Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some kind of virus I think...


  • This topic is locked This topic is locked
2 replies to this topic

#1 vitalgirl

vitalgirl

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 29 September 2013 - 08:02 AM

Hi

 

I think I have some kind of virus or malware on my laptop - it's practically unworkable (keeps crashing). I keep getting messages saying it is low on memory, but it is a newish computer (3 months old) and I have hardly installed anything on it. Browsers keep crashing, and I tried to install malwarebytes anti malware and it wouldn't. I've scanned ccleaner and eset antivirus, but nothing. It seems to be getting worse, not better.

 

I don't know if this was connected, but I had a strange phone call from someone claiming to be with my ISP several weeks ago. They said that hackers had access to my computer, and that they were calling from my ISP tech department to help get rid of the problem as they'd noticed (supposedly) data transfer or some such thing (I haven't gone over my limit or anything near it though). I believed them at first, and they asked for temporary access, which I gave them (nothing much happened - I think that was part of their sales pitch to 'prove' something was wrong and to extract money to supposedly fix the problem). I twigged something was not right when they asked me to send money (not much actually, but still ...) via western union. But my computer was playing up with the memory problems before that, and as I said, this is practically a new computer and I have installed very little.

 

Any help would be appreciated.

 

thanks

Rebecca

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by Rebecca at 22:47:29 on 2013-09-29
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3977.2305 [GMT 10:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe
C:\windows\system32\dashost.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.11\ccSvcHst.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\taskhostex.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.11\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\Taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [TPUReg(x86)] "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
mRun: [TPUReg] "C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe" /Retimes
mRun: [SacReminderBOX] C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{9EB1C2DE-E4C8-4B52-8852-7F15AFB6B45B} : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\u2itw36u.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\windows\System32\Drivers\epfwwfp.sys [2013-2-20 58416]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-2 645952]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-2-3 131520]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-2-3 499096]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2013-2-3 168608]
R1 eamonm;eamonm;C:\windows\System32\Drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
R2 CFUACProxy_boxsoftware;CFUACProxy_boxsoftware;C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [2013-2-3 83792]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [2011-10-14 156672]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-2 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-2 166720]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-12 3939008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-6-17 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.11\ccSvcHst.exe [2013-2-3 126392]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [2009-9-12 14344]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-9 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2012-8-11 214488]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2012-8-25 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-22 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-2 365376]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-20 342528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-2-3 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-2 690832]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-30 1498256]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-11 43832]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-28 53384]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-7-29 458152]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-30 1498256]
.
=============== Created Last 30 ================
.
2013-09-29 12:06:38    --------    d-----w-    C:\Users\Rebecca\AppData\Roaming\Malwarebytes
2013-09-29 12:06:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-29 12:06:19    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-09-29 12:06:19    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 00:08:34    304816    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin
2013-09-26 05:15:56    144896    ----a-w-    C:\windows\System32\tssdisai.dll
2013-09-17 12:53:22    --------    d-----w-    C:\Program Files (x86)\Wondershare
2013-09-12 07:52:22    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-09-12 07:52:16    --------    d-----w-    C:\Users\Rebecca\AppData\Local\Microsoft Help
2013-09-12 07:32:15    --------    d-----w-    C:\Users\Rebecca\AppData\Roaming\e-academy Inc
2013-09-12 07:32:15    --------    d-----w-    C:\Users\Rebecca\AppData\Local\e-academy Inc
2013-09-10 11:11:51    --------    d-----w-    C:\Users\Rebecca\AppData\Local\Macromedia
2013-09-07 06:22:38    694272    ----a-w-    C:\windows\SysWow64\rpcrt4.dll
2013-09-07 06:20:09    98304    ----a-w-    C:\windows\System32\apprepsync.dll
2013-09-07 06:20:09    87040    ----a-w-    C:\windows\SysWow64\apprepapi.dll
2013-09-07 06:20:09    74240    ----a-w-    C:\windows\SysWow64\apprepsync.dll
2013-09-07 06:20:09    68096    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-09-07 06:20:09    337408    ----a-w-    C:\windows\System32\wintrust.dll
2013-09-07 06:20:09    261120    ----a-w-    C:\windows\SysWow64\wintrust.dll
2013-09-07 06:20:09    1889280    ----a-w-    C:\windows\System32\crypt32.dll
2013-09-07 06:20:09    1568256    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-09-07 06:20:09    124416    ----a-w-    C:\windows\System32\apprepapi.dll
2013-09-07 04:58:55    --------    d-----w-    C:\Users\Rebecca\AppData\Local\LogMeIn Rescue Applet
2013-09-05 14:04:02    209272    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-18 23:26:35    78296    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 23:26:35    694232    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-08-21 04:11:59    915968    ----a-w-    C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59    53760    ----a-w-    C:\windows\System32\UXInit.dll
2013-08-21 04:11:07    3959296    ----a-w-    C:\windows\System32\jscript9.dll
2013-08-21 04:11:04    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-08-21 04:11:04    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06    44032    ----a-w-    C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:28    2876928    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-08-21 02:05:25    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56    534528    ----a-w-    C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13    58200    ----a-w-    C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\windows\System32\wuapp.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\windows\SysWow64\sppc.dll
2013-08-03 04:30:14    4038144    ----a-w-    C:\windows\System32\win32k.sys
2013-07-14 12:06:44    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-14 12:06:39    867240    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-07-14 12:06:39    789416    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-07-09 08:04:07    120144    ----a-w-    C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21    439488    ----a-w-    C:\windows\System32\WerFault.exe
2013-07-09 06:07:17    2233168    ----a-w-    C:\windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45    385768    ----a-w-    C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19    245760    ----a-w-    C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00    543744    ----a-w-    C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00    414208    ----a-w-    C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00    370688    ----a-w-    C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16    312832    ----a-w-    C:\windows\System32\LocationApi.dll
2013-07-06 00:16:17    1025024    ----a-w-    C:\windows\System32\localspl.dll
2013-07-03 00:23:43    391168    ----a-w-    C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12    778752    ----a-w-    C:\windows\System32\oleaut32.dll
2013-07-03 00:22:26    1300480    ----a-w-    C:\windows\System32\gdi32.dll
2013-07-03 00:11:23    268800    ----a-w-    C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02    551424    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14    36288    ----a-w-    C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\windows\System32\drivers\WdFilter.sys
.
============= FINISH: 22:47:39.62 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,204 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:15 AM

Posted 01 October 2013 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

I strongly suggest that your Refresh Your PC to factory level.
How to here:
http://www.redmondpie.com/how-to-restore-and-reset-windows-8-to-factory-settings/

Let me know if all is well.

p.s.
I suggest you change all your passwords as you computer may have been compromised.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,204 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:15 AM

Posted 07 October 2013 - 08:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users