Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe*32


  • This topic is locked This topic is locked
3 replies to this topic

#1 megabt7

megabt7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 13 November 2014 - 06:53 PM

My computer has been running extremely slow.  We crashed it and everything seemed normal for a day or 2 and than it all started happening again.  I looked in the task master and saw multiple dllhost.exe*32 running and using quite a bit of computer usage.  Also since this has happened I have had constant attacks (Trojans) coming through from my Norton.  I ran a malware removal that Microsoft offered and it found nothing.  When I disconnect from the internet all but 1 of these eventually disappear.  Hoping you guys can help me resolve this.  I am attaching the requested dds file.  Please let me know what additional info you need.  Thank you so much and look forward to working with your team to resolve this.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Chris at 18:42:57 on 2014-11-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8107.5735 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\runservice.exe
c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Chris\AppData\Local\Apps\2.0\4VMOAD1Q.J0N\NYRGVB54.VX5\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\WINDOWS\OEM05Mon.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
mRun: [Alienware Survey] c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe /boot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C738710F-5F9A-4584-A2C5-090E071D950F} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EE2248AE-2617-487A-A13D-23AF69B597B8} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-3-21 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-3-21 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-3-21 20464]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-11-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-11-3 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [2014-11-10 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-11-3 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141113.001\IDSviA64.sys [2014-11-13 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-11-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-11-3 593112]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-3-21 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2013-4-19 15888]
R2 AlienFXWindowsService;AlienFXWindowsService;C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [2013-4-19 14352]
R2 DellDigitalDelivery;Alienware Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-4-10 202248]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-3 1148744]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-3-21 167736]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\Runservice.exe [2014-11-3 2560]
R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [2012-11-20 83512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-11-3 265040]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-3 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-11-3 19439944]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-3-21 202824]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2014-3-21 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-3 410952]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-3-21 81536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-11-3 142640]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-21 452088]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-3-21 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-3-21 786416]
R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\MSI\ODD Monitor\NTIOLib_X64.sys [2012-11-20 14136]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-3 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-3 38048]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\System32\drivers\OEM05Afx.sys [2007-6-8 212864]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\System32\drivers\OEM05Vfx.sys [2007-3-5 12288]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\System32\drivers\OEM05Vid.sys [2007-7-20 266720]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\System32\drivers\livecamv.sys [2014-11-7 49664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-21 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ioloEnergyBooster;ioloEnergyBooster;C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [2012-11-1 6145872]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2014-3-21 451872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-6 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-6 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-3 1255736]
.
=============== Created Last 30 ================
.
2014-11-12 17:07:34 -------- d-sh--w- C:\Users\Chris\AppData\Local\EmieBrowserModeList
2014-11-12 04:47:22 -------- d-----w- C:\Users\Chris\AppData\Local\NPE
2014-11-12 04:23:52 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-07 23:19:33 75 --sh--r- C:\Windows\CT4CET.bin
2014-11-07 23:19:19 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion
2014-11-07 23:17:32 5627904 ----a-w- C:\Windows\SysWow64\LiveCamVirtual.ocx
2014-11-07 23:17:32 49664 ----a-w- C:\Windows\System32\drivers\livecamv.sys
2014-11-07 23:17:31 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2014-11-07 23:14:45 499712 ------w- C:\Windows\SysWow64\msvcp71.dll
2014-11-07 23:14:45 1060864 ------w- C:\Windows\SysWow64\MFC71.DLL
2014-11-07 23:14:40 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam
2014-11-07 23:13:34 -------- d-----w- C:\Program Files (x86)\Dell
2014-11-07 23:13:16 -------- d-----w- C:\Program Files (x86)\Creative
2014-11-07 23:12:54 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-11-07 23:12:54 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-11-07 23:12:54 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-11-07 23:12:53 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-11-07 23:12:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-11-07 23:12:50 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-11-07 23:12:50 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-11-07 03:20:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-11-07 03:20:41 244024 ----a-w- C:\Windows\SysWow64\MsFlxGrd.ocx
2014-11-06 17:30:22 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-11-06 17:30:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-11-06 17:30:20 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-11-06 17:30:20 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-06 17:24:50 -------- d-----w- C:\Users\Chris\AppData\Local\CrashDumps
2014-11-06 04:59:38 -------- d-----w- C:\Windows\System32\MRT
2014-11-06 00:14:16 0 ----a-w- C:\Users\Chris\AppData\Roaming\xqdpvu.dll
2014-11-06 00:14:13 41472 ----a-w- C:\Users\Chris\AppData\Roaming\yiqtpv.dll
2014-11-04 04:07:11 126976 ----a-w- C:\Windows\lcmmfu.cpl
2014-11-04 04:07:10 1473 --sha-w- C:\Windows\SysWow64\mmf.sys
2014-11-04 04:07:09 48640 ----a-w- C:\Windows\mmfs.dll
2014-11-04 04:07:09 2560 ----a-w- C:\Windows\Runservice.exe
2014-11-04 04:07:00 126976 ----a-w- C:\Windows\SysWow64\ovsBooleanControls.ocx
2014-11-04 04:06:39 -------- d-----w- C:\Program Files (x86)\GDS
2014-11-04 00:05:35 -------- d-sh--w- C:\Users\Chris\AppData\Local\EmieUserList
2014-11-04 00:05:35 -------- d-sh--w- C:\Users\Chris\AppData\Local\EmieSiteList
2014-11-03 23:21:43 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-11-03 23:21:43 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-11-03 23:21:43 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-11-03 23:21:43 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-11-03 23:17:31 -------- d-----w- C:\Users\Chris\AppData\Local\Software Statistics Service
2014-11-03 23:06:59 -------- d-s---w- C:\Windows\System32\CompatTel
2014-11-03 23:06:59 -------- d-----w- C:\Windows\SysWow64\Wat
2014-11-03 23:06:59 -------- d-----w- C:\Windows\System32\Wat
2014-11-03 22:55:43 -------- d-----w- C:\Windows\Migration
2014-11-03 22:29:37 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-11-03 22:29:37 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-11-03 22:29:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-11-03 22:29:36 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-11-03 22:29:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-11-03 22:29:36 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-11-03 22:29:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-11-03 22:25:25 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-03 22:25:25 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-03 22:20:57 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-03 22:20:57 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-03 22:20:57 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-03 22:20:57 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-03 22:20:57 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-03 22:20:57 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-03 22:20:52 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-03 22:20:52 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-03 18:28:57 -------- d-----w- C:\Users\Chris\AppData\Local\NVIDIA Corporation
2014-11-03 18:28:57 -------- d-----w- C:\Users\Chris\AppData\Local\NVIDIA
2014-11-03 18:28:55 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-11-03 18:28:55 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-11-03 18:28:55 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-11-03 18:28:55 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-11-03 18:28:24 614544 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-11-03 18:26:26 -------- d-----w- C:\NVIDIA
2014-11-03 18:15:12 -------- d-----w- C:\Users\Chris\AppData\Roaming\Curse Advertising
2014-11-03 18:14:39 -------- d-----w- C:\Users\Chris\AppData\Local\Apps
2014-11-03 18:14:38 -------- d-----w- C:\Users\Chris\AppData\Local\Deployment
2014-11-03 18:12:20 -------- d-----w- C:\Program Files (x86)\Ventrilo
2014-11-03 18:11:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-11-03 12:42:52 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-11-03 12:41:36 -------- d-----w- C:\Users\Chris\AppData\Roaming\NVIDIA
2014-11-03 12:41:34 -------- d-----w- C:\Users\Chris\AppData\Local\Blizzard Entertainment
2014-11-03 12:41:27 -------- d-----w- C:\Users\Chris\AppData\Roaming\Battle.net
2014-11-03 12:41:27 -------- d-----w- C:\Users\Chris\AppData\Local\Battle.net
2014-11-03 12:41:16 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-11-03 12:41:16 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-11-03 12:41:16 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-11-03 12:40:06 -------- d-----w- C:\ProgramData\Battle.net
2014-11-03 11:19:14 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-03 08:16:16 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-11-03 08:16:16 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-11-03 08:14:52 692736 ----a-w- C:\Windows\System32\osk.exe
2014-11-03 08:13:52 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-11-03 08:12:53 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-11-03 08:12:53 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-11-03 08:12:51 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-03 08:12:06 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-11-03 08:12:06 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-11-03 08:12:06 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-11-03 08:12:06 112064 ----a-w- C:\Windows\System32\consent.exe
2014-11-03 08:12:05 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-11-03 08:12:04 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-11-03 08:12:04 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-11-03 08:12:04 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-11-03 08:12:04 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-11-03 08:12:04 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-11-03 08:10:54 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-11-03 08:10:54 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-11-03 08:10:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-03 08:10:51 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-03 08:10:50 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-11-03 08:10:50 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-11-03 05:53:53 -------- d-----w- C:\Windows\SMINST
2014-11-03 05:17:08 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-11-03 05:17:08 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-11-03 05:17:08 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-11-03 05:17:08 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-11-03 05:17:08 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-11-03 05:17:08 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-11-03 05:17:08 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-11-03 05:17:08 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-11-03 05:17:04 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-11-03 05:04:53 -------- d-----w- C:\Users\Chris\AppData\Roaming\PCDr
2014-11-03 04:44:11 -------- d-----w- C:\Users\Chris\AppData\Local\Microsoft Games
2014-11-03 04:38:50 -------- d-----w- C:\Program Files (x86)\Gazillion Entertainment
2014-11-03 04:38:25 -------- d-----w- C:\Users\Chris\AppData\Local\Programs
2014-11-03 04:17:29 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2014-11-03 04:15:30 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-03 04:15:29 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-11-03 04:15:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\Dell
2014-11-03 04:14:57 -------- d-----w- C:\Windows\System32\drivers\N360x64
2014-11-03 04:14:56 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2014-11-03 04:14:38 -------- d-----w- C:\ProgramData\NortonInstaller
2014-11-03 04:14:38 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-11-03 04:13:41 -------- d-----w- C:\ProgramData\Norton
2014-11-03 04:10:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\Intel Corporation
2014-11-03 04:08:47 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-03 04:08:46 -------- d-----w- C:\Users\Chris\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-16 14:11:40 6883136 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-16 14:11:40 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-16 14:11:36 933064 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-16 14:11:36 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-16 14:11:36 384200 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-16 14:11:36 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-15 00:48:02 4047877 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 18:43:18.90 ===============
 

Edited by megabt7, 13 November 2014 - 09:34 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 18 November 2014 - 11:58 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 3

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 22 November 2014 - 03:06 AM

Hi,

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:39 PM

Posted 23 November 2014 - 01:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users