Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rootkit Issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Rootkit Issues

Unread postby Realtykate » August 22nd, 2014, 11:29 am

Hi. I have persistent issues on my hp desktop pc. I have had microsoft paid support spend many many hours cleaning up malware only to have it resurface again. After a 2nd round with MS everything seemed fine. Lately the machine is acting up again. Mouse and keyboard become intermittently unresponsive, system takes forever to shut down or restart. I ran rogue killer which identifed some suspicious hooks. I then found your site and ran the dds app. Results follow:

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/07/2014 1:16:37 PM
System Uptime: 22/08/2014 10:15:47 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 156.728 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.307 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 231.217 GiB free.
F: is CDROM ()
I: is Removable
J: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
Manufacturer: Generic-
Name: L:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
Manufacturer: Generic-
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
Manufacturer: Generic-
Name: M:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP12: 14/08/2014 3:00:18 AM - Windows Update
RP13: 21/08/2014 1:07:46 PM - Installed HPScanjet7650Corporate
RP14: 21/08/2014 2:03:59 PM - Installed HP Update.
RP15: 21/08/2014 2:11:33 PM - Installed HP Support Solutions Framework
RP16: 21/08/2014 3:23:35 PM - Removed Adobe Reader X (10.1.11).
RP17: 21/08/2014 3:32:48 PM - Removed Adobe Reader X (10.1.11).
RP18: 21/08/2014 4:30:26 PM - WD SmartWare Installer
RP19: 21/08/2014 4:33:51 PM - WD SmartWare Installer
RP20: 21/08/2014 4:35:54 PM - Removed muvee autoProducer 6.1
RP21: 22/08/2014 10:20:28 AM - Windows Update
RP22: 22/08/2014 10:20:28 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 14 ActiveX
Adobe Media Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
CyberLink DVD Suite Deluxe
D3DX10
Destinations
DocProc
Enhanced Multimedia Keyboard Solution
eReg
Evernote v. 5.5.3
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
GoToMeeting 6.4.0.1558
GPBaseService2
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HMA! Pro VPN 2.7.1.7
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Imaging Device Functions 13.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Solution Center 13.0
HP Support Solutions Framework
HP Update
HPPhotosmartEssential
HPProductAssistant
HPScanjet7650Corporate
iCloud
Intel(R) Rapid Storage Technology
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 67
Java Auto Updater
Jing
Junk Mail filter update
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mortgage Financing
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFax® Print-to-Fax Assistant 32bit
Norton Internet Security
NVIDIA 3D Vision Controller Driver 340.50
NVIDIA 3D Vision Driver 340.52
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 340.52
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
OCR Software by I.R.I.S. 13.0
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PCIe Soft Data Fax Modem with SmartCP
Power2Go
PowerDirector
Property Law
Python 2.5
QuickBooks
QuickBooks Pro 2010
QuickTime 7
Realtek High Definition Audio Driver
Screencast.com Desktop Uploader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Segoe UI
SHIELD Streaming
Snagit 10.0.1
Snapfish Picture Mover
SolutionCenter
Sonos Controller
SupportSoft Assisted Service
Tweaking.com - Windows Repair (All in One)
VLC media player
WeatherBug Gadget
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR 5.10 (32-bit)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
22/08/2014 10:16:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
22/08/2014 10:16:17 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/08/2014 9:55:27 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.15 with the system having network hardware address 9C-D6-43-90-A0-7E. Network operations on this system may be disrupted as a result.
21/08/2014 6:52:35 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6bb6e74d-22d8-11e0-b2b4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{87708E4C-F035-4171-A125-8DB0EE13B188}' was corrupted and it has been recovered. Some data might have been lost.
21/08/2014 5:44:27 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
21/08/2014 5:44:22 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.26. The computer with the IP address 192.168.0.28 did not allow the name to be claimed by this computer.
21/08/2014 1:34:54 PM, Error: LEqdUsb [12293] - An attempt to clear an error on the USB bus failed.
21/08/2014 1:25:32 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
20/08/2014 10:44:42 AM, Error: Service Control Manager [7031] - The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
19/08/2014 8:34:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.20 with the system having network hardware address 30-85-A9-A7-C0-5F. Network operations on this system may be disrupted as a result.
19/08/2014 11:00:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.25 with the system having network hardware address 9C-D6-43-90-A0-7E. Network operations on this system may be disrupted as a result.
18/08/2014 9:19:30 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
17/08/2014 3:03:40 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.18534 BrowserJavaVersion: 10.67.2
Run by test at 11:16:48 on 2014-08-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.828 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Users\test\Desktop\RogueKiller.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\test\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.5.0.19\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\urlredir.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.5.0.19\coieplg.dll
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\send to onenote.lnk - c:\program files\microsoft office 15\root\office15\onenotem.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://buffiniandcompany.webex.com/cli ... atgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{611535F1-FCD0-4A51-BE04-CA5A78745CC2} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8FCE18EB-236C-411F-A0A1-1F0534DF4957} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FCE18EB-236C-411F-A0A1-1F0534DF4957}\3616C6C69733 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8FCE18EB-236C-411F-A0A1-1F0534DF4957}\44C496E6B6F5548545 : DHCPNameServer = 192.168.0.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\symds.sys [2014-8-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\symefa.sys [2014-8-13 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20140801.001\BHDrvx86.sys [2014-8-5 1101616]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys [2014-8-13 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20140821.001\IDSvix86.sys [2014-8-21 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\ironx86.sys [2014-8-13 206936]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1505000.013\symnets.sys [2014-8-13 447704]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-3-19 1617072]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.5.0.19\nis.exe [2014-8-13 276376]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-8-7 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-8-7 17536800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-8-7 413128]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-12 109872]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2009-2-13 206336]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-5-23 42264]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-5-23 10136]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2014-8-7 19232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-8-7 34080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\drivers\xcbdaV.sys [2009-6-10 157568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-5-30 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2014-5-30 24040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2012-6-4 108832]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2012-6-4 128120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-5-29 14848]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [2013-6-6 83968]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-1 1343400]
S4 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2011-1-18 198240]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-2-2 13336]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-08-21 18:08:38 -------- d-----w- c:\users\test\appdata\roaming\ISIS Drivers
2014-08-14 07:03:54 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 07:03:53 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 07:03:51 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 07:03:50 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 02:01:11 936152 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symefa.sys
2014-08-14 02:01:11 447704 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symnets.sys
2014-08-14 02:01:11 367704 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symds.sys
2014-08-14 02:01:11 21520 ----a-r- c:\windows\system32\drivers\nis\1505000.013\symelam.sys
2014-08-14 02:01:10 664280 ----a-w- c:\windows\system32\drivers\nis\1505000.013\srtsp.sys
2014-08-14 02:01:10 32344 ----a-r- c:\windows\system32\drivers\nis\1505000.013\srtspx.sys
2014-08-14 02:01:10 206936 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ironx86.sys
2014-08-14 02:01:09 127064 ----a-r- c:\windows\system32\drivers\nis\1505000.013\ccsetx86.sys
2014-08-14 02:01:00 30068 ----a-w- c:\windows\system32\drivers\nis\1505000.013\symvtcer.dat
2014-08-14 02:01:00 -------- d-----w- c:\windows\system32\drivers\nis\1505000.013
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmpC147D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp6827D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp5B27D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp2437D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp2237D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp0837D.FOT
2014-08-11 18:35:34 1409 ----a-w- c:\windows\system32\tmp0737D.FOT
2014-08-10 14:32:39 -------- d-----w- c:\program files\iPod
2014-08-10 14:32:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-10 14:32:35 -------- d-----w- c:\program files\iTunes
2014-08-07 14:21:28 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-08-07 14:21:07 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-08-07 14:19:15 907552 ----a-w- c:\windows\system32\nvdispgenco3234052.dll
2014-08-07 14:19:15 907096 ----a-w- c:\windows\system32\NvIFR.dll
2014-08-07 14:19:15 869152 ----a-w- c:\windows\system32\NvFBC.dll
2014-08-07 14:19:15 3988952 ----a-w- c:\windows\system32\nvcuvid.dll
2014-08-07 14:19:15 24198088 ----a-w- c:\windows\system32\nvoglv32.dll
2014-08-07 14:19:15 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
2014-08-07 14:19:15 11283344 ----a-w- c:\windows\system32\nvopencl.dll
2014-08-07 14:19:15 11222048 ----a-w- c:\windows\system32\nvcuda.dll
2014-08-07 14:19:15 10681176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-08-07 14:19:15 1054552 ----a-w- c:\windows\system32\nvdispco3234052.dll
2014-08-07 14:08:59 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-07 14:08:59 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-07 14:08:59 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-07 14:08:19 -------- d-----w- c:\users\test\appdata\local\NVIDIA Corporation
2014-08-07 14:08:18 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-08-07 14:08:18 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-08-07 14:08:18 -------- d-----w- c:\users\test\appdata\local\NVIDIA
2014-08-07 14:07:55 34760 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-08-07 14:07:55 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-08-07 13:57:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-02 17:04:47 -------- d-----w- c:\users\test\appdata\local\{D335F7CF-A06C-4008-BDCF-ABE64E400041}
2014-08-01 07:17:02 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-08-01 07:16:57 2616320 ----a-w- c:\windows\explorer.exe
2014-08-01 07:01:58 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-01 07:01:58 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-01 07:01:57 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-01 07:01:57 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-01 07:01:56 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-01 07:01:56 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-01 07:01:56 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-01 07:01:07 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-01 07:01:06 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-07-31 11:21:12 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-07-31 11:21:12 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2014-07-31 11:21:12 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-07-31 11:21:10 168960 ----a-w- c:\windows\system32\credui.dll
2014-07-31 11:21:10 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-07-31 11:21:06 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-07-31 11:21:05 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-07-31 11:21:01 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-07-31 11:19:59 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-07-28 19:36:25 -------- d-----w- c:\program files\VideoLAN
2014-07-27 19:31:39 -------- d-----w- c:\windows\Panther
2014-07-27 19:21:41 -------- d--h--w- C:\$WINDOWS.~Q
2014-07-27 19:12:59 -------- d--h--w- C:\$INPLACE.~TR
2014-07-27 19:06:45 5120 ----a-w- c:\windows\system32\wmi.dll
2014-07-27 19:06:45 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-07-27 18:57:56 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-27 18:53:46 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-27 18:52:53 78336 ----a-w- c:\windows\system32\synceng.dll
2014-07-27 18:50:20 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-07-27 18:50:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-07-27 16:46:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-07-27 16:46:47 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-07-27 16:46:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-27 16:46:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-27 15:37:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-07-27 15:36:53 -------- d-----w- c:\program files\Realtek
2014-07-27 15:36:52 -------- d-----w- c:\windows\system32\RTCOM
2014-07-27 15:36:44 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-27 15:36:44 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-27 15:36:44 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-27 15:36:44 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-27 15:36:44 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-27 15:36:44 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-27 15:36:25 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-07-27 15:36:22 -------- d-----w- c:\program files\NVIDIA Corporation
2014-07-27 15:35:13 -------- d-----w- c:\program files\CONEXANT
2014-07-25 16:04:30 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 16:04:20 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-25 16:04:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-25 16:04:20 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-23 16:56:05 -------- d-----w- c:\users\test\appdata\local\{AE0905CA-96D8-4B10-8313-EB6DC4E4CB18}
.
==================== Find3M ====================
.
2014-08-22 14:18:41 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-21 17:06:18 1409 ----a-w- c:\windows\system32\tmpF6F1E.FOT
2014-08-21 17:06:18 1409 ----a-w- c:\windows\system32\tmpE1D1E.FOT
2014-08-21 17:06:18 1409 ----a-w- c:\windows\system32\tmpC7D1E.FOT
2014-08-21 17:06:18 1409 ----a-w- c:\windows\system32\tmp74E1E.FOT
2014-08-21 17:06:18 1409 ----a-w- c:\windows\system32\tmp4AE1E.FOT
2014-08-21 17:06:17 1409 ----a-w- c:\windows\system32\tmpDEA1E.FOT
2014-08-21 17:06:17 1409 ----a-w- c:\windows\system32\tmp5A91E.FOT
2014-07-29 09:33:43 981504 ----a-w- c:\windows\system32\wininet.dll
2014-07-29 09:31:35 50176 ----a-w- c:\windows\system32\mshta.exe
2014-07-29 09:31:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-29 09:30:52 1466368 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-29 06:15:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-18 18:40:29 1409 ----a-w- c:\windows\system32\tmpDF419.FOT
2014-07-18 18:40:29 1409 ----a-w- c:\windows\system32\tmpB4519.FOT
2014-07-18 18:40:29 1409 ----a-w- c:\windows\system32\tmp99519.FOT
2014-07-18 18:40:28 1409 ----a-w- c:\windows\system32\tmpFA419.FOT
2014-07-18 18:40:28 1409 ----a-w- c:\windows\system32\tmp16419.FOT
2014-07-18 18:40:27 1409 ----a-w- c:\windows\system32\tmp41F09.FOT
2014-07-18 18:40:27 1409 ----a-w- c:\windows\system32\tmp17F09.FOT
2014-07-16 02:47:23 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 01:47:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-10 02:49:01 1409 ----a-w- c:\windows\system32\tmp5C770.FOT
2014-07-10 02:49:01 1409 ----a-w- c:\windows\system32\tmp1F570.FOT
2014-07-10 02:49:00 1409 ----a-w- c:\windows\system32\tmp8E470.FOT
2014-07-10 02:49:00 1409 ----a-w- c:\windows\system32\tmp63570.FOT
2014-07-10 02:49:00 1409 ----a-w- c:\windows\system32\tmp24370.FOT
2014-07-10 02:48:59 1409 ----a-w- c:\windows\system32\tmpABF60.FOT
2014-07-10 02:48:57 1409 ----a-w- c:\windows\system32\tmp5B660.FOT
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-08 18:39:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 18:39:00 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 20:54:57 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-02 20:54:57 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-02 20:54:57 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-06-18 23:56:03 4096 ------w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:36:35 51200 ------w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ------w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:24 108032 ------w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ------w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ------w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ------w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ------w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ------w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-03 09:30:10 101824 ----a-w- c:\windows\system32\consent.exe
2014-06-03 09:29:50 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- c:\windows\system32\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- c:\windows\system32\authui.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-30 03:39:59 645120 ------w- c:\windows\system32\jsIntl.dll
2014-05-30 03:39:59 194048 ------w- c:\windows\system32\elshyph.dll
2014-05-30 03:39:59 111616 ------w- c:\windows\system32\IEAdvpack.dll
2014-05-29 01:39:10 290304 ----a-w- c:\windows\system32\subinacl.exe
.
============= FINISH: 11:17:33.34 ===============
Realtykate
Active Member
 
Posts: 1
Joined: August 22nd, 2014, 11:20 am
Advertisement
Register to Remove

Re: Rootkit Issues

Unread postby wannabeageek » August 23rd, 2014, 11:40 pm

Hello Realtykate, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit Issues

Unread postby wannabeageek » August 24th, 2014, 12:09 am

Hi Realtykate,

Step 1.
Computer Usage
Please tell me what you primarily use this computer for.



Step 2.
Download and run MGA Diagnostic Tool
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.


Step 3.
Please download and run WVCheck and post back the report it creates:
  • Right-click the WVCheck.exe icon on your Desktop and then select Run As Administrator from the popup menu..
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.


Step 4.
codecheck
  • Please download codecheck from here and save it to your Desktop.
  • Right-click codecheck.exe > select " Run as administrator "
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.




Step 5.
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

NOTE: If you get an error when running the MGA Diagnostic utility only means it failed to create support files which are not needed for posting the report.
You should still be able to click the Copy button and paste the report into this thread so please do so.






Please include in your next reply:
  1. Description of what the computer is primarily used for:
  2. Contents of MGADiag
  3. Contents of WVCheck
  4. Contents of codecheck.txt
  5. Contents of CKFiles.txt
  6. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit Issues

Unread postby wannabeageek » August 26th, 2014, 8:45 am

Hi Realtykate.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Rootkit Issues

Unread postby Cypher » August 27th, 2014, 11:09 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware