Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

30 Occurrances of "dllhost *32" eating up Processor ...


  • This topic is locked This topic is locked
2 replies to this topic

#1 gmf77

gmf77

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 14 March 2014 - 03:46 PM

Hello there,  I was looking for some help in getting rid of this Malware issue I see you've helped other's with ...

 

     I believe I have the same issue as posted here - http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Admin (administrator) on NED-PC on 14-03-2014 16:28:04
Running from C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2Z4TX2B
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(SoftThinks) C:\Windows\sminst\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16383416F83ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.254

==================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
R2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()

==================== Drivers (Whitelisted) ====================

S4 AloPar; C:\Windows\SysWOW64\Drivers\AloPar.sys [4112 2002-08-14] (Eisenworld, Inc.)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [29184 2007-06-20] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 ltbadezx; \??\C:\Windows\system32\drivers\ltbadezx.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S1 rwaopvxl; \??\C:\Windows\system32\drivers\rwaopvxl.sys [X]
S3 WinDriver; \SystemRoot\System32\drivers\WINDRVR.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-14 16:27 - 2014-03-14 16:28 - 00000000 ____D () C:\FRST
2014-03-14 16:26 - 2014-03-14 16:26 - 02157056 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-03-14 14:58 - 2014-03-14 14:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Trusteer
2014-03-13 16:51 - 2014-03-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-13 16:49 - 2014-03-13 16:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 16:49 - 2014-03-13 16:49 - 00000000 _____ () C:\Windows\setupact.log
2014-03-13 16:45 - 2014-03-13 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-03-13 16:45 - 2014-03-13 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-03-13 16:44 - 2014-03-13 16:44 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-13 16:23 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:23 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 16:23 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:22 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:22 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:22 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:22 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:22 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:22 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:22 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 16:22 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:22 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 16:22 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 16:22 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:22 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:22 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:22 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:22 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:22 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:22 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:22 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:22 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:22 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:22 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 16:22 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:22 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:22 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:22 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 16:22 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:22 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 16:22 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 16:22 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:18 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:18 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 16:18 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:18 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:17 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:17 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-13 16:17 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-13 16:11 - 2014-03-13 16:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\visi_coupon
2014-03-13 16:09 - 2014-03-13 16:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-03-13 16:08 - 2014-03-13 16:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Yahoo!
2014-03-13 14:24 - 2014-03-13 14:24 - 00030998 _____ () C:\Users\Admin\Documents\cc_20140313_142420.reg
2014-03-13 14:23 - 2014-03-13 14:23 - 00274566 _____ () C:\Users\Admin\Documents\cc_20140313_142340.reg
2014-03-13 13:06 - 2014-03-13 22:43 - 00000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-03-13 13:06 - 2014-03-13 13:06 - 00066384 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-13 13:06 - 2014-03-13 13:06 - 00000951 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-13 13:06 - 2014-03-13 13:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\PowerDVD DX
2014-03-13 13:05 - 2014-03-13 16:50 - 00000000 ____D () C:\Users\Admin
2014-03-13 13:05 - 2014-03-13 13:06 - 00000981 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-13 13:05 - 2014-03-13 13:06 - 00000917 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00002027 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00000976 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-03-13 13:05 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-13 13:05 - 2008-01-20 23:20 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-11 17:49 - 2014-03-11 17:49 - 00000000 ____D () C:\Windows\pss
2014-03-11 16:06 - 2014-03-11 16:06 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-11 16:05 - 2014-03-11 16:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-11 16:02 - 2014-03-11 16:10 - 04765152 _____ (Piriform Ltd) C:\Users\Ned\Downloads\ccsetup411.exe
2014-02-28 18:43 - 2014-02-28 18:43 - 00000000 ____D () C:\Users\Ned\AppData\Local\Skype
2014-02-27 02:30 - 2014-02-27 02:30 - 00328394 _____ () C:\Users\Ned\AppData\Roaming\ebbe8_l
2014-02-27 02:30 - 2014-02-27 02:30 - 00328394 _____ () C:\ProgramData\ebbe8_l
2014-02-19 21:57 - 2014-02-19 21:57 - 00125952 _____ (Microsoft Corporation) C:\Users\Ned\AppData\Roaming\puylutd.dll
2014-02-19 16:06 - 2014-02-19 16:06 - 00001875 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-19 16:05 - 2014-02-19 16:05 - 00000000 ____D () C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2014-03-14 16:28 - 2014-03-14 16:27 - 00000000 ____D () C:\FRST
2014-03-14 16:26 - 2014-03-14 16:26 - 02157056 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-03-14 16:08 - 2012-11-13 08:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-14 16:04 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 16:01 - 2009-06-13 04:53 - 01400111 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 15:59 - 2009-12-10 02:28 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-14 15:58 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 15:58 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 15:58 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 15:57 - 2006-11-02 11:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-14 15:44 - 2011-08-18 17:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632438388-3576951951-1213603496-1000UA.job
2014-03-14 15:44 - 2011-08-18 17:36 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632438388-3576951951-1213603496-1000Core.job
2014-03-14 15:32 - 2009-12-10 02:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 14:58 - 2014-03-14 14:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Trusteer
2014-03-14 14:23 - 2011-05-25 11:07 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-14 13:07 - 2010-02-21 18:38 - 00000000 ____D () C:\Users\Ned\AppData\Roaming\Skype
2014-03-14 13:05 - 2011-05-25 11:07 - 00003524 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-14 13:05 - 2011-05-25 11:07 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-03-13 22:43 - 2014-03-13 13:06 - 00000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-03-13 16:56 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-13 16:51 - 2014-03-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-13 16:50 - 2014-03-13 13:05 - 00000000 ____D () C:\Users\Admin
2014-03-13 16:49 - 2014-03-13 16:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 16:49 - 2014-03-13 16:49 - 00000000 _____ () C:\Windows\setupact.log
2014-03-13 16:45 - 2014-03-13 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-03-13 16:45 - 2014-03-13 16:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-03-13 16:44 - 2014-03-13 16:44 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-13 16:30 - 2006-11-02 11:21 - 00280704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 16:28 - 2009-06-13 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 16:22 - 2013-08-15 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-13 16:20 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-13 16:11 - 2014-03-13 16:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\visi_coupon
2014-03-13 16:09 - 2014-03-13 16:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-03-13 16:09 - 2012-11-13 08:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 16:09 - 2012-11-13 08:44 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 16:09 - 2011-05-15 09:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 16:08 - 2014-03-13 16:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Yahoo!
2014-03-13 14:24 - 2014-03-13 14:24 - 00030998 _____ () C:\Users\Admin\Documents\cc_20140313_142420.reg
2014-03-13 14:23 - 2014-03-13 14:23 - 00274566 _____ () C:\Users\Admin\Documents\cc_20140313_142340.reg
2014-03-13 14:23 - 2009-08-26 18:00 - 00000000 ____D () C:\Windows\Minidump
2014-03-13 14:23 - 2008-02-04 22:23 - 00000000 ____D () C:\Windows\Panther
2014-03-13 13:06 - 2014-03-13 13:06 - 00066384 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-13 13:06 - 2014-03-13 13:06 - 00000951 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-13 13:06 - 2014-03-13 13:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\PowerDVD DX
2014-03-13 13:06 - 2014-03-13 13:05 - 00000981 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-13 13:06 - 2014-03-13 13:05 - 00000917 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00002027 _____ () C:\Users\Admin\Desktop\Google Chrome.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00000976 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-03-13 13:05 - 2014-03-13 13:05 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 13:05 - 2014-03-13 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-03-11 19:00 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-11 19:00 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-11 19:00 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-03-11 18:59 - 2014-01-14 14:19 - 00000000 ____D () C:\Users\Ned\AppData\Local\Wjnamedia
2014-03-11 18:59 - 2010-03-19 18:28 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-11 18:59 - 2010-02-21 18:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 18:59 - 2009-08-04 21:16 - 00000000 ____D () C:\Users\Ned\AppData\Roaming\Mozilla
2014-03-11 18:59 - 2009-07-09 23:56 - 00000000 ___RD () C:\Users\Ned\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 18:59 - 2009-06-13 10:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 18:59 - 2009-06-13 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 18:59 - 2009-06-13 10:13 - 00000000 ____D () C:\Program Files\Dell
2014-03-11 18:58 - 2009-06-13 10:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-11 18:58 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-11 17:49 - 2014-03-11 17:49 - 00000000 ____D () C:\Windows\pss
2014-03-11 16:36 - 2009-08-14 19:52 - 00004825 _____ () C:\ProgramData\hpzinstall.log
2014-03-11 16:10 - 2014-03-11 16:02 - 04765152 _____ (Piriform Ltd) C:\Users\Ned\Downloads\ccsetup411.exe
2014-03-11 16:06 - 2014-03-11 16:06 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-11 16:06 - 2014-03-11 16:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-11 07:01 - 2009-07-21 20:52 - 00007052 _____ () C:\Users\Ned\AppData\Local\d3d9caps.dat
2014-03-11 06:32 - 2011-10-01 19:53 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6896CDA7-6256-498C-8979-9A137FBFEADA}
2014-03-01 03:58 - 2011-05-25 11:07 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-28 18:43 - 2014-02-28 18:43 - 00000000 ____D () C:\Users\Ned\AppData\Local\Skype
2014-02-28 18:42 - 2010-02-21 18:38 - 00000000 ____D () C:\ProgramData\Skype
2014-02-28 12:44 - 2011-05-25 11:07 - 00004260 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-02-27 02:30 - 2014-02-27 02:30 - 00328394 _____ () C:\Users\Ned\AppData\Roaming\ebbe8_l
2014-02-27 02:30 - 2014-02-27 02:30 - 00328394 _____ () C:\ProgramData\ebbe8_l
2014-02-26 15:31 - 2010-03-10 00:35 - 00000000 ____D () C:\Users\Ned\AppData\Roaming\Creative
2014-02-26 14:27 - 2009-12-10 02:28 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-26 14:27 - 2009-12-10 02:28 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 03:12 - 2014-03-13 16:22 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-13 16:22 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-13 16:22 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-13 16:22 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-13 16:22 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-13 16:22 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-13 16:22 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-13 16:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-13 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-13 16:22 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-13 16:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-13 16:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-13 16:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:44 - 2014-03-13 16:22 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-13 16:22 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:43 - 2014-03-13 16:22 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-13 16:22 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-13 16:22 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-13 16:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-13 16:22 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-13 16:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-13 16:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-13 16:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-13 16:22 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-13 16:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-13 16:22 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-13 16:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-13 16:22 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-13 16:22 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-13 16:23 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-13 16:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-13 16:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 22:11 - 2009-08-14 19:47 - 00000000 ____D () C:\ProgramData\HP
2014-02-19 21:57 - 2014-02-19 21:57 - 00125952 _____ (Microsoft Corporation) C:\Users\Ned\AppData\Roaming\puylutd.dll
2014-02-19 21:56 - 2009-07-09 23:56 - 00000000 ____D () C:\Users\Ned
2014-02-19 16:40 - 2011-08-18 17:36 - 00003780 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3632438388-3576951951-1213603496-1000UA
2014-02-19 16:40 - 2011-08-18 17:36 - 00003384 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3632438388-3576951951-1213603496-1000Core
2014-02-19 16:06 - 2014-02-19 16:06 - 00001875 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-19 16:05 - 2014-02-19 16:05 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-12 04:02 - 2011-01-27 21:45 - 00753386 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Ned\AppData\Local\Temp\3o-ztzbl.dll
C:\Users\Ned\AppData\Local\Temp\9gyjef2v.dll
C:\Users\Ned\AppData\Local\Temp\contentDATs.exe
C:\Users\Ned\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Ned\AppData\Local\Temp\heek.exe
C:\Users\Ned\AppData\Local\Temp\msgF0A4.exe
C:\Users\Ned\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Ned\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Ned\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-14 16:04

==================== End Of Log ============================

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 PM

Posted 17 March 2014 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
URLSearchHook: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {5911488E-9D1E-40ec-8CBB-06B231CC153F} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
R2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()
S1 ltbadezx; \??\C:\Windows\system32\drivers\ltbadezx.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S1 rwaopvxl; \??\C:\Windows\system32\drivers\rwaopvxl.sys [X]
S3 WinDriver; \SystemRoot\System32\drivers\WINDRVR.SYS [X]
C:\Users\Ned\AppData\Local\Temp\3o-ztzbl.dll
C:\Users\Ned\AppData\Local\Temp\9gyjef2v.dll
C:\Users\Ned\AppData\Local\Temp\contentDATs.exe
C:\Users\Ned\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Ned\AppData\Local\Temp\heek.exe
C:\Users\Ned\AppData\Local\Temp\msgF0A4.exe

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.


Restart the computer normally.
====
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

lease paste the logs in your next reply DO NOT ATTACH THEM unless specified.

How is the computer performing now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 PM

Posted 24 March 2014 - 08:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users