" and my screen goes blank and nslookup.exe is back and I'm in full load again. Please help as I'm stuck at what to do!

Thanks, 

CollinsUCC

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

.Thanks for the quick reply,

The 2 DDS files are below:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2013 18:45:58

System Uptime: 25/09/2013 15:41:01 (1 hours ago)

.

Motherboard: Dell Inc.          |  | 072P0M

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 930 GiB total, 860.186 GiB free.

D: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP4: 23/09/2013 02:20:55 - Installed Microsoft Flight Simulator X

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

8GadgetPack

CCleaner

Core Temp 1.0 RC5

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dell Touchpad

FileZilla Client 3.7.3

Google Chrome

Google Update Helper

IDT Audio

Intel PROSet Wireless

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® + High Speed

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Turbo Boost Technology Monitor 2.6

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Flight Simulator X

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft SkyDrive

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Word MUI (English) 2013

MSXML 4.0 SP2 Parser and SDK

Norton 360

Notepad++

NVIDIA Control Panel 327.23

NVIDIA Graphics Driver 327.23

NVIDIA Install Application

NVIDIA Optimus 8.3.14

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.0725

NVIDIA Update Components

Outils de vérification linguistique 2013 de Microsoft Office - Français

Quickset64

Rayman Legends

Realtek USB 2.0 Card Reader

RocketDock 1.3.5

StartIsBack

Steam

Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810014) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810017) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810018) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition

Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2767865) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition

Uplay

VLC media player 2.0.8

XBMC

.

==== Event Viewer Messages From Past Week ========

.

24/09/2013 23:42:50, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

24/09/2013 23:42:31, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "Unavailable" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

24/09/2013 23:42:09, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

24/09/2013 23:41:59, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

24/09/2013 23:41:55, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

24/09/2013 23:40:09, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

24/09/2013 18:56:21, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

24/09/2013 18:54:01, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

23/09/2013 22:53:55, Error: Service Control Manager [7034]  - The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

23/09/2013 18:45:50, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

23/09/2013 18:44:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff88004fb7cdf, 0xfffff880033404a8, 0xfffff8800333fce0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092313-33281-01.

23/09/2013 17:10:04, Error: Service Control Manager [7030]  - The FileZilla Server FTP server service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

22/09/2013 19:38:49, Error: Service Control Manager [7023]  - The Windows Modules Installer service terminated with the following error:  The component store has been corrupted.

20/09/2013 17:09:30, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.

20/09/2013 13:47:42, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.

20/09/2013 13:47:12, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.

20/09/2013 10:52:38, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126

20/09/2013 10:52:36, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

20/09/2013 10:52:06, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

20/09/2013 10:51:36, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service.

20/09/2013 10:50:55, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

20/09/2013 10:21:48, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

20/09/2013 10:20:36, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

20/09/2013 10:20:36, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

20/09/2013 09:52:54, Error: BTHUSB [30]  - The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

19/09/2013 18:48:06, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.

19/09/2013 18:18:50, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with the following service-specific error:  Server execution failed

19/09/2013 18:18:50, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80080005.

19/09/2013 18:16:55, Error: Service Control Manager [7023]  - The Network List Service service terminated with the following error:  The device is not ready.

19/09/2013 18:12:16, Error: Service Control Manager [7023]  - The IP Helper service terminated with the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

 

 

and

 


DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16688

Run by Micheal at 16:01:58 on 2013-09-25

Microsoft Windows 8  6.2.9200.0.1252.44.1033.18.6004.3819 [GMT 1:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\Micheal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE

C:\Program Files\Microsoft Office\Office15\MsoSync.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\IPS\ipsbho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coieplg.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [skyDrive] "C:\Users\Micheal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe.lnk - C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe

StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe

StartupFolder: C:\Users\Micheal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SVCHOS~1.LNK - C:\Users\Micheal\AppData\Local\Temp\RarSFX2\Svchost.exe

StartupFolder: C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 89.101.160.5 89.101.160.4

TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193} : DHCPNameServer = 89.101.160.5 89.101.160.4

TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\140707470213 : DHCPNameServer = 192.168.88.1

TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\140707470233 : DHCPNameServer = 192.168.88.1

TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\4584C4020527F6027583B2 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{435ECC36-2C60-4539-991D-1A475EB12193}\67F6461666F6E656D254635344 : DHCPNameServer = 192.168.1.1 0.0.0.0

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]

R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-9-23 32032]

R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1500010.003\SymDS64.sys [2013-9-20 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1500010.003\SymEFA64.sys [2013-9-20 1147480]

R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]

R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1500010.003\ccSetx64.sys [2013-9-20 150104]

R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20130924.001\IDSviA64.sys [2013-9-25 520280]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\Ironx64.sys [2013-9-20 264280]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\symnets.sys [2013-9-20 590424]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-9-20 1091520]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-9-20 1112000]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-20 7168]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-9-20 2451456]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-20 166720]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe [2013-9-20 264360]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-20 365376]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2013-9-20 110592]

R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2013-9-20 825344]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-20 140376]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2013-9-20 55848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-9-20 342528]

R3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]

S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1500010.003\SymELAM.sys [2013-9-20 23568]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-9-20 315536]

S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]

.

=============== Created Last 30 ================

.

2013-09-24 22:44:54 -------- d-----w- C:\Users\Micheal\AppData\Roaming\data

2013-09-24 17:52:51 -------- d-----w- C:\Windows\pss

2013-09-24 12:40:09 -------- d-----w- C:\Users\Micheal\AppData\Local\Ubisoft Game Launcher

2013-09-24 12:25:28 -------- d-----w- C:\Users\Micheal\AppData\Roaming\NVIDIA

2013-09-23 23:04:15 -------- d-----w- C:\Windows\SysWow64\NV

2013-09-23 23:04:15 -------- d-----w- C:\Windows\System32\NV

2013-09-23 23:04:00 920864 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-09-23 23:04:00 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2013-09-23 23:04:00 6599968 ----a-w- C:\Windows\System32\nvcpl.dll

2013-09-23 23:04:00 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-09-23 23:04:00 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-09-23 23:04:00 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-09-23 23:04:00 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-09-23 23:04:00 219424 ----a-w- C:\Windows\System32\nvmctray.dll

2013-09-23 23:04:00 1042208 ----a-w- C:\Windows\System32\nv3dappshext.dll

2013-09-23 23:03:26 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-09-23 22:04:18 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP

2013-09-23 20:59:29 -------- d-----w- C:\ProgramData\Steam

2013-09-23 20:59:28 -------- d-----w- C:\ProgramData\Orbit

2013-09-23 20:48:59 -------- d--h--w- C:\Windows\msdownld.tmp

2013-09-23 20:48:50 -------- d-----w- C:\Windows\SysWow64\directx

2013-09-23 20:17:45 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Malwarebytes

2013-09-23 20:17:35 -------- d-----w- C:\ProgramData\Malwarebytes

2013-09-23 20:17:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-23 20:17:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-23 15:55:08 -------- d--h--w- C:\SkyDriveTemp

2013-09-23 15:46:20 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2013-09-23 15:46:16 -------- d-----r- C:\Users\Micheal\SkyDrive

2013-09-23 15:46:07 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2013-09-23 15:20:25 -------- d-----w- C:\Users\Micheal\AppData\Roaming\XBMC

2013-09-23 15:17:26 -------- d-----w- C:\Program Files (x86)\Rayman Legends

2013-09-23 14:44:59 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll

2013-09-23 14:44:59 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe

2013-09-23 14:44:59 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe

2013-09-23 14:44:59 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-09-23 14:44:59 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll

2013-09-23 14:44:59 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-09-23 14:40:24 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-23 14:40:24 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-23 14:16:33 -------- d-----w- C:\Users\Micheal\AppData\Local\Programs

2013-09-23 14:11:04 144896 ----a-w- C:\Windows\System32\tssdisai.dll

2013-09-23 01:53:59 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-09-23 01:53:59 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-09-23 01:35:25 109568 ----a-w- C:\Windows\System32\dskquota.dll

2013-09-23 01:35:24 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll

2013-09-23 01:24:01 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2013-09-23 01:18:49 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll

2013-09-23 01:18:49 677888 ----a-w- C:\Windows\System32\mfnetcore.dll

2013-09-23 01:18:49 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll

2013-09-23 01:18:49 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll

2013-09-23 01:18:48 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll

2013-09-23 01:18:48 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll

2013-09-22 23:43:59 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-09-22 23:41:30 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys

2013-09-22 23:41:13 2397184 ----a-w- C:\Windows\System32\WpcMon.exe

2013-09-22 23:41:09 3847168 ----a-w- C:\Windows\System32\d2d1.dll

2013-09-22 23:41:05 3964416 ----a-w- C:\Windows\System32\WinSAT.exe

2013-09-22 23:39:58 98816 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-22 23:37:58 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll

2013-09-22 23:36:39 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll

2013-09-22 19:52:11 -------- d-----w- C:\Users\Micheal\VirtualBox VMs

2013-09-22 19:51:41 -------- d-----w- C:\Users\Micheal\.VirtualBox

2013-09-22 19:39:23 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2013-09-22 19:39:09 119056 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2013-09-22 19:07:36 -------- d-----w- C:\Users\Micheal\AppData\Roaming\IDT

2013-09-22 18:33:59 -------- d-----r- C:\Windows\BrowserChoice

2013-09-21 20:21:17 99840 ----a-w- C:\Program Files\Windows Sidebar\wlsrvc.dll

2013-09-21 20:21:17 83456 ----a-w- C:\Program Files\Windows Sidebar\sbdrop.dll

2013-09-21 20:21:17 487424 ----a-w- C:\Program Files\Windows Sidebar\8GadgetPack.exe

2013-09-21 20:21:17 1371648 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

2013-09-21 20:21:13 77824 ----a-w- C:\Program Files (x86)\Windows Sidebar\sbdrop.dll

2013-09-21 20:21:13 63488 ----a-w- C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll

2013-09-21 20:21:13 150016 ----a-w- C:\Program Files\Windows Sidebar\dwmapi.dll

2013-09-21 20:21:13 134144 ----a-w- C:\Program Files (x86)\Windows Sidebar\dwmapi.dll

2013-09-21 20:21:13 1144832 ----a-w- C:\Program Files (x86)\Windows Sidebar\sidebar.exe

2013-09-21 20:16:46 -------- d-----w- C:\Windows\AutoKMS

2013-09-21 20:16:20 -------- d-----w- C:\ProgramData\Microsoft Toolkit

2013-09-21 19:58:18 -------- d-----w- C:\Program Files\Core Temp

2013-09-21 19:51:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-09-21 19:50:56 -------- d-----w- C:\Windows\PCHEALTH

2013-09-21 19:50:56 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-09-21 19:48:06 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2013-09-21 19:48:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-09-21 19:47:51 -------- d-----w- C:\Users\Micheal\AppData\Local\Microsoft Help

2013-09-21 19:46:44 -------- d-----w- C:\Users\Micheal\AppData\Local\NVIDIA

2013-09-21 19:34:53 -------- d-----w- C:\Program Files (x86)\RocketDock

2013-09-21 03:31:22 -------- d-----w- C:\Windows\System32\MRT

2013-09-21 02:01:58 888320 ----a-w- C:\Windows\System32\autochk.exe

2013-09-21 02:00:38 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-09-21 01:59:04 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-09-21 01:59:04 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-09-21 01:59:00 5978624 ----a-w- C:\Windows\System32\mstscax.dll

2013-09-21 01:59:00 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-09-21 01:57:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-09-21 01:57:52 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-09-21 01:44:38 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-09-21 01:43:59 945152 ----a-w- C:\Windows\System32\resetengmig.dll

2013-09-21 01:43:59 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2013-09-21 01:43:59 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-09-21 01:43:59 132096 ----a-w- C:\Windows\System32\sysreset.exe

2013-09-21 01:43:59 1011200 ----a-w- C:\Windows\System32\reseteng.dll

2013-09-21 01:43:47 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-09-21 01:43:47 112872 ----a-w- C:\Windows\System32\consent.exe

2013-09-21 01:43:43 405504 ----a-w- C:\Windows\System32\pcasvc.dll

2013-09-21 01:43:43 31232 ----a-w- C:\Windows\System32\pcadm.dll

2013-09-21 01:43:43 13312 ----a-w- C:\Windows\System32\pcalua.exe

2013-09-21 01:43:43 11776 ----a-w- C:\Windows\System32\pcaevts.dll

2013-09-21 01:39:53 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-09-21 01:37:45 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-09-21 01:36:57 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-09-21 01:35:58 4038144 ----a-w- C:\Windows\System32\win32k.sys

2013-09-21 01:33:49 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin

2013-09-20 16:32:25 -------- d-----w- C:\Users\Micheal\AppData\Roaming\uTorrent

2013-09-20 16:13:34 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2013-09-20 16:13:20 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Intel Corporation

2013-09-20 16:00:09 -------- d-----w- C:\temp

2013-09-20 15:56:39 -------- d-----w- C:\Users\Micheal\AppData\Local\CrashDumps

2013-09-20 15:55:03 277024 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2013-09-20 15:55:03 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2817.dll

2013-09-20 15:55:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2013-09-20 15:55:02 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2013-09-20 15:55:00 11157504 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2013-09-20 15:54:59 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys

2013-09-20 15:54:59 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll

2013-09-20 15:49:01 -------- d-----w- C:\Program Files (x86)\Cisco

2013-09-20 09:33:16 -------- d--h--w- C:\Windows\System32\WLANProfiles

2013-09-20 09:33:00 -------- d-----w- C:\Users\Micheal\AppData\Roaming\Intel

2013-09-20 09:32:33 -------- d-----w- C:\Users\Micheal\Roaming

2013-09-20 09:32:33 -------- d-----w- C:\ProgramData\Roaming

2013-09-20 09:25:39 -------- d-----w- C:\ProgramData\Intel.sav

2013-09-20 09:23:12 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2013-09-20 09:22:56 825344 ----a-w- C:\Windows\System32\drivers\btmhsf.sys

2013-09-20 09:22:56 55848 ----a-w- C:\Windows\System32\drivers\iBtFltCoex.sys

2013-09-20 09:22:56 1721216 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2013-09-20 09:22:56 110592 ----a-w- C:\Windows\System32\drivers\btmaux.sys

2013-09-20 09:19:00 -------- d-----w- C:\Program Files\DellTPad

2013-09-20 09:18:13 113048 ----a-w- C:\Windows\System32\Vxdif.dll

2013-09-20 09:18:11 445304 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys

2013-09-20 09:16:31 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-09-20 09:16:31 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2013-09-20 09:15:48 854616 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\srtsp64.sys

2013-09-20 09:15:48 590424 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\symnets.sys

2013-09-20 09:15:48 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymDS64.sys

2013-09-20 09:15:48 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\srtspx64.sys

2013-09-20 09:15:48 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\Ironx64.sys

2013-09-20 09:15:48 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymELAM.sys

2013-09-20 09:15:48 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\SymEFA64.sys

2013-09-20 09:15:47 150104 ----a-r- C:\Windows\System32\drivers\N360x64\1500010.003\ccSetx64.sys

2013-09-20 09:15:07 -------- d-----w- C:\Windows\System32\drivers\N360x64\1500010.003

2013-09-20 09:15:07 -------- d-----w- C:\Windows\System32\drivers\N360x64

2013-09-20 09:15:05 -------- d-----w- C:\Program Files (x86)\Norton 360

2013-09-20 09:14:47 -------- d-----w- C:\ProgramData\NortonInstaller

2013-09-20 09:14:47 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2013-09-20 09:14:33 -------- d-----w- C:\Windows\SysWow64\sda

2013-09-20 09:14:24 315536 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys

2013-09-20 09:14:23 9888912 ----a-w- C:\Windows\SysWow64\RtsUVStoricon.dll

2013-09-20 09:14:23 -------- d-----w- C:\Program Files (x86)\Realtek

2013-09-20 09:09:52 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2013-09-20 09:09:52 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2013-09-20 09:08:26 -------- d-----w- C:\Program Files\CCleaner

2013-09-20 09:08:23 -------- d-----w- C:\Program Files (x86)\XBMC

2013-09-20 09:07:41 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-09-20 09:07:27 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-09-20 09:07:26 -------- d-----w- C:\Program Files (x86)\Steam

2013-09-20 09:06:51 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2013-09-20 09:05:48 -------- d-----w- C:\ProgramData\Norton

2013-09-20 09:05:19 -------- d-----w- C:\Users\Micheal\AppData\Local\Google

2013-09-20 08:59:22 -------- d-----w- C:\Users\Micheal\AppData\Local\Sidebar7

2013-09-20 08:57:07 -------- d-----w- C:\Program Files (x86)\StartIsBack

2013-09-20 08:54:14 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2013-09-20 08:53:44 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2013-09-20 08:52:50 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-09-20 08:49:54 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-09-20 08:49:23 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-09-20 08:48:52 540160 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2013-09-20 08:48:51 450048 ----a-w- C:\Windows\System32\stcplx64.dll

2013-09-20 08:48:49 656896 ------w- C:\Windows\System32\stapi64.dll

2013-09-20 08:48:49 255488 ----a-w- C:\Windows\System32\st646418.dll

2013-09-20 08:48:49 1988096 ----a-w- C:\Windows\System32\stapo64.dll

2013-09-20 08:48:48 734720 ----a-w- C:\Windows\SysWow64\IMAPO32.dll

2013-09-20 08:48:48 576856 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll

2013-09-20 08:48:48 339288 ----a-w- C:\Windows\System32\MaxxAudioAPO3064.dll

2013-09-20 08:48:47 -------- d-----w- C:\Program Files\IDT

2013-09-20 02:11:08 -------- d-----w- C:\Windows\Panther

2013-09-20 02:01:20 -------- d-----w- C:\Windows.old

2013-09-19 18:41:23 56832 ----a-w- C:\Windows\System32\OpenCL.dll

2013-09-19 18:41:23 56320 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-09-19 18:40:54 -------- d-----w- C:\Program Files\NVIDIA Corporation

2013-09-19 18:40:54 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-09-19 18:11:34 -------- d-----w- C:\Program Files\Dell

2013-09-19 17:47:05 -------- d-----r- C:\Users\Micheal\Searches

2013-09-19 17:47:05 -------- d-----r- C:\Users\Micheal\Contacts

2013-09-19 17:46:14 -------- d-----w- C:\Users\Micheal\AppData\Local\VirtualStore

2013-09-19 17:46:07 -------- d-----w- C:\Users\Micheal\AppData\Local\Packages

2013-09-19 17:46:06 -------- d-----w- C:\ProgramData\PRICache

2013-09-19 17:22:19 -------- d-sh--w- C:\Recovery

2013-09-06 13:25:40 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2013-09-06 13:25:38 204048 ------w- C:\Windows\System32\VBoxNetFltNobj.dll

2013-08-27 13:19:31 1841513 ----a-w- C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Usbsupply.exe

.

==================== Find3M  ====================

.

2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys

2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll

2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe

2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe

2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe

2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll

2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll

2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll

2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll

2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll

2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll

2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll

2013-08-10 05:21:51 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-08-10 05:21:51 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-08-10 03:58:51 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-08-03 06:40:49 462336 ----a-w- C:\Windows\System32\sysmon.ocx

2013-08-03 06:40:17 566784 ----a-w- C:\Windows\System32\wvc.dll

2013-08-03 06:40:01 1374208 ----a-w- C:\Windows\System32\wdc.dll

2013-08-03 05:14:15 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx

2013-08-03 05:13:57 437248 ----a-w- C:\Windows\SysWow64\wvc.dll

2013-08-03 05:13:43 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll

2013-08-02 06:28:29 10116608 ----a-w- C:\Windows\System32\twinui.dll

2013-08-02 06:26:53 2304512 ----a-w- C:\Windows\System32\authui.dll

2013-08-02 05:08:18 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-08-02 05:06:50 2035712 ----a-w- C:\Windows\SysWow64\authui.dll

2013-08-01 10:41:31 2233688 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-27 03:58:39 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-07-24 23:10:08 158208 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-07-24 23:06:39 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll

2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll

2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll

2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll

2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys

2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe

2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe

2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll

2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll

2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll

2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll

2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll

2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll

2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll

2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll

2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe

2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe

2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys

2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

.

============= FINISH: 16:02:13.07 ===============

 

Link to post
Share on other sites

Oh apologies about that! 

Here's the log:

 

RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Micheal [Admin rights]
Mode : Scan -- Date : 09/25/2013 21:26:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 2 ¤¤¤
[Micheal][sUSP PATH] Adobe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk @C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe [-][-] -> FOUND
[Micheal][HJNAME] Svchost.exe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk @C:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe [-][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD10JPVT-75A1YT0 +++++
--- User ---
[MBR] e42b76d1a2c81f34e30e83721b6b2e71
[bSP] 86314bb338cf52113c8ccf82cc418ab0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09252013_212657.txt >>
Link to post
Share on other sites

Please create a new system restore point before continuing:

 

http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/

 

-------------------------------

 

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[Micheal][sUSP PATH] Adobe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.lnk @C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe [-][-] -> FOUND

[Micheal][HJNAME] Svchost.exe.lnk : C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk @C:\Users\Micheal\AppData\Local\Temp\RarSFX0\Svchost.exe [-][x] -> FOUND

 

Now click Delete on the right hand column under Options

 

-------------

 

Then.........

 

Lets clean out any adware: (this will require a reboot so save all your work)

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder:  C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

 

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

 

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

 

Make sure that everything is checked, and click Remove Selected.

 

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Ok system restore done, here's the adwcleaner log:

 

# AdwCleaner v3.005 - Report created 26/09/2013 at 00:57:05
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Micheal - MICHEALS
# Running from : C:\Users\Micheal\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16688
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [887 octets] - [26/09/2013 00:54:38]
AdwCleaner[s0].txt - [813 octets] - [26/09/2013 00:57:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [872 octets] ##########
 
 
And heres the log file from Malwarebytes, looks pretty scary! 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.25.09
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Micheal :: MICHEALS [administrator]
 
26/09/2013 01:04:58
mbam-log-2013-09-26 (01-04-58).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222158
Time elapsed: 3 minute(s), 18 second(s)
 
Memory Processes Detected: 2
C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> 3380 -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\mstsc.exe (Trojan.Bitminer) -> 4116 -> Delete on reboot.
 
Memory Modules Detected: 4
C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Micheal\AppData\Roaming\data (Trojan.Bitminer) -> Delete on reboot.
 
Files Detected: 16
C:\Users\Micheal\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\phatk.cl (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Adobe.bat (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\btc.il (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\mstsc.exe (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\phatk.ptx (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Svchost.exe (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)
 
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)


Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

MrC
Link to post
Share on other sites

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013

Ran by Micheal at 2013-09-26 09:46:10 Run:1

Running from C:\Users\Micheal\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\Micheal\Downloads\coretemp_1236.exe 

C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe 

C:\Users\Micheal\AppData\Roaming\data\miner.dll 

C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll 

C:\Users\Micheal\AppData\Roaming\data\phatk.cl .

C:\Users\Micheal\AppData\Roaming\data\Adobe.bat 

C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe 

C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il 

C:\Users\Micheal\AppData\Roaming\data\btc.il 

C:\Users\Micheal\AppData\Roaming\data\calculator.exe 

C:\Users\Micheal\AppData\Roaming\data\coinutil.dll 

C:\Users\Micheal\AppData\Roaming\data\mstsc.exe 

C:\Users\Micheal\AppData\Roaming\data\openssl.dll 

C:\Users\Micheal\AppData\Roaming\data\phatk.ptx

C:\Users\Micheal\AppData\Roaming\data\Svchost.exe 

C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk 

C:\Users\Micheal\AppData\Roaming\data\calculator.exe 

C:\Users\Micheal\AppData\Roaming\data\mstsc.exe 

C:\Users\Micheal\AppData\Roaming\data\miner.dll 

C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll 

C:\Users\Micheal\AppData\Roaming\data\coinutil.dll 

C:\Users\Micheal\AppData\Roaming\data\openssl.dll 

C:\Users\Micheal\AppData\Roaming\data 

 

 

*****************

 

"C:\Users\Micheal\Downloads\coretemp_1236.exe " => File/Directory not found.

"C:\Users\Micheal\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe " => File/Directory not found.

C:\Users\Micheal\AppData\Roaming\data\miner.dll  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\phatk.cl . => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\Adobe.bat  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\btc.il  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\calculator.exe  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\coinutil.dll  => Moved successfully.

"C:\Users\Micheal\AppData\Roaming\data\mstsc.exe " => File/Directory not found.

C:\Users\Micheal\AppData\Roaming\data\openssl.dll  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\phatk.ptx => Moved successfully.

C:\Users\Micheal\AppData\Roaming\data\Svchost.exe  => Moved successfully.

C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk  => Moved successfully.

"C:\Users\Micheal\AppData\Roaming\data\calculator.exe " => File/Directory not found.

"C:\Users\Micheal\AppData\Roaming\data\mstsc.exe " => File/Directory not found.

"C:\Users\Micheal\AppData\Roaming\data\miner.dll " => File/Directory not found.

"C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll " => File/Directory not found.

"C:\Users\Micheal\AppData\Roaming\data\coinutil.dll " => File/Directory not found.

"C:\Users\Micheal\AppData\Roaming\data\openssl.dll " => File/Directory not found.

C:\Users\Micheal\AppData\Roaming\data  => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Malwarebytes found nothing  :unsure:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.26.05
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Micheal :: MICHEALS [administrator]
 
26/09/2013 16:31:56
mbam-log-2013-09-26 (16-31-56).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222271
Time elapsed: 4 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

I'm so sorry! I havent been able to access the forum for the past day! Thanks for staying with me.

 

In regards to your question, yes and no. . . . All programs in the task manager are running idle, but, if I kill the process "nslookup.exe" my screen flashes (and my nvidia driver restarts) and GPU returns to normal . . . only for about 2-3 mins, then nslookup.exe starts again, ill attatch a screen shot.

 

Oh and also, the folder ".../Users/AppData/Roaming/data" where Trojans are is back. Any other suggestions?  :(

 

Here's the pic, my apologies but its the best I could do.

post-146037-0-45467500-1380335533_thumb.

Link to post
Share on other sites

Do a search for nslookup.exe on the system, then upload each one to VirusTotal for a free scan:

http://www.virustotal.com/

Let me know the results, just copy back the URL.

~~~~~~~~~~~~~~~~~~~~~~

Use your CCleaner to clean out temp file.

~~~~~~~~~~~~~~~~~~~~~

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~~~~~~~~~~

Last..........

Please run a free online scan with the ESET Online Scanner (it may take a while to run)
Note: You will need to use Internet Explorer for this scan.
First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

The only program I could find with the nslookup.exe search was the calculator application within the folder AppData which was already scanned by virustotal.

https://www.virustotal.com/en/file/7ef95f5d242d59624fc06238202890afd05773181e7122a4451b60fbd3deeb3b/analysis/

 

~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Quickscan log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.28.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Micheal :: MICHEALS [administrator]
 
28/09/2013 15:10:00
mbam-log-2013-09-28 (15-10-00).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222517
Time elapsed: 4 minute(s), 16 second(s)
 
Memory Processes Detected: 1
C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> 6696 -> Delete on reboot.
 
Memory Modules Detected: 4
C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Micheal\AppData\Roaming\data (Trojan.Bitminer) -> Delete on reboot.
 
Files Detected: 13
C:\Users\Micheal\AppData\Roaming\data\miner.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\usft_ext.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\phatk.cl (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Adobe.bat (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Adobe.vbe (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\btc-evergreen.il (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\btc.il (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\calculator.exe (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\coinutil.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\openssl.dll (Trojan.Bitminer) -> Delete on reboot.
C:\Users\Micheal\AppData\Roaming\data\phatk.ptx (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\data\Svchost.exe (Trojan.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Micheal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Svchost.exe.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
 
After the reboot the folders are back but now's there 2 nslookup.exe's, one that links to calcualator and one that links to mstsc???
 
~~~~~~~~~~~~~~~~~~~~~
 
ESET online scanner is currently scanning and I'll post the logs when it's finished. It has found 7 threats so far that I've never seen before . . . "BitCoinMinerH application". I''l post when it's finished
 
 
Link to post
Share on other sites

OK, we'll get it.

When you get a chance.....

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :Filefindnslookup.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

Here's the SystemLook log:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 16:47 on 28/09/2013 by Micheal

Administrator - Elevation successful

 

========== Filefind ==========

 

Searching for "nslookup.exe"

C:\Windows\System32\nslookup.exe --a---- 130560 bytes [02:11 26/07/2012] [03:08 26/07/2012] 71195133DEB84F22938F404C2ED26C7D

C:\Windows\SysWOW64\nslookup.exe --a---- 111104 bytes [02:17 26/07/2012] [03:20 26/07/2012] 556F24DFDFC1907D644C20B187DF5F38

C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_6.2.9200.16384_none_244a1b54f036c47c\nslookup.exe --a---- 130560 bytes [02:11 26/07/2012] [03:08 26/07/2012] 71195133DEB84F22938F404C2ED26C7D

C:\Windows\WinSxS\x86_microsoft-windows-nslookup_31bf3856ad364e35_6.2.9200.16384_none_c82b7fd137d95346\nslookup.exe --a---- 111104 bytes [02:17 26/07/2012] [03:20 26/07/2012] 556F24DFDFC1907D644C20B187DF5F38

 

-= EOF =-

 

~~~~~~~~~~~~~~~~

 

ESET scanner is still scanning, 93%

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.