Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 Com Surrogate virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 gypsy56

gypsy56

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 17 November 2014 - 05:37 PM

Multiple dllhost.exe *32 Com Surrogate processes eat up all memory and slows the system to a crawl.      Avast Web Shield repeatedly reports blocked websites originating from the windows\SysWOW64\*.exe directory.   Malwarebytes and Avast BootScan detect no problems. 

 

DDS and Attach are attached.

 

Thanks for any help.

 

gypsy56

Attached Files



BC AdBot (Login to Remove)

 


#2 gypsy56

gypsy56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 17 November 2014 - 07:04 PM

sorry I did not include the DDS output:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by esti at 17:21:22 on 2014-11-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3890.2298 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\wextract.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F70C358-B6F8-444B-B115-3F692BE22758} : DHCPNameServer = 192.32.104.13
TCP: Interfaces\{ADF65D90-3DD3-49FC-9996-DA2275925C74} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ADF65D90-3DD3-49FC-9996-DA2275925C74}\1437F44756C6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ADF65D90-3DD3-49FC-9996-DA2275925C74}\2456E62E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{ADF65D90-3DD3-49FC-9996-DA2275925C74}\358656271647F6E645279626563616 : DHCPNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{ADF65D90-3DD3-49FC-9996-DA2275925C74}\5637479627F64786 : DHCPNameServer = 208.59.247.45 208.59.247.46 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe -r
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-10 267632]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-30 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-4 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-1-4 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-4 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-10 116728]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-15 50344]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-5-30 355920]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-5-30 871296]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-30 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-30 162648]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-5-7 255376]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-30 362840]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-15 271752]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2012-5-7 57344]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-15 4012248]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-7 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-30 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-30 788760]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-5-30 292968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-30 685160]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-15 129752]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-17 21:30:18 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82CC62D1-927E-4727-98A5-DEE580B7A475}\mpengine.dll
2014-11-17 12:50:21 -------- d-----w- C:\Users\esti\AppData\Local\{8D6920DD-4AD9-4ECA-8698-D95EB84A8178}
2014-11-16 16:18:21 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-16 15:30:47 -------- d-----w- C:\Users\esti\AppData\Local\{5B97A8FE-DA16-47D9-80F8-DFAD9824AD4D}
2014-11-16 02:08:21 -------- d-----w- C:\Users\esti\AppData\Local\{3555E4A7-790A-445A-88DC-6BCA5873974D}
2014-11-15 17:10:02 -------- d-----w- C:\Windows\SysWow64\vbox
2014-11-15 17:10:02 -------- d-----w- C:\Windows\System32\vbox
2014-11-15 16:29:31 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-15 15:45:15 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-15 15:43:56 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-15 15:43:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-15 15:43:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-15 13:48:19 -------- d-----w- C:\Users\esti\AppData\Local\{F1F1620F-1EE2-4544-9CE5-8FD543A2433A}
2014-11-15 00:25:33 -------- d-----w- C:\Users\esti\AppData\Local\{F477C0F2-27C4-4DA6-964D-22A5304B5D4F}
2014-11-14 12:25:15 -------- d-----w- C:\Users\esti\AppData\Local\{A91782C1-B651-4DC6-9299-57FD43DC3AFC}
2014-11-13 15:29:36 -------- d-----w- C:\Users\esti\AppData\Local\{C8AB165A-C9DF-4406-8352-F287128CB6B6}
2014-11-13 03:15:33 -------- d-----w- C:\Users\esti\AppData\Local\{D67B5982-EF32-4E6F-AC21-8C69B88D5398}
2014-11-13 02:10:55 -------- d-----w- C:\Users\esti\AppData\Local\{183159D1-7D8A-400D-8B93-3E09B1B7C65C}
2014-11-13 02:08:16 -------- d-----w- C:\Users\esti\AppData\Local\{5440D170-6252-4A23-B176-5F2271B0A28A}
2014-11-12 14:50:29 -------- d-sh--w- C:\Users\esti\AppData\Local\EmieBrowserModeList
2014-11-12 14:01:10 -------- d-----w- C:\Users\esti\AppData\Local\{5A8DFB2F-3728-4E69-8D92-5451591B9021}
2014-11-12 00:01:52 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 00:01:48 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-11 23:58:40 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-11 23:58:39 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-11 23:58:35 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-11 23:58:21 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-11 23:58:20 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-11 23:58:18 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-11 23:58:18 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-11 23:58:17 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-11 23:58:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-11 23:58:14 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-11 23:58:12 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-11 23:58:12 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-11 23:55:58 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-11-11 23:55:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-11-11 23:55:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 23:55:54 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-11-11 23:55:27 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-11-11 23:55:25 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-11-11 23:55:23 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-11-11 23:55:19 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-11-11 23:55:13 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 23:55:12 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 23:55:08 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-11-11 23:55:00 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-11-11 23:54:58 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-11-11 23:54:50 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-11 23:54:49 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-11-11 23:54:44 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-11-11 23:54:36 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-11-11 23:54:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-11-11 23:50:11 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 23:50:11 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-11 23:50:09 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-11-11 23:50:08 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-11-11 23:50:08 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-11-11 23:50:07 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-11-11 23:50:05 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-11 23:50:03 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-11-11 23:49:52 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 23:49:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-11 23:49:06 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-11 23:49:05 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-11 23:49:00 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-11 23:03:12 -------- d-----w- C:\Users\esti\AppData\Local\{923CBD5B-ADCB-41CA-8E3F-9637A5985519}
2014-11-11 19:37:49 -------- d-----w- C:\Users\esti\AppData\Local\{39D063BA-2A27-4D6B-91FC-17AFAABBAB70}
2014-11-11 16:01:02 -------- d-----w- C:\FRST
2014-11-11 00:51:42 -------- d-----w- C:\Users\esti\AppData\Local\{5E4C06C8-5D27-4B85-93FB-DB91F22EC5B0}
2014-11-10 12:24:06 -------- d-----w- C:\Users\esti\AppData\Local\{82A5D49D-9801-440A-B6DA-BA4659C7A669}
2014-11-10 03:00:46 -------- d-----w- C:\Users\esti\AppData\Local\{A20DFDB1-5B1E-4268-85D0-FC6CB0D9F93B}
2014-11-10 02:55:23 -------- d-----w- C:\Users\esti\AppData\Local\{2BB66922-3C2C-49EB-B217-7D9BE1DEE9A2}
2014-11-10 02:27:24 -------- d-----w- C:\Users\esti\AppData\Local\{115AE17E-1F6E-4CCC-84A9-CA1B09FD94F6}
2014-11-09 13:46:10 -------- d-----w- C:\Users\esti\AppData\Local\{9C1DD9C1-E316-4912-8A5D-413590539F6D}
2014-11-08 15:57:53 -------- d-----w- C:\Users\esti\AppData\Local\{19D6F282-C038-4BB0-AB45-4AFA7785CA91}
2014-11-08 14:04:36 -------- d-----w- C:\Users\esti\AppData\Local\{A956820D-F918-4F63-921E-867094CE7DBB}
2014-11-08 02:00:40 -------- d-----w- C:\Users\esti\AppData\Local\{1B2A3E6A-0CCC-4536-9F4E-043E40A5C5B9}
2014-11-07 11:47:05 -------- d-----w- C:\Users\esti\AppData\Local\{A29991EF-2014-449B-9CE5-7420E047E829}
2014-11-06 20:50:41 -------- d-----w- C:\Users\esti\AppData\Local\{FB3965EA-C691-44A6-A193-02DB97E0C659}
2014-11-06 16:44:34 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-06 16:44:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 13:59:46 -------- d-----w- C:\Users\esti\AppData\Local\{0AD379CC-C9A3-4CE4-ADF6-762FFD80565F}
2014-11-06 01:25:29 -------- d-----w- C:\Users\esti\AppData\Local\{F4142032-F668-4A3C-B682-3BBC518F0051}
2014-11-05 12:17:43 -------- d-----w- C:\Users\esti\AppData\Local\{FC6EDCDD-8A03-46CF-8D20-563F8B6BFC66}
2014-11-04 17:29:00 -------- d-----w- C:\Users\esti\AppData\Local\{D027ED17-A958-4D30-A5D6-17B8142164C9}
2014-11-04 03:13:32 -------- d-----w- C:\Users\esti\AppData\Local\{66E59521-2A74-4774-9AAD-0F08E78C82A0}
2014-11-03 13:41:12 -------- d-----w- C:\Users\esti\AppData\Local\{5A986155-1339-48FF-8993-1996F44FCB64}
2014-11-03 01:14:09 -------- d-----w- C:\Users\esti\AppData\Local\{424D4E7F-5EE2-4F0B-9CBD-E99FB9D6E20D}
2014-11-02 13:13:40 -------- d-----w- C:\Users\esti\AppData\Local\{9B57F00D-2D88-4695-B244-60A13D30A855}
2014-11-02 01:00:39 -------- d-----w- C:\Users\esti\AppData\Local\{4291A5A6-F81F-40B7-858D-9DDDFEB243F3}
2014-11-01 13:00:25 -------- d-----w- C:\Users\esti\AppData\Local\{97D71CF0-6C71-432A-AA6F-1CE1AADA5758}
2014-11-01 00:33:26 -------- d-----w- C:\Users\esti\AppData\Local\{3ECBB0BF-B9F9-445E-8917-1601C7DC16C4}
2014-10-31 11:10:59 -------- d-----w- C:\Users\esti\AppData\Local\{C9CD639E-380C-4EC6-90B7-198D58ACAA98}
2014-10-30 22:47:28 -------- d-----w- C:\Users\esti\AppData\Local\{F87CC727-4918-424E-9ED7-ADCC22815342}
2014-10-30 10:47:02 -------- d-----w- C:\Users\esti\AppData\Local\{8888AE49-E42A-4D33-BE37-B09535A4513D}
2014-10-29 18:03:35 -------- d-----w- C:\Users\esti\AppData\Local\{6A24C002-BFE7-4AA9-97BE-812B6A4E88DC}
2014-10-29 03:45:54 -------- d-----w- C:\Users\esti\AppData\Local\{E9610E7F-501B-44BC-8E3A-D9FA31306380}
2014-10-28 12:28:45 -------- d-----w- C:\Users\esti\AppData\Local\{3473827A-E2CC-4A01-98C0-0119C81AC79A}
2014-10-27 20:48:40 -------- d-----w- C:\Users\esti\AppData\Local\{F20F3FE8-6268-4432-AD9A-8464C6320848}
2014-10-27 04:09:42 -------- d-----w- C:\Users\esti\AppData\Local\{BD185DF9-C42E-4520-9EC3-23EE7F1B64D7}
2014-10-26 13:54:49 -------- d-----w- C:\Users\esti\AppData\Local\{09002461-410D-49A1-A5A0-3153699234DF}
2014-10-26 13:41:53 -------- d-----w- C:\Users\esti\AppData\Local\{77927CB9-97B9-4392-BCAF-0D44FACE7C97}
2014-10-25 18:52:56 -------- d-----w- C:\Users\esti\AppData\Local\clear.fi
2014-10-25 18:52:48 -------- d-----w- C:\Users\esti\AppData\Local\Acer
2014-10-25 12:57:55 -------- d-----w- C:\Users\esti\AppData\Local\{A87BB956-863E-4060-9D5D-95FAB634E03C}
2014-10-25 00:30:18 -------- d-----w- C:\Users\esti\AppData\Local\{B440DEA8-1AAE-426B-8871-36C87401AD29}
2014-10-24 12:01:36 -------- d-----w- C:\Users\esti\AppData\Local\{2C29A573-9E9D-4B65-A750-2A2FC15417E0}
2014-10-23 22:39:03 -------- d-----w- C:\Users\esti\AppData\Local\{A27F94FC-52CA-43CB-9C0C-8174841D1F1F}
2014-10-23 10:38:29 -------- d-----w- C:\Users\esti\AppData\Local\{27B03230-2151-41D8-B6B0-E860F3CFF53B}
2014-10-22 14:29:50 -------- d-----w- C:\Users\esti\AppData\Local\{30E326B2-94E9-45CE-B349-6065B8E57AF0}
2014-10-22 01:26:51 -------- d-----w- C:\Users\esti\AppData\Local\{0A51E8E2-F9BD-4EBE-AA85-323CB3565059}
2014-10-21 13:12:19 -------- d-----w- C:\Users\esti\AppData\Local\{AC4C3920-7852-4652-8054-0AD67B1A187B}
2014-10-21 00:06:53 -------- d-----w- C:\Users\esti\AppData\Local\{61F36CEC-744F-411F-A2F1-70E5FE706D90}
2014-10-20 12:06:26 -------- d-----w- C:\Users\esti\AppData\Local\{AA24789A-ACEE-4CCF-B4B0-68A0F0C94DF6}
2014-10-19 15:26:16 -------- d-----w- C:\Users\esti\AppData\Local\{1831564A-8F8C-4C4C-8D49-7B93A0D37288}
2014-10-19 01:44:00 -------- d-----w- C:\Users\esti\AppData\Local\{178A2902-1BD7-4EC5-B10C-753C1C985568}
2014-10-19 01:12:51 -------- d-----w- C:\Users\esti\AppData\Local\{3A1D6570-3917-47A5-8818-931C3A2931F3}
2014-10-19 00:36:15 -------- d-----w- C:\Users\esti\AppData\Local\{88DD1569-1DA5-4FC8-AFD9-A171654720D9}
.
==================== Find3M  ====================
.
2014-11-15 16:29:35 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-15 16:29:35 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-15 16:29:35 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-15 16:29:35 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-15 16:29:35 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-15 16:29:35 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-15 16:29:08 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-11 23:01:00 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 23:01:00 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-16 14:02:20 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 17:23:21.47 ===============
 


#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 18 November 2014 - 12:01 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 3

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 gypsy56

gypsy56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 18 November 2014 - 12:47 PM

the logs from FRST and Poweliks cleaner are attached.   When I try to run Zoek.exe I get the message: "is not a valid Win32 application".   

 

gypsy56

Attached Files



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 18 November 2014 - 01:00 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.png Multiple Anti-Virus-Software Warning

It is inadvisable to have more than one Anti-Virus installed on your computer at the same time. Doing so may:
  • Cause conflicts, negatively impacting the effectiveness of each Anti-Virus installed.
  • Trigger false-positives.
  • Trigger false-negatives, where neither programme detects malware.
  • Cause system instability/performance issues. Your system may lock up or slow down due to both software attempting to access the same file at the same time.
Step 1
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Microsoft Security Essentials , right-click the entry and click Uninstall.
Step 2

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   575bytes   5 downloads

Let's do a final check up:

Step 3


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 4

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 5
frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 gypsy56

gypsy56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 18 November 2014 - 04:17 PM

Hi,  deleted MS security essentials.  attached are the logs from FRST (fixlog), Hitman Pro, Eset scanner and FRST.       The system seems to be running fine,   low CPU utilization and no blocked website popups.      Thanks for all the help.

 

gypsy56

Attached Files



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 18 November 2014 - 05:01 PM

Please post the complete ESET-log as instructed above...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 gypsy56

gypsy56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 19 November 2014 - 11:40 AM

Here is the ESET log.  

 

gypsy56

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=afc080918ed6614a80709b67043b8215
# engine=21164
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-19 04:31:15
# local_time=2014-11-19 11:31:15 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 0 179917165 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 167958125 0 0
# scanned=166666
# found=2
# cleaned=0
# scan_time=6419
sh=25A32D2F7E69ED2602BA729F78869765BABAE419 ft=1 fh=6bc18847e6c68524 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\esti\Downloads\ccsetup401.exe"


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 19 November 2014 - 02:44 PM

:thumbup2: Well done!


Looking good, ESET hasn't found any active malware. :)

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Reader X
Java 7 Update 71

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 22 November 2014 - 03:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users