Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe *32 COM Surrogate


  • This topic is locked This topic is locked
3 replies to this topic

#1 Grumpykat

Grumpykat

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 09 November 2014 - 08:01 PM

I have no idea how it got here, but I can't get it to go away. 

 

Here is a copy of the DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116  BrowserJavaVersion: 11.25.2
Run by Folly at 18:59:03 on 2014-11-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.3929 [GMT -6:00]
.
AV: Norton 360 Premier Edition *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Norton 360 Premier Edition *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\World of Warcraft\Wowhead_Client.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
C:\Users\Folly\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DKP Profiler Uploader\DKPProfilerUploader.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\DiskDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Users\Folly\Desktop\FRST64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.6.0.32\CoIEPlg.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Wowhead_Client] "C:\Program Files (x86)\World of Warcraft\Wowhead_Client.exe"
uRun: [Google Update] "C:\Users\Folly\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIJHE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3540 Series"
uRun: [f.lux] "C:\Users\Folly\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [DKPProfilerUploader] "C:\Program Files (x86)\DKP Profiler Uploader\DKPProfilerUploader.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
dRun: [Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton One\Engine\3.2.0.19\ccSvcHst.exe /m
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://edge.enbridgeus.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{78426D98-CC7C-44BC-B310-6D2CD868428A} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll
x64-Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
x64-Run: [Plantronics MyHeadset Updater] C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Folly\AppData\Roaming\Mozilla\Firefox\Profiles\cnmdlwpu.default-1405948830977\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Folly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Folly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ccSet_MCLIENT;Norton One Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-20 168096]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R1 NEOFLTR_7112_21827;Juniper Networks TDI Filter Driver (NEOFLTR_7112_21827);C:\Windows\System32\drivers\NEOFLTR_7112_21827.SYS [2012-10-14 99192]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [2014-11-9 886592]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [2014-11-9 648000]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-1-16 135824]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-19 1148744]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-11-9 344896]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-19 171176]
R2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.2.12\ccsvchst.exe [2013-8-20 143928]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-9-21 132504]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-17 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-17 19439944]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2014-3-27 581568]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-7-19 126392]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2014-1-9 1025920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-7 411968]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-4-7 290008]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 15920]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-11-9 23048]
R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2014-7-17 34840]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-17 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-19 38048]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-7-19 244224]
R4 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-11-9 34848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-9 2151744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-4-11 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-4-11 477960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-3 37344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 silabenm;LifeScan USB Device Driver vSL2.0 Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010-8-3 27336]
S3 silabser;LifeScan USB Device Driver vSL2.0 Driver;C:\Windows\System32\drivers\silabser.sys [2010-8-3 67584]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-11-9 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-09 21:51:59 -------- d-----w- C:\FRST
2014-11-09 20:54:05 -------- d-----w- C:\Users\Folly\AppData\Roaming\ProductData
2014-11-09 20:53:03 -------- d-----w- C:\ProgramData\ProductData
2014-11-09 20:53:01 -------- d-----w- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-11-09 20:53:01 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-11-09 20:51:20 -------- d-----w- C:\ProgramData\IObit
2014-11-09 20:51:14 -------- d-----w- C:\Users\Folly\AppData\Roaming\IObit
2014-11-09 20:51:13 -------- d-----w- C:\Program Files (x86)\IObit
2014-11-09 20:46:36 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACB474D3-BF67-4199-A2A8-F7CF2C502370}\offreg.dll
2014-11-09 14:39:11 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-09 14:37:27 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-09 14:37:15 876248 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-11-09 14:37:15 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-11-09 14:37:15 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymDS64.sys
2014-11-09 14:37:15 37592 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-11-09 14:37:15 266968 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\Ironx64.sys
2014-11-09 14:37:15 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys
2014-11-09 14:37:15 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\SymEFA64.sys
2014-11-09 14:37:14 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccSetx64.sys
2014-11-09 04:03:44 -------- d-----w- C:\Users\Folly\AppData\Roaming\Iomatic
2014-11-09 04:03:27 -------- d-----w- C:\ProgramData\Iomatic
2014-11-09 04:03:24 -------- d-----w- C:\Program Files (x86)\System Medic 2008
2014-11-09 02:45:50 -------- d-----w- C:\ProgramData\RuqvIjuhm
2014-11-09 02:45:50 -------- d-----w- C:\ProgramData\DeguXekt
2014-11-09 02:43:28 -------- d-----w- C:\Users\Folly\AppData\Roaming\FrameworkUpdate7
2014-11-09 02:42:44 -------- d-----w- C:\ProgramData\VizipAmeyo
2014-11-09 02:42:38 -------- d-----w- C:\ProgramData\DohnAtkex
2014-11-08 02:07:24 614728 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-11-08 02:07:02 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-08 01:54:56 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACB474D3-BF67-4199-A2A8-F7CF2C502370}\mpengine.dll
2014-11-01 04:27:41 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-01 04:27:38 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-01 00:34:58 -------- d-----w- C:\Windows\pss
2014-10-22 22:22:50 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-22 22:22:50 -------- d-----w- C:\Program Files\iTunes
2014-10-22 22:22:50 -------- d-----w- C:\Program Files\iPod
2014-10-22 22:22:50 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-22 02:02:44 -------- d-----w- C:\Users\Folly\AppData\Local\FluxSoftware
2014-10-22 00:02:05 -------- d-----w- C:\Users\Folly\AppData\Roaming\Mumble
2014-10-21 22:54:33 -------- d-----w- C:\Program Files (x86)\Mumble
2014-10-16 13:12:40 -------- d-----w- C:\Users\Folly\AppData\Roaming\NVIDIA
2014-10-15 09:06:07 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
.
==================== Find3M  ====================
.
2014-11-01 01:40:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 02:10:36 6880968 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-30 02:10:36 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-30 02:10:34 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-30 02:10:34 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-30 02:10:33 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-27 00:34:52 4066553 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-27 16:16:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-27 16:16:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-18 23:14:51 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-17 02:13:36 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-09-13 23:48:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434411.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-25 22:29:28 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 18:59:37.20 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 AM

Posted 11 November 2014 - 12:08 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 AM

Posted 14 November 2014 - 02:14 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 AM

Posted 16 November 2014 - 09:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users