Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe*32, SysWOW64


  • This topic is locked This topic is locked
3 replies to this topic

#1 InfectedVirus

InfectedVirus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 04 November 2014 - 01:06 PM

Hello, today when I turned on my computer I realized it was running slower than yesterday, so I opened the task manager. I noticed that there were multiple dlllhost.exe*32 being run, all taking up a lot of memory. When I checked their file location, it was in SysWOW64. When I disconnect myself from the internet, very few (about 2) dlllhost.exe*32 are running, and when I connect myself more and more dllhost.exe*32 start to show up in the task manager. The description says COM Surrogate. I scanned my computer with SUPERAntiSpyware (Free edition), and after scanning multiple times, I found 13 problems in total. I don't remember what they were, but I needed to restart my computer to get rid of them completely, according to SUPERAntiSpyware. The scans would run slowly, and take a long time and get stuck at a certain point. I saw it had detected some problems and stopped the scanning to remove the problems I found. Symantec also found 1 possible risk, but it won't let me remove it, called wajam_install.exe. I googled this problem online and I got confused on what to do to remove it, so I decided to make an account and try to find help on here. Also, something from windows tells me that powershell had stopped working too. I don't know much about computers, and I want to resolve this problem as soon as possible. Oh, and I'm not sure if internet explorer is supposed to use up a lot of memory but it is.

Thank you very much for your attention

-InfectedVirus

 

---Edit, Symantec allowed me to delete it

 

------Edit 2, I have the log, it was created while I was disconnected from the internet.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.55.2
Run by Eric at 15:19:25 on 2014-11-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.1693 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SavUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - <orphaned>
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [BitTorrent] "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{2B0E7EEE-258C-4686-9A79-19D8F41BA340} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{2B0E7EEE-258C-4686-9A79-19D8F41BA340}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161
TCP: Interfaces\{6848F617-A2FB-4A08-8720-E38C43E0725E} : DHCPNameServer = 192.168.5.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\qkg1kty9.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys [2011-11-15 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys [2012-2-26 932472]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-8-10 73296]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20141103.001\IDSviA64.sys [2014-11-4 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys [2011-11-15 171128]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\symnets.sys [2012-3-18 386168]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-18 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-3-17 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-18 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-7-23 255376]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-10-15 142640]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-12 138024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-18 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2013-12-12 64624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-4 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2014-8-15 27136]
.
=============== Created Last 30 ================
.
2014-10-15 21:37:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 21:37:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 21:37:16 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 21:37:11 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 21:37:11 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 21:37:11 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 21:37:10 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 21:37:10 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 21:37:10 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 21:35:27 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-15 21:35:27 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-15 21:35:27 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-15 21:35:27 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-15 21:35:27 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-15 21:35:27 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-15 21:35:27 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-15 21:35:26 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-15 21:35:25 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-15 21:34:57 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 21:34:57 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 21:34:13 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 21:34:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-15 21:33:58 681984 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-15 21:33:58 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-10-15 21:33:58 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-15 21:33:57 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-10-15 21:33:57 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-15 21:33:57 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-10-15 21:33:56 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-10-15 21:33:56 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-10-15 21:33:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 21:33:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-10-15 21:33:56 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-23 21:15:39 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 21:15:39 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 15:20:20.99 ===============
 


Edited by InfectedVirus, 04 November 2014 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:01 PM

Posted 09 November 2014 - 12:46 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:01 PM

Posted 12 November 2014 - 01:31 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:01 PM

Posted 14 November 2014 - 08:30 AM

Due to the lack of feedback, this topic is now closed.<br /><br />In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. <br><br>Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users