Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with: dllhost.exe COM Surrogate


  • This topic is locked This topic is locked
17 replies to this topic

#1 ForfA

ForfA

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 31 December 2014 - 10:33 AM

Got this issue the day I am posting the topic. Started up my PC and everything seemed normal, but I could hear my computer running loudly so I checked my programs and processes running and there was nothing abnormal. I quickly decided to check the Performance/Resourcemonitoring section. There I noticed the dllhost.exe COM Surrogate files running, and everytime i restart my computer another one pops up. I can stop them adding for a temporary "fix" but they will come back again after restart. Other than that I personally haven't noticed any other malware. 

Note: dllhost.exe COM Surrogate only appears in resourcemonitoring. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by Forfa at 16:19:24 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.47.1044.18.8159.4727 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EslWire\service\WireHelperSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIJFE.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\EslWire\wire.exe
C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Forfa\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Teamspeak\ts3client_win32.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.allsearches.info/?pid=20320&r=2014/10/19&hid=14470718816490236633&lg=EN&cc=NO&unqvl=64
uSearch Bar = hxxp://terra.im/
uSearch Page = hxxp://terra.im/
mStart Page = hxxp://websearch.allsearches.info/?pid=20320&r=2014/10/19&hid=14470718816490236633&lg=EN&cc=NO&unqvl=64
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Påloggingshjelp for Microsoft-konto: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIJFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-750 Series"
uRun: [SetMyHomePage] C:\Users\Forfa\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
uRun: [SteelSeries Engine] C:\Users\Forfa\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Forfa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.38.1
TCP: Interfaces\{1FEBF023-171F-41E6-9D64-7B4D4D7F1227} : DHCPNameServer = 192.168.38.1
TCP: Interfaces\{42984388-026B-48B1-A556-EE45BA7734B8} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 ESLWireAC;ESLWireAC;C:\Windows\System32\drivers\ESLWireACD.sys [2014-11-2 118896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 EslWireHelper;ESL Wire Helper Service;C:\Program Files\EslWire\service\WireHelperSvc.exe [2014-11-1 663056]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-10-31 183488]
R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2014-6-9 4250624]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-26 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-26 129600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-10 410768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-10-8 146944]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\Windows\System32\drivers\hidkmdf.sys [2014-10-30 8704]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-9-5 39592]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-5 160424]
R3 sshid;SteelSeries HID Service;C:\Windows\System32\drivers\sshid.sys [2014-10-30 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-8-5 448384]
S3 celavimushost;Celavimus Client Host;D:\CSGO Client Beta\CelavimusClientHelper.exe [2014-9-27 123096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-10 38048]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-8 19456]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2014-10-8 39168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;C:\Windows\System32\drivers\xspltspk.sys [2014-7-2 26200]
.
=============== Created Last 30 ================
.
2014-12-31 15:06:57 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-12-31 12:13:43 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{130F5724-597B-42DB-A48F-351F86529E24}\mpengine.dll
2014-12-31 11:53:59 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-30 21:33:21 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-12-30 18:10:42 -------- d-----w- C:\Users\Forfa\AppData\Local\IsolatedStorage
2014-12-29 12:02:10 -------- d-----w- C:\Users\Forfa\AppData\Local\SteelSeries Engine 3 Client
2014-12-28 17:17:59 -------- d-----w- C:\Users\Forfa\AppData\Local\SIX Networks
2014-12-28 17:17:17 -------- d-----w- C:\Users\Forfa\AppData\Local\City_Life_RPG
2014-12-25 13:25:50 -------- d-----w- C:\Users\Forfa\AppData\Local\osu!
2014-12-25 12:37:19 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-12-25 12:36:41 -------- d-----w- C:\ProgramData\SplitMediaLabs
2014-12-25 12:35:58 -------- d-----w- C:\Users\Forfa\AppData\Roaming\SplitmediaLabs
2014-12-19 10:03:40 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B4227C6-5D11-40C3-85E3-8A17D8CB8045}\gapaengine.dll
2014-12-18 16:49:57 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 16:49:57 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 19:38:33 -------- d-----w- C:\Users\Forfa\AppData\Local\DayZ
2014-12-11 16:17:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-12-11 16:17:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-12-11 16:17:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-12-11 16:17:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-12-11 16:17:05 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-12-11 16:06:00 -------- d-----w- C:\Users\Forfa\AppData\Roaming\omerta
2014-12-11 15:42:06 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 20:58:14 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 20:58:14 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 15:21:59 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
.
==================== Find3M  ====================
.
2014-12-09 17:36:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 17:36:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-23 14:22:08 118896 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-07 02:23:36 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2014-10-31 22:27:07 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2014-10-30 21:47:42 8704 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2014-10-30 21:47:42 38912 ----a-w- C:\Windows\System32\drivers\sshid.sys
2014-10-30 21:47:42 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 20:05:59 129600 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-13 18:27:46 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-10-13 18:27:46 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-13 18:26:41 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-09 09:07:10 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-10-08 15:30:28 39168 ----a-w- C:\Windows\System32\drivers\SAlpham64.sys
2014-10-08 15:30:28 146944 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH: 16:19:34,02 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 05 January 2015 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561609 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 06 January 2015 - 10:22 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by Forfa at 16:16:31 on 2015-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.47.1044.18.8159.4425 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EslWire\service\WireHelperSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIJFE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\EslWire\wire.exe
C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Forfa\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Teamspeak\ts3client_win32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.allsearches.info/?pid=20320&r=2014/10/19&hid=14470718816490236633&lg=EN&cc=NO&unqvl=64
uSearch Bar = hxxp://terra.im/
uSearch Page = hxxp://terra.im/
mStart Page = hxxp://websearch.allsearches.info/?pid=20320&r=2014/10/19&hid=14470718816490236633&lg=EN&cc=NO&unqvl=64
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Påloggingshjelp for Microsoft-konto: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIJFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-750 Series"
uRun: [SetMyHomePage] C:\Users\Forfa\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
uRun: [SteelSeries Engine] C:\Users\Forfa\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Forfa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.38.1
TCP: Interfaces\{1FEBF023-171F-41E6-9D64-7B4D4D7F1227} : DHCPNameServer = 192.168.38.1
TCP: Interfaces\{42984388-026B-48B1-A556-EE45BA7734B8} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 ESLWireAC;ESLWireAC;C:\Windows\System32\drivers\ESLWireACD.sys [2014-11-2 118896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 EslWireHelper;ESL Wire Helper Service;C:\Program Files\EslWire\service\WireHelperSvc.exe [2014-11-1 663056]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-10-31 183488]
R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2014-6-9 4250624]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-26 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-26 129600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-10 410768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-10-8 146944]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\Windows\System32\drivers\hidkmdf.sys [2014-10-30 8704]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-9-5 39592]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-5 160424]
R3 sshid;SteelSeries HID Service;C:\Windows\System32\drivers\sshid.sys [2014-10-30 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-8-5 448384]
S3 celavimushost;Celavimus Client Host;D:\CSGO Client Beta\CelavimusClientHelper.exe [2014-9-27 123096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-10 38048]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-8 19456]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2014-10-8 39168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-8 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;C:\Windows\System32\drivers\xspltspk.sys [2014-7-2 26200]
.
=============== Created Last 30 ================
.
2015-01-05 15:55:06 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{773E0C83-6E4E-4085-969F-164D0AF3BA50}\mpengine.dll
2015-01-04 11:43:53 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE6BED3E-C8E4-42A0-AF6F-1E6332EF8FCD}\gapaengine.dll
2015-01-04 11:43:46 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-03 04:50:42 -------- d-----w- C:\Users\Forfa\AppData\Roaming\.mono
2015-01-03 04:50:42 -------- d-----w- C:\ProgramData\.mono
2014-12-31 15:06:57 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-12-30 21:33:21 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-12-30 18:10:42 -------- d-----w- C:\Users\Forfa\AppData\Local\IsolatedStorage
2014-12-29 12:02:10 -------- d-----w- C:\Users\Forfa\AppData\Local\SteelSeries Engine 3 Client
2014-12-28 17:17:59 -------- d-----w- C:\Users\Forfa\AppData\Local\SIX Networks
2014-12-28 17:17:17 -------- d-----w- C:\Users\Forfa\AppData\Local\City_Life_RPG
2014-12-25 13:25:50 -------- d-----w- C:\Users\Forfa\AppData\Local\osu!
2014-12-25 12:37:19 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-12-25 12:36:41 -------- d-----w- C:\ProgramData\SplitMediaLabs
2014-12-25 12:35:58 -------- d-----w- C:\Users\Forfa\AppData\Roaming\SplitmediaLabs
2014-12-18 16:49:57 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 16:49:57 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 19:38:33 -------- d-----w- C:\Users\Forfa\AppData\Local\DayZ
2014-12-11 16:17:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-12-11 16:17:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-12-11 16:17:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-12-11 16:17:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-12-11 16:17:05 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-12-11 16:06:00 -------- d-----w- C:\Users\Forfa\AppData\Roaming\omerta
2014-12-11 15:42:06 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 20:58:14 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 20:58:14 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 15:21:59 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
.
==================== Find3M  ====================
.
2014-12-09 17:36:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 17:36:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-23 14:22:08 118896 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-07 02:23:36 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2014-10-31 22:27:07 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2014-10-30 21:47:42 8704 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2014-10-30 21:47:42 38912 ----a-w- C:\Windows\System32\drivers\sshid.sys
2014-10-30 21:47:42 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 20:05:59 129600 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-13 18:27:46 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-10-13 18:27:46 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-13 18:26:41 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-09 09:07:10 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-10-08 15:30:28 39168 ----a-w- C:\Windows\System32\drivers\SAlpham64.sys
2014-10-08 15:30:28 146944 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
.
============= FINISH: 16:16:40,02 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 06 January 2015 - 10:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please use a good computer to download these tools.
Post the logs for my review.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 06 January 2015 - 02:45 PM

# AdwCleaner v4.106 - Report created 06/01/2015 at 20:36:40
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Forfa - FORFAPC
# Running from : C:\Users\Forfa\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\GoSave
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Forfa\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Forfa\AppData\Local\torch
Folder Deleted : C:\Users\Forfa\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Gjest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gjest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\Gjest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\Gjest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\Forfa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\Gjest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aknbakoimjffleijpiobjfnbdpfkjiop
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\Forfa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\Gjest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lmeidojgkloijfdmeeiflfanocecilbp
File Deleted : C:\Users\Public\Desktop\EZDownloader.lnk
File Deleted : C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ac4e1da7-d5b4-4c06-8c7e-d17b54d52ec9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{fa30485f-ceb6-4448-95f1-1ba4281b28d8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac4e1da7-d5b4-4c06-8c7e-d17b54d52ec9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fa30485f-ceb6-4448-95f1-1ba4281b28d8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ac4e1da7-d5b4-4c06-8c7e-d17b54d52ec9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{fa30485f-ceb6-4448-95f1-1ba4281b28d8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.allsearches.info
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v38.0.2125.104
 
[C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.allsearches.info/?pid=20320&r=2014/10/19&hid=14470718816490236633&lg=EN&cc=NO&unqvl=64
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [6749 octets] - [06/01/2015 20:35:24]
AdwCleaner[S0].txt - [6086 octets] - [06/01/2015 20:36:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6146 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Forfa (administrator) on FORFAPC on 06-01-2015 20:42:16
Running from C:\Users\Forfa\Downloads
Loaded Profile: Forfa (Available profiles: Forfa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJFE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Turtle Entertainment GmbH) C:\Program Files\EslWire\wire.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Forfa\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJFE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [SetMyHomePage] => C:\Users\Forfa\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [SteelSeries Engine] => C:\Users\Forfa\SteelSeries Engine\SteelSeriesEngine.exe
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [ESL Wire] => C:\Program Files\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\MountPoints2: {43041853-dd0a-11e3-9a88-c86000eb07b4} - K:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
Startup: C:\Users\Forfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
ShortcutTarget: Logitech . Produktregistrering.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://terra.im/
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://terra.im/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1400957292-2622694874-2392619615-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = http://terra.im/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Påloggingshjelp for Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.38.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1400957292-2622694874-2392619615-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs Offline Background Page) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google Search) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (AdBlock) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-20]
CHR Extension: (Google Wallet) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-16] ()
S3 celavimushost; D:\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-23] (altPUG LLC)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-19] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [118896 2014-11-23] (<Turtle Entertainment>)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 ESEADriver2; \??\C:\Users\Forfa\AppData\Local\Temp\ESEADriver2.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 20:42 - 2015-01-06 20:42 - 00013257 _____ () C:\Users\Forfa\Downloads\FRST.txt
2015-01-06 20:41 - 2015-01-06 20:42 - 00000000 ____D () C:\FRST
2015-01-06 20:41 - 2015-01-06 20:41 - 02123776 _____ (Farbar) C:\Users\Forfa\Downloads\FRST64.exe
2015-01-06 20:39 - 2015-01-06 20:39 - 02173952 _____ () C:\Users\Forfa\Downloads\adwcleaner_4.106 (1).exe
2015-01-06 20:35 - 2015-01-06 20:36 - 00000000 ____D () C:\AdwCleaner
2015-01-06 20:33 - 2015-01-06 20:33 - 02173952 _____ () C:\Users\Forfa\Downloads\adwcleaner_4.106.exe
2015-01-04 17:06 - 2015-01-04 17:06 - 01084195 _____ () C:\Users\Forfa\Downloads\14.12.01+Middelalderen+i+Europa+del+1.pptx
2015-01-03 05:50 - 2015-01-03 05:50 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\.mono
2015-01-03 05:50 - 2015-01-03 05:50 - 00000000 ____D () C:\ProgramData\.mono
2014-12-31 19:31 - 2015-01-01 21:51 - 00000600 _____ () C:\Users\Forfa\AppData\Roaming\winscp.rnd
2014-12-31 16:19 - 2015-01-06 16:16 - 00018704 _____ () C:\Users\Forfa\Desktop\dds.txt
2014-12-31 16:19 - 2015-01-06 16:16 - 00006704 _____ () C:\Users\Forfa\Desktop\attach.txt
2014-12-31 16:06 - 2014-12-31 16:06 - 02026456 _____ () C:\Users\Forfa\Downloads\dixmlsetup.exe
2014-12-31 16:06 - 2014-12-31 16:06 - 00001111 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-12-31 16:06 - 2014-12-31 16:06 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-12-31 15:43 - 2014-12-31 15:43 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Forfa\Downloads\cbSetup (1).exe
2014-12-31 15:39 - 2014-12-31 15:39 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Forfa\Downloads\cbSetup.exe
2014-12-31 12:54 - 2014-12-31 12:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_sshid_01011.Wdf
2014-12-30 22:33 - 2014-12-30 22:33 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-12-30 19:10 - 2014-12-30 19:10 - 00000000 ____D () C:\Users\Forfa\AppData\Local\IsolatedStorage
2014-12-30 19:08 - 2014-12-30 19:09 - 20875367 _____ () C:\Users\Forfa\Downloads\A3L-Launcher-v0.6.0-Beta-1.rar
2014-12-29 13:02 - 2015-01-03 03:03 - 00000000 ____D () C:\Users\Forfa\AppData\Local\SteelSeries Engine 3 Client
2014-12-28 18:17 - 2014-12-31 12:52 - 00000000 ____D () C:\Users\Forfa\AppData\Local\City_Life_RPG
2014-12-28 18:17 - 2014-12-28 18:21 - 00000000 ____D () C:\Users\Forfa\AppData\Local\SIX Networks
2014-12-28 18:15 - 2014-12-28 18:15 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Life RPG
2014-12-28 18:13 - 2014-12-28 18:14 - 03915505 _____ () C:\Users\Forfa\Downloads\setup (5).exe
2014-12-26 21:41 - 2014-12-26 21:41 - 00000000 ____D () C:\Users\Forfa\Documents\KillHouseGames
2014-12-25 14:26 - 2014-12-25 14:26 - 00000949 _____ () C:\Users\Forfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2014-12-25 14:26 - 2014-12-25 14:26 - 00000941 _____ () C:\Users\Forfa\Desktop\osu!.lnk
2014-12-25 14:25 - 2014-12-26 18:10 - 00000000 ____D () C:\Users\Forfa\AppData\Local\osu!
2014-12-25 14:25 - 2014-12-25 14:25 - 00000000 ____D () C:\Users\Forfa\Downloads\Localisation
2014-12-25 14:24 - 2014-12-25 14:24 - 03185736 _____ (ppy) C:\Users\Forfa\Downloads\osu!install.exe
2014-12-25 13:37 - 2014-12-31 15:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-12-25 13:35 - 2014-12-25 13:35 - 63333976 _____ (SplitmediaLabs) C:\Users\Forfa\Downloads\XSplit_Gamecaster_2.1.1412.1616.exe
2014-12-25 13:35 - 2014-12-25 13:35 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\SplitmediaLabs
2014-12-23 16:57 - 2014-12-23 16:57 - 24006320 _____ ( ) C:\Users\Forfa\Downloads\CEVO CSGO Client.exe
2014-12-23 16:57 - 2014-12-23 16:57 - 00000608 _____ () C:\Users\Public\Desktop\CEVO Client (CSGO).lnk
2014-12-23 16:57 - 2014-12-23 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEVO Client
2014-12-18 17:49 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 17:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 20:38 - 2014-12-16 22:20 - 00000000 ____D () C:\Users\Forfa\AppData\Local\DayZ
2014-12-16 20:38 - 2014-12-16 20:48 - 00000000 ____D () C:\Users\Forfa\Documents\DayZ
2014-12-11 17:17 - 2014-12-11 17:17 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-11 17:17 - 2014-12-11 17:17 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-12-11 17:17 - 2014-12-11 17:17 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-11 17:17 - 2014-12-11 17:17 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-12-11 17:17 - 2014-12-11 17:17 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-12-11 17:06 - 2014-12-11 17:06 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\omerta
2014-12-11 16:42 - 2014-12-11 16:42 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 21:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 21:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 18:48 - 2014-12-10 19:01 - 143708240 _____ () C:\Users\Forfa\Desktop\ts3_recording_14_12_10_18_48_38.wav
2014-12-10 16:22 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 16:22 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 16:22 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 16:22 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 16:22 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 16:22 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 16:22 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 16:22 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 16:22 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 16:22 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 16:22 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 16:22 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 16:22 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 16:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 16:22 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 16:22 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 16:22 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 16:22 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 16:22 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 16:22 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 16:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 16:22 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 16:22 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 16:22 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 16:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 16:22 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 16:22 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 16:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 16:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 16:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 16:22 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 16:22 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 16:22 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 16:22 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 16:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 16:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 16:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 16:22 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 16:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 16:22 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 16:22 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 16:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 16:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 16:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 16:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 16:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 16:22 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 16:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 16:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 16:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 16:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 16:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 16:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 16:22 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 16:22 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 16:22 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 16:21 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 16:21 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 16:21 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 16:21 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 16:21 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 16:21 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 16:21 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 16:21 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 16:21 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 16:21 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 16:21 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 16:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 16:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 16:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 16:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 16:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 16:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 16:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 16:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 16:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 16:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 16:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 20:41 - 2014-05-07 21:44 - 01825516 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 20:38 - 2014-11-01 22:40 - 00000000 ____D () C:\Users\Forfa\AppData\Local\ESL Wire Game Client
2015-01-06 20:38 - 2014-09-20 19:03 - 00000416 _____ () C:\Windows\Tasks\newSI_2157.job
2015-01-06 20:38 - 2014-05-08 11:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 20:38 - 2014-05-07 21:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 20:38 - 2014-05-07 21:52 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 20:38 - 2010-11-21 04:47 - 00009150 _____ () C:\Windows\PFRO.log
2015-01-06 20:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 20:38 - 2009-07-14 05:51 - 00105280 _____ () C:\Windows\setupact.log
2015-01-06 20:36 - 2014-05-15 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 20:15 - 2014-05-07 21:52 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 19:47 - 2014-05-20 18:24 - 00000000 ____D () C:\Users\Forfa\AppData\Local\Arma 3
2015-01-06 19:40 - 2014-05-08 11:52 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\TS3Client
2015-01-06 16:20 - 2011-04-12 13:57 - 00493822 _____ () C:\Windows\system32\perfh014.dat
2015-01-06 16:20 - 2011-04-12 13:57 - 00094772 _____ () C:\Windows\system32\perfc014.dat
2015-01-06 16:20 - 2009-07-14 06:13 - 01359718 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 16:18 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 16:18 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 13:44 - 2014-05-09 17:40 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\OBS
2015-01-01 21:49 - 2014-05-09 15:10 - 00007615 _____ () C:\Users\Forfa\AppData\Local\Resmon.ResmonCfg
2014-12-31 21:55 - 2014-08-19 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-31 16:03 - 2014-05-29 10:52 - 00000000 ____D () C:\ProgramData\Origin
2014-12-31 16:03 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 12:54 - 2014-05-07 21:44 - 00000000 ____D () C:\Users\Forfa
2014-12-31 12:52 - 2014-08-25 12:57 - 00000000 ____D () C:\Program Files\SteelSeries
2014-12-31 12:52 - 2014-05-20 18:24 - 00000000 ____D () C:\Users\Forfa\Documents\Arma 3
2014-12-31 12:52 - 2014-05-08 12:06 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-12-31 12:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-26 16:30 - 2014-06-19 22:20 - 00000000 ____D () C:\Users\Forfa\Documents\my games
2014-12-25 13:17 - 2014-05-09 17:40 - 00000000 ____D () C:\Program Files\OBS
2014-12-22 14:45 - 2014-11-01 22:40 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-12-22 14:45 - 2014-11-01 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-12-22 14:45 - 2014-11-01 22:40 - 00000000 ____D () C:\Program Files\EslWire
2014-12-20 01:00 - 2014-05-08 11:59 - 00395271 _____ () C:\Windows\DirectX.log
2014-12-18 18:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-17 21:10 - 2014-11-10 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-17 21:10 - 2014-05-07 21:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-17 21:10 - 2014-05-07 21:58 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-17 21:10 - 2014-05-07 21:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-11 16:42 - 2014-05-08 10:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:00 - 2014-05-08 09:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 21:58 - 2014-05-08 09:49 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:36 - 2014-05-15 19:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 18:36 - 2014-05-15 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 18:36 - 2014-05-15 19:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-07 15:06 - 2014-11-07 18:30 - 00000000 ____D () C:\Users\Forfa\AppData\Roaming\Tropico 5
 
Some content of TEMP:
====================
C:\Users\Forfa\AppData\Local\Temp\bB6537750.exe
C:\Users\Forfa\AppData\Local\Temp\dotnetfx45fullsetup.exe
C:\Users\Forfa\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Forfa\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Forfa\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Forfa\AppData\Local\Temp\E00b19.exe
C:\Users\Forfa\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe
C:\Users\Forfa\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe
C:\Users\Forfa\AppData\Local\Temp\nsn3F85.exe
C:\Users\Forfa\AppData\Local\Temp\nsq237E.exe
C:\Users\Forfa\AppData\Local\Temp\nsy4235.exe
C:\Users\Forfa\AppData\Local\Temp\nsy5F78.exe
C:\Users\Forfa\AppData\Local\Temp\nsy6237.exe
C:\Users\Forfa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Forfa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Forfa\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Forfa\AppData\Local\Temp\nvStInst.exe
C:\Users\Forfa\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
C:\Users\Forfa\AppData\Local\Temp\Quarantine.exe
C:\Users\Forfa\AppData\Local\Temp\sqlite3.dll
C:\Users\Forfa\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Forfa\AppData\Local\Temp\x2blapi.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 10:48
 
==================== End Of Log ============================
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 07 January 2015 - 08:36 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [SetMyHomePage] => C:\Users\Forfa\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 ESEADriver2; \??\C:\Users\Forfa\AppData\Local\Temp\ESEADriver2.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 07 January 2015 - 09:24 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Forfa at 2015-01-07 15:19:18 Run:1
Running from K:\
Loaded Profile: Forfa (Available profiles: Forfa)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\...\Run: [SetMyHomePage] => C:\Users\Forfa\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 ESEADriver2; \??\C:\Users\Forfa\AppData\Local\Temp\ESEADriver2.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 PlantronicsGC; system32\drivers\PLTGC.sys [X]
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1400957292-2622694874-2392619615-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SetMyHomePage => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Forfa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
ESEADriver2 => Service deleted successfully.
MSICDSetup => Service deleted successfully.
PlantronicsGC => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:19:18 ====
 
 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Java version 32-bit out of Date!
 Google Chrome 37.0.2062.124 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
 
 
My computer seems to be running more smooth and quiet again, seems like this had a positive effect. But I still see the dllhost.exe COM Surrogate in the resourcemonitoring, regardless I'm not sure if it should still appear or not.

Edited by ForfA, 07 January 2015 - 09:30 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 07 January 2015 - 10:57 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 67

===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 07 January 2015 - 12:04 PM

I currently downloaded updates for Java and tried to get it working. Hopefully this now means that my Java is up to date. Posing an updated Security Check:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Google Chrome 37.0.2062.124 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 07 January 2015 - 01:54 PM

Yes you are up to date. You need that version for the 64 bit operating system.

#11 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 07 January 2015 - 01:56 PM

So everything should be fine then? I didn't really find out how to update google chrome on the website, but my PC is running just fine now! :)



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 07 January 2015 - 02:14 PM

The latest version for Chrome is Version 39.0.2171.95 m

Click on "Customize and control Google Chrome":
 
p22003758.gif

Click on the "About Chrome"

The version will be checked automatically.

#13 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 07 January 2015 - 03:07 PM

Says update failed (error:3), tried running google chrome as administrator which supposedly should help with that error, but it didn't really change anything.


Edited by ForfA, 07 January 2015 - 03:07 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 PM

Posted 08 January 2015 - 08:22 AM

Look at the error 3 on this page.

https://support.google.com/chrome/answer/111996?hl=en

If all fails then I suggest you reinstall chrome.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Then download Chrome from the site suggested on this link.
https://support.google.com/chrome/answer/111996?hl=en

Install it again. Then reset your bookmarks.

#15 ForfA

ForfA
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 08 January 2015 - 11:01 AM

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Should be good to go now :)
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users