Jump to content
Sign in to follow this  
Argent

Computer has Issues - dllhost.exe etc

Recommended Posts

I had a problem a few days ago and ran Avira. It came back with 91 viruses, cleared those out.

 

Ran Malwarebytes Anti-Malware - It had hits, cleaned those out.

 

Now my computer does not appear to like certain security settings but I might have just fixed that.

 

The main issue that I am noticing now is that the process "dllhost.exe" is using a HUGE amount of system resources. As of right now between 11 and 46 on the task manager under CPU and the mem usage at 760,000 to 770,000 k.

 

I tried to terminate the process and copy a new version of the file over to "reset" the program but since it is a system file it is protected and the computer said No.

 

Now Avira and Anti-malware are both running clean. I installed Spybot search and destroy and it found some minor things like tracking cookies etc but my laptop is still misbehaving.

 

What else can I try?

Share this post


Link to post
Share on other sites

Hi and welcome.

 

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisement.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Scan.

[*]After the scan is complete click on "Clean"

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-Junkware-Removal-Tool-

 

Please download Junkware Removal Tool to your desktop.

 

Vista / 7 / 8 users:

You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download DDS and save it to your desktop.

[*]DDS.com

[*]DDS.pif

[*]Disable any script blocking protection

[*]Double click dds.scr to run the tool.

[*]When done, DDS.txt will open.

[*]Click Yes at the next prompt for Optional Scan.

[*]Save both reports to your desktop.

---------------------------------------------------

 

Please include the contents of the following in your next reply:

 

C:AdwCleaner[s1].txt

JRT.txt

DDS.txt

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 09/12/2013 at 17:19:54

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Mike - MYLAPTOP

# Running from : C:UsersMikeAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5V9WJNCM8AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:ProgramDataPartner

Folder Deleted : C:UsersMikeAppDataLocalLowConduit

Folder Deleted : C:UsersMikeAppDataLocalLowPriceGong

Folder Deleted : C:UsersMikeAppDataLocalLowToolbar4

Folder Deleted : C:UsersMikeAppDataRoamingiWin

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLMSOFTWAREGoogleChromeExtensionspmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLMSOFTWAREClassesAppIDTbCommonUtils.DLL

Key Deleted : HKLMSOFTWAREClassesAppIDTbHelper.EXE

Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32

Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS

Key Deleted : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASAPI32

Key Deleted : HKLMSOFTWAREMicrosoftTracingAskInstallChecker_RASMANCS

Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasapi32

Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasmancs

Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallASUS_Screensaver

Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_daemon-tools_RASAPI32

Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_daemon-tools_RASMANCS

Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_gom-player[1]_RASAPI32

Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_gom-player[1]_RASMANCS

Key Deleted : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLMSOFTWAREClassesAppID{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLMSOFTWAREClassesAppID{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLMSOFTWAREClassesAppID{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLMSOFTWAREClassesAppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLMSOFTWAREClassesInterface{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLMSOFTWAREClassesInterface{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLMSOFTWAREClassesInterface{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLMSOFTWAREClassesInterface{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLMSOFTWAREClassesInterface{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLMSOFTWAREClassesInterface{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLMSOFTWAREClassesInterface{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLMSOFTWAREClassesInterface{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLMSOFTWAREClassesInterface{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLMSOFTWAREClassesInterface{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLMSOFTWAREClassesInterface{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLMSOFTWAREClassesInterface{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLMSOFTWAREClassesInterface{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLMSOFTWAREClassesInterface{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLMSOFTWAREClassesInterface{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLMSOFTWAREClassesInterface{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLMSOFTWAREClassesInterface{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLMSOFTWAREClassesTypeLib{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLMSOFTWAREClassesTypeLib{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLMSOFTWAREClassesTypeLib{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLMSOFTWAREClassesTypeLib{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : [x64] HKLMSOFTWAREClassesInterface{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKCUSoftwareIM

Key Deleted : HKCUSoftwareSoftonic

Key Deleted : HKCUSoftwareYahooPartnerToolbar

Key Deleted : HKCUSoftwareAppDataLowSoftwareConduit

Key Deleted : HKCUSoftwareAppDataLowSoftwarePriceGong

Key Deleted : HKLMSoftwareConduit

Key Deleted : HKLMSoftwaredlQUE

Key Deleted : HKLMSoftwareIminent

 

***** [ Browsers ] *****

 

- Internet Explorer v10.0.9200.16736

 

 

- Mozilla Firefox v

 

- Google Chrome v31.0.1650.63

 

[ File : C:UsersMikeAppDataLocalGoogleChromeUser DataDefaultpreferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [6947 octets] - [09/12/2013 17:17:55]

AdwCleaner[s0].txt - [6831 octets] - [09/12/2013 17:19:54]

 

########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [6891 octets] ##########

Share this post


Link to post
Share on other sites

Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Mike on Mon 12/09/2013 at 17:50:54.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/09/2013 at 18:02:08.39End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

This was the 2nd run of JRT with "run as administrator" selected. I ran it right from the d/l screen before. I removed a bunch of empty folders and some kind of searchbar for utorrent that I never installed.

 

As to the improvement: dllhost.exe*32 is using 1.1 million K. The CPU percentage is down it looks like but the memory usage is worse.

Edited by Argent

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736Run by Mike at 18:14:15 on 2013-12-09#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1287 [GMT -8:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32nvvsvc.exeC:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exeC:Windowssystem32svchost.exe -k RPCSSC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32FBAgent.exeC:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exeC:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exeC:WindowsSystem32spoolsv.exeC:Program FilesCommon FilesActivIdentityac.sharedstore.exeC:Program FilesNVIDIA CorporationDisplaynvxdsync.exeC:Windowssystem32nvvsvc.exeC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:Program FilesActivIdentityActivClientacevents.exeC:Program Files (x86)AviraAntiVir Desktopsched.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Program Files (x86)AviraAntiVir Desktopavguard.exeC:WindowsSysWOW64svchost.exe -k hpdevmgmtC:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exeC:WindowsSystem32svchost.exe -k HPZ12C:WindowsSystem32svchost.exe -k HPZ12C:WindowsSysWOW64PnkBstrA.exeC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exeC:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exeC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXEC:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exeC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exeC:Program Files (x86)AviraAntiVir Desktopavshadow.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:Windowssystem32SearchIndexer.exeC:Windowssystem32taskhost.exeC:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exeC:Windowssystem32Dwm.exeC:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exeC:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exeC:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exeC:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exeC:Program Files (x86)Spybot - Search & Destroy 2SDTray.exeC:Program Files (x86)AviraAntiVir Desktopavgnt.exeC:Windowssystem32taskeng.exeC:Windowssystem32taskeng.exeC:Program Files (x86)ASUSWireless Console 3wcourier.exeC:Program Files (x86)ASUSControlDeckControlDeckStartUp.exeC:Program FilesP4GBatteryLife.exeC:Program Files (x86)ASUSSmartLogonsensorsrv.exeC:Program Files (x86)ASUSSplendidACMON.exeC:Windowssystem32wbemwmiprvse.exeC:WindowsSysWOW64ACEngSvr.exeC:WindowsSystem32svchost.exe -k LocalServicePeerNetC:WindowsSysWOW64ctfmon.exeC:WindowsAsScrPro.exeC:Program FilesRealtekAudioHDARAVCpl64.exeC:Windowssyswow64dllhost.exeC:Windowsexplorer.exeC:WindowsSysWOW64notepad.exeC:Program FilesInternet Exploreriexplore.exeC:Program Files (x86)Internet ExplorerIEXPLORE.EXEC:WindowsSystem32MsSpellCheckingFacility.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dllmRun: [sDTray] "C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe"mRun: [avgnt] "C:Program Files (x86)AviraAntiVir Desktopavgnt.exe" /minuPolicies-Explorer: NoDriveAutoRun = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice12ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dllTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces{42CFE61D-5418-4318-A93F-B000D9FEF8D0} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces{533BB75E-6704-47D8-8A20-99F2C293DA07} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces{533BB75E-6704-47D8-8A20-99F2C293DA07}14F6371696E64737869647 : DHCPNameServer = 192.168.2.1TCP: Interfaces{533BB75E-6704-47D8-8A20-99F2C293DA07}245502E4564777F627B6 : DHCPNameServer = 10.161.30.1TCP: Interfaces{533BB75E-6704-47D8-8A20-99F2C293DA07}34D434F57457563747F505F6274716C6 : DHCPNameServer = 208.67.222.222 208.67.220.220TCP: Interfaces{533BB75E-6704-47D8-8A20-99F2C293DA07}C496E6B637973754874756E64656273303533393 : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication31.0.1650.63Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;C:WindowsSystem32driversavkmgr.sys [2013-6-8 28600]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:Program FilesCommon FilesActivIdentityac.sharedstore.exe [2009-6-3 277032]R2 AFBAgent;AFBAgent;C:WindowsSystem32FBAgent.exe [2010-5-6 359552]R2 AntiVirSchedulerService;Avira Scheduler;C:Program Files (x86)AviraAntiVir Desktopsched.exe [2013-6-8 440376]R2 AntiVirService;Avira Real-Time Protection;C:Program Files (x86)AviraAntiVir Desktopavguard.exe [2013-6-8 440376]R2 ASMMAP64;ASMMAP64;C:Program Files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys [2009-7-2 15416]R2 avgntflt;avgntflt;C:WindowsSystem32driversavgntflt.sys [2013-6-8 107416]R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2013-7-7 418376]R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2013-7-7 701512]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [2013-12-8 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2013-12-8 1042272]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-10-15 381248]R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:WindowsSystem32driversdtsoftbus01.sys [2011-6-25 272448]R3 ETD;ELAN PS/2 Port Input Device;C:WindowsSystem32driversETD.sys [2009-10-15 117760]R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2013-7-7 25928]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2010-6-23 344680]R3 SPUVCbv;SPUVCb Driver Service;C:WindowsSystem32driversSPUVCBv_x64.sys [2010-1-31 2495944]R3 WSDScan;WSD Scan Support via UMB;C:WindowsSystem32driversWSDScan.sys [2009-7-13 25088]S1 MpKsle5a80500;MpKsle5a80500;C:WindowsSystem32MpEngineStoreMpKsle5a80500.sys [2013-2-13 35664]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2013-9-11 124088]S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [2013-12-8 171416]S3 AmUStor;AM USB Stroage Driver;C:WindowsSystem32driversAmUStor.sys [2009-8-21 44032]S3 fssfltr;fssfltr;C:WindowsSystem32driversfssfltr.sys [2010-10-24 48488]S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2010-9-22 1493352]S3 S3XXx64;SCR3xx USB SmartCardReader64;C:WindowsSystem32driversS3XXx64.sys [2013-4-3 74752]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:WindowsSystem32driversSiSG664.sys [2009-6-10 56832]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-6-28 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-6-4 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:WindowsSystem32driverswdcsam64.sys [2008-5-6 14464].=============== Created Last 60 ================.2013-12-10 01:33:40 -------- d-----w- C:WindowsERUNT2013-12-10 01:16:23 -------- d-----w- C:AdwCleaner2013-12-09 00:00:01 21040 ----a-w- C:WindowsSystem32sdnclean64.exe2013-12-08 23:59:51 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy 22013-12-08 05:14:19 -------- d-----w- C:WindowsMigration2013-12-02 03:08:17 -------- d-----w- C:UsersMikeAppDataRoamingOspiqud2013-12-02 03:06:37 -------- d-----w- C:UsersMikeAppDataRoamingIvbiam2013-12-02 03:05:42 -------- d-----w- C:UsersMikeAppDataRoamingYqguir2013-12-02 03:05:02 -------- d-----w- C:UsersMikeAppDataRoamingAlfifeo2013-12-02 03:03:55 -------- d-----w- C:UsersMikeAppDataRoamingMoseupu2013-12-02 03:03:18 -------- d-----w- C:UsersMikeAppDataRoamingQaleuqc2013-12-02 03:02:12 -------- d-----w- C:UsersMikeAppDataRoamingHiorofeh2013-12-02 03:00:42 -------- d-----w- C:UsersMikeAppDataRoamingFaveoswi2013-12-02 02:59:46 -------- d-----w- C:UsersMikeAppDataRoamingFelooni2013-12-02 02:59:08 -------- d-----w- C:UsersMikeAppDataRoamingKaqeca2013-12-02 02:58:15 -------- d-----w- C:UsersMikeAppDataRoamingXemyihl2013-12-02 02:57:16 -------- d-----w- C:UsersMikeAppDataRoamingIkdiym2013-12-02 02:56:23 -------- d-----w- C:UsersMikeAppDataRoamingEpabazz2013-12-02 02:55:46 -------- d-----w- C:UsersMikeAppDataRoamingOmubkiy2013-12-02 02:54:54 -------- d-----w- C:UsersMikeAppDataRoamingHigucu2013-12-02 02:54:16 -------- d-----w- C:UsersMikeAppDataRoamingDeavgiq2013-12-02 02:53:23 -------- d-----w- C:UsersMikeAppDataRoamingZipaxi2013-12-02 02:51:47 -------- d-----w- C:UsersMikeAppDataRoamingReukyh2013-12-02 02:51:07 -------- d-----w- C:UsersMikeAppDataRoamingRisiowvy2013-12-02 02:50:08 -------- d-----w- C:UsersMikeAppDataRoamingNihepio2013-12-02 02:49:25 -------- d-----w- C:UsersMikeAppDataRoamingOnabwe2013-12-02 02:48:08 -------- d-----w- C:UsersMikeAppDataRoamingZyveixv2013-12-02 02:47:30 -------- d-----w- C:UsersMikeAppDataRoamingCavyakk2013-12-02 02:46:28 -------- d-----w- C:UsersMikeAppDataRoamingZeymozef2013-12-02 02:45:39 -------- d-----w- C:UsersMikeAppDataRoamingIhozibo2013-12-02 02:44:24 -------- d-----w- C:UsersMikeAppDataRoamingAgkyuv2013-12-02 02:43:34 -------- d-----w- C:UsersMikeAppDataRoamingKapiaff2013-12-02 02:42:33 -------- d-----w- C:UsersMikeAppDataRoamingGaihge2013-12-02 02:41:53 -------- d-----w- C:UsersMikeAppDataRoamingLucyoca2013-12-02 02:41:02 -------- d-----w- C:UsersMikeAppDataRoamingXeqeel2013-12-02 02:40:15 -------- d-----w- C:UsersMikeAppDataRoamingEgfezaca2013-12-02 02:39:22 -------- d-----w- C:UsersMikeAppDataRoamingOrowgys2013-12-02 02:38:44 -------- d-----w- C:UsersMikeAppDataRoamingEnhaug2013-12-02 02:37:41 -------- d-----w- C:UsersMikeAppDataRoamingYtyqylez2013-12-02 02:36:52 -------- d-----w- C:UsersMikeAppDataRoamingLoiropq2013-12-02 02:35:39 -------- d-----w- C:UsersMikeAppDataRoamingIlmyygqo2013-12-02 02:34:37 -------- d-----w- C:UsersMikeAppDataRoamingXozedaf2013-12-02 02:33:19 -------- d-----w- C:UsersMikeAppDataRoamingTegyel2013-12-02 02:32:41 -------- d-----w- C:UsersMikeAppDataRoamingOgxizy2013-12-02 02:31:47 -------- d-----w- C:UsersMikeAppDataRoamingOmkihet2013-12-02 02:31:07 -------- d-----w- C:UsersMikeAppDataRoamingAwehga2013-12-02 02:30:14 -------- d-----w- C:UsersMikeAppDataRoamingAsqaoheq2013-12-02 02:29:22 -------- d-----w- C:UsersMikeAppDataRoamingNenyupax2013-12-02 02:28:26 -------- d-----w- C:UsersMikeAppDataRoamingUgpyur2013-12-02 02:27:43 -------- d-----w- C:UsersMikeAppDataRoamingWeohmih2013-12-02 02:26:04 -------- d-----w- C:UsersMikeAppDataRoamingDanousis2013-12-02 02:25:24 -------- d-----w- C:UsersMikeAppDataRoamingYcosahy2013-12-02 02:24:17 -------- d-----w- C:UsersMikeAppDataRoamingUbfoifg2013-12-02 02:23:32 -------- d-----w- C:UsersMikeAppDataRoamingArkaysxy2013-12-02 02:22:38 -------- d-----w- C:UsersMikeAppDataRoamingEksucyto2013-12-02 02:21:59 -------- d-----w- C:UsersMikeAppDataRoamingRabuku2013-12-02 02:20:46 -------- d-----w- C:UsersMikeAppDataRoamingHoreyv2013-12-02 02:18:33 -------- d-----w- C:UsersMikeAppDataRoamingEdfouk2013-12-02 02:17:07 -------- d-----w- C:UsersMikeAppDataRoamingEdyblo2013-12-02 02:16:14 -------- d-----w- C:UsersMikeAppDataRoamingAwqatoly2013-12-02 02:14:51 -------- d-----w- C:UsersMikeAppDataRoamingEgvaby2013-12-02 02:13:05 -------- d-----w- C:UsersMikeAppDataRoamingVoykip2013-12-02 02:12:03 -------- d-----w- C:UsersMikeAppDataRoamingHokeyszi2013-12-02 02:11:21 -------- d-----w- C:UsersMikeAppDataRoamingCyxosyb2013-12-02 02:10:03 -------- d-----w- C:UsersMikeAppDataRoamingNaupuxn2013-12-02 02:09:23 -------- d-----w- C:UsersMikeAppDataRoamingYzwein2013-12-02 02:08:26 -------- d-----w- C:UsersMikeAppDataRoamingIzfukae2013-12-02 02:07:27 -------- d-----w- C:UsersMikeAppDataRoamingZulubu2013-12-02 02:06:23 -------- d-----w- C:UsersMikeAppDataRoamingNekoeqb2013-12-02 02:04:27 -------- d-----w- C:UsersMikeAppDataRoamingEtudqyo2013-12-02 02:02:38 -------- d-----w- C:UsersMikeAppDataRoamingUcohcyse2013-12-02 02:00:59 -------- d-----w- C:UsersMikeAppDataRoamingEczies2013-12-02 01:59:47 -------- d-----w- C:UsersMikeAppDataRoamingSuegordu2013-12-02 01:58:54 -------- d-----w- C:UsersMikeAppDataRoamingUcafarur2013-12-02 01:57:08 -------- d-----w- C:UsersMikeAppDataRoamingElufypu2013-12-02 01:56:12 -------- d-----w- C:UsersMikeAppDataRoamingHeukozn2013-12-02 01:55:25 -------- d-----w- C:UsersMikeAppDataRoamingZoigerob2013-12-02 01:54:08 -------- d-----w- C:UsersMikeAppDataRoamingAhbeix2013-12-02 01:53:31 -------- d-----w- C:UsersMikeAppDataRoamingCuywzai2013-12-02 01:52:28 -------- d-----w- C:UsersMikeAppDataRoamingHyleoc2013-12-02 01:51:43 -------- d-----w- C:UsersMikeAppDataRoamingBiqycugo2013-12-02 01:50:43 -------- d-----w- C:UsersMikeAppDataRoamingOhysdyax2013-12-02 01:50:04 -------- d-----w- C:UsersMikeAppDataRoamingWaqeevhy2013-11-13 03:47:40 1474048 ----a-w- C:WindowsSystem32crypt32.dll2013-10-16 09:10:40 99840 ----a-w- C:WindowsSystem32driversusbccgp.sys2013-10-16 09:10:40 7808 ----a-w- C:WindowsSystem32driversusbd.sys2013-10-16 09:10:40 52736 ----a-w- C:WindowsSystem32driversusbehci.sys2013-10-16 09:10:40 343040 ----a-w- C:WindowsSystem32driversusbhub.sys2013-10-16 09:10:40 325120 ----a-w- C:WindowsSystem32driversusbport.sys2013-10-16 09:10:40 30720 ----a-w- C:WindowsSystem32driversusbuhci.sys2013-10-16 09:10:40 25600 ----a-w- C:WindowsSystem32driversusbohci.sys.==================== Find6M ====================.2013-12-10 01:06:14 45056 ----a-w- C:WindowsSystem32acovcnt.exe2013-12-03 08:27:13 107416 ----a-w- C:WindowsSystem32driversavgntflt.sys2013-11-26 22:22:59 83160 ----a-w- C:WindowsSystem32driversavnetflt.sys2013-11-26 22:22:59 28600 ----a-w- C:WindowsSystem32driversavkmgr.sys2013-11-20 03:21:59 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-11-20 03:21:59 692616 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-10-12 08:45:20 2241536 ----a-w- C:WindowsSystem32wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:WindowsSystem32jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:WindowsSystem32iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:WindowsSystem32iesysprep.dll2013-10-12 07:03:50 1767936 ----a-w- C:WindowsSysWow64wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:WindowsSysWow64jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:WindowsSysWow64iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:WindowsSysWow64iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:WindowsSystem32mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe2013-10-12 02:30:42 830464 ----a-w- C:WindowsSystem32nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:WindowsSystem32IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:WindowsSystem32FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:WindowsSysWow64nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:WindowsSysWow64FWPUCLNT.DLL2013-10-05 19:57:25 1168384 ----a-w- C:WindowsSysWow64crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:WindowsSystem32SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:WindowsSystem32credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:WindowsSystem32authui.dll2013-10-04 01:58:50 152576 ----a-w- C:WindowsSysWow64SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:WindowsSysWow64credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:WindowsSysWow64authui.dll2013-10-03 02:23:48 404480 ----a-w- C:WindowsSystem32gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:WindowsSysWow64gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:WindowsSystem32driversafd.sys2013-09-25 02:26:40 95680 ----a-w- C:WindowsSystem32driversksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:WindowsSystem32driversksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:WindowsSystem32sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:WindowsSystem32sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:WindowsSystem32secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:WindowsSystem32schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:WindowsSystem32ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:WindowsSystem32lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:WindowsSysWow64sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:WindowsSysWow64secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:WindowsSysWow64schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:WindowsSysWow64ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:WindowsSystem32lsass.exe2013-09-12 05:21:54 863344 ----a-w- C:WindowsSysWow64msvcr110_clr0400.dll2013-09-12 05:21:54 501872 ----a-w- C:WindowsSysWow64msvcp110_clr0400.dll2013-09-12 05:21:54 28776 ----a-w- C:WindowsSysWow64aspnet_counters.dll2013-09-12 05:21:54 18000 ----a-w- C:WindowsSysWow64msvcr100_clr0400.dll2013-09-12 03:39:06 855664 ----a-w- C:WindowsSystem32msvcr110_clr0400.dll2013-09-12 03:39:06 614000 ----a-w- C:WindowsSystem32msvcp110_clr0400.dll2013-09-12 03:39:06 30312 ----a-w- C:WindowsSystem32aspnet_counters.dll2013-09-12 03:39:06 18000 ----a-w- C:WindowsSystem32msvcr100_clr0400.dll2013-09-08 02:30:37 1903552 ----a-w- C:WindowsSystem32driverstcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:WindowsSystem32mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:WindowsSysWow64mswsock.dll2013-08-29 02:17:48 5549504 ----a-w- C:WindowsSystem32ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:WindowsSystem32ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:WindowsSystem32wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:WindowsSystem32tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:WindowsSystem32advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:WindowsSysWow64ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:WindowsSysWow64ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:WindowsSysWow64wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:WindowsSysWow64ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:WindowsSysWow64tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:WindowsSysWow64advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:Windowsapppatchacwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:WindowsSysWow64setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:WindowsSysWow64instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:WindowsSysWow64user.exe2013-08-28 01:21:06 3155968 ----a-w- C:WindowsSystem32win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:WindowsSystem32scavengeui.dll2013-08-05 02:25:45 155584 ----a-w- C:WindowsSystem32driversataport.sys2013-08-02 02:14:57 215040 ----a-w- C:WindowsSystem32winsrv.dll2013-08-02 02:13:34 424448 ----a-w- C:WindowsSystem32KernelBase.dll2013-08-02 01:50:42 274944 ----a-w- C:WindowsSysWow64KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:WindowsSystem32conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:WindowsSystem32smss.exe2013-08-02 00:43:05 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll2013-08-01 12:09:36 983488 ----a-w- C:WindowsSystem32driversdxgkrnl.sys2013-07-25 09:25:54 1888768 ----a-w- C:WindowsSystem32WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:WindowsSysWow64WMVDECOD.DLL2013-07-20 10:33:12 102608 ----a-w- C:WindowsSysWow64PresentationCFFRasterizerNative_v0300.dll2013-07-20 10:33:08 124112 ----a-w- C:WindowsSystem32PresentationCFFRasterizerNative_v0300.dll2013-07-19 01:58:42 2048 ----a-w- C:WindowsSystem32tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:WindowsSysWow64tzres.dll2013-07-12 10:41:35 185344 ----a-w- C:WindowsSystem32driversusbvideo.sys2013-07-12 10:41:12 100864 ----a-w- C:WindowsSystem32driversusbcir.sys2013-07-09 05:52:52 224256 ----a-w- C:WindowsSystem32wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:WindowsSystem32rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:WindowsSystem32cryptsvc.dll2013-07-09 05:46:20 139776 ----a-w- C:WindowsSystem32cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:WindowsSysWow64rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:WindowsSysWow64wintrust.dll.============= FINISH: 18:15:40.15 ===============

Share this post


Link to post
Share on other sites

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

Run Combofix:

 

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

 

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

 

Combofix may need to reboot your computer more than once to do its job this is normal.

 

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

[*]Link 1

Link 2

Link 3

[*]

 

[*]1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

 

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

 

Please be patient, at times it may appear ComBoFix has stalled.

 

 

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

 

"information and logs"

[*]In your next post I need the following

[*]Log from Combofix

[*]

 

Share this post


Link to post
Share on other sites

Do you want that other file as well? Also here is a screenie of my task manager with the offender working....

I don't think it's harmful, but rather related to your computer. this is a safe file from ASUS.C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe

Share this post


Link to post
Share on other sites

I was talking about the dllhost.exe taking up all that memory, but I also read that this process could be memory intensive but that is crazy intensive especially since my computer was not doing anything. Anyway here is the print out from the latest utility:

 

ComboFix 13-12-10.01 - Mike 12/10/2013 12:36:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1892 [GMT -8:00]
Running from: c:usersMikeDesktopComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:programdata820117h0i710d867s425c6gdk4b1
c:programdataism_0_llatsni.pad
c:programdataMicrosoftWindowsDRM7BDD.tmp
c:programdataMicrosoftWindowsDRM7C1F.tmp
c:usersMikeAppDataRoaminginst.exe
c:windowsmsvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-10 to 2013-12-10 )))))))))))))))))))))))))))))))
.
.
2013-12-10 21:02 . 2013-12-10 21:02 69000 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D9B3EE00-62EF-4FBD-8803-FA2C864857E1}offreg.dll
2013-12-10 21:00 . 2013-12-10 21:00 -------- d-----w- c:usersDefaultAppDataLocaltemp
2013-12-10 01:33 . 2013-12-10 01:33 -------- d-----w- c:windowsERUNT
2013-12-10 01:16 . 2013-12-10 01:20 -------- d-----w- C:AdwCleaner
2013-12-09 00:00 . 2013-09-20 18:49 21040 ----a-w- c:windowssystem32sdnclean64.exe
2013-12-08 23:59 . 2013-12-09 00:03 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2
2013-12-08 05:14 . 2013-12-08 05:14 -------- d-----w- c:windowsMigration
2013-12-02 03:08 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOspiqud
2013-12-02 03:06 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingIvbiam
2013-12-02 03:05 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingYqguir
2013-12-02 03:05 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAlfifeo
2013-12-02 03:03 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingMoseupu
2013-12-02 03:03 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingQaleuqc
2013-12-02 03:02 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHiorofeh
2013-12-02 03:00 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingFaveoswi
2013-12-02 02:59 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingFelooni
2013-12-02 02:59 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingKaqeca
2013-12-02 02:58 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingXemyihl
2013-12-02 02:57 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingIkdiym
2013-12-02 02:56 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEpabazz
2013-12-02 02:55 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOmubkiy
2013-12-02 02:54 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHigucu
2013-12-02 02:54 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingDeavgiq
2013-12-02 02:53 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingZipaxi
2013-12-02 02:51 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingReukyh
2013-12-02 02:51 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingRisiowvy
2013-12-02 02:50 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingNihepio
2013-12-02 02:49 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOnabwe
2013-12-02 02:48 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingZyveixv
2013-12-02 02:47 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingCavyakk
2013-12-02 02:46 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingZeymozef
2013-12-02 02:45 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingIhozibo
2013-12-02 02:44 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAgkyuv
2013-12-02 02:43 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingKapiaff
2013-12-02 02:42 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingGaihge
2013-12-02 02:41 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingLucyoca
2013-12-02 02:41 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingXeqeel
2013-12-02 02:40 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEgfezaca
2013-12-02 02:39 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOrowgys
2013-12-02 02:38 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEnhaug
2013-12-02 02:37 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingYtyqylez
2013-12-02 02:36 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingLoiropq
2013-12-02 02:35 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingIlmyygqo
2013-12-02 02:34 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingXozedaf
2013-12-02 02:33 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingTegyel
2013-12-02 02:32 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOgxizy
2013-12-02 02:31 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOmkihet
2013-12-02 02:31 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAwehga
2013-12-02 02:30 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAsqaoheq
2013-12-02 02:29 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingNenyupax
2013-12-02 02:28 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingUgpyur
2013-12-02 02:27 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingWeohmih
2013-12-02 02:26 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingDanousis
2013-12-02 02:25 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingYcosahy
2013-12-02 02:24 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingUbfoifg
2013-12-02 02:23 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingArkaysxy
2013-12-02 02:22 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEksucyto
2013-12-02 02:21 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingRabuku
2013-12-02 02:20 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHoreyv
2013-12-02 02:18 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEdfouk
2013-12-02 02:17 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEdyblo
2013-12-02 02:16 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAwqatoly
2013-12-02 02:14 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEgvaby
2013-12-02 02:13 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingVoykip
2013-12-02 02:12 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHokeyszi
2013-12-02 02:11 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingCyxosyb
2013-12-02 02:10 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingNaupuxn
2013-12-02 02:09 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingYzwein
2013-12-02 02:08 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingIzfukae
2013-12-02 02:07 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingZulubu
2013-12-02 02:06 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingNekoeqb
2013-12-02 02:04 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEtudqyo
2013-12-02 02:02 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingUcohcyse
2013-12-02 02:00 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingEczies
2013-12-02 01:59 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingSuegordu
2013-12-02 01:58 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingUcafarur
2013-12-02 01:57 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingElufypu
2013-12-02 01:56 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHeukozn
2013-12-02 01:55 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingZoigerob
2013-12-02 01:54 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingAhbeix
2013-12-02 01:53 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingCuywzai
2013-12-02 01:52 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingHyleoc
2013-12-02 01:51 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingBiqycugo
2013-12-02 01:50 . 2013-12-05 00:17 -------- d-----w- c:usersMikeAppDataRoamingOhysdyax
2013-12-02 01:50 . 2013-12-04 23:21 -------- d-----w- c:usersMikeAppDataRoamingWaqeevhy
2013-11-13 03:47 . 2013-10-05 20:25 1474048 ----a-w- c:windowssystem32crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 02:30 . 2011-12-24 14:38 45056 ----a-w- c:windowssystem32acovcnt.exe
2013-12-03 08:27 . 2013-06-09 03:49 107416 ----a-w- c:windowssystem32driversavgntflt.sys
2013-11-26 22:22 . 2013-06-09 03:51 83160 ----a-w- c:windowssystem32driversavnetflt.sys
2013-11-26 22:22 . 2013-06-09 03:49 28600 ----a-w- c:windowssystem32driversavkmgr.sys
2013-11-26 22:22 . 2013-06-09 03:49 132600 ----a-w- c:windowssystem32driversavipbb.sys
2013-11-20 03:21 . 2012-04-11 22:19 692616 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2013-11-20 03:21 . 2011-05-27 12:51 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2013-11-08 00:00 . 2010-06-05 01:55 82896128 ----a-w- c:windowssystem32MRT.exe
2013-09-12 05:21 . 2013-09-12 05:21 863344 ----a-w- c:windowsSysWow64msvcr110_clr0400.dll
2013-09-12 05:21 . 2013-09-12 05:21 501872 ----a-w- c:windowsSysWow64msvcp110_clr0400.dll
2013-09-12 05:21 . 2013-09-12 05:21 28776 ----a-w- c:windowsSysWow64aspnet_counters.dll
2013-09-12 05:21 . 2013-09-12 05:21 18000 ----a-w- c:windowsSysWow64msvcr100_clr0400.dll
2013-09-12 03:39 . 2013-09-12 03:39 855664 ----a-w- c:windowssystem32msvcr110_clr0400.dll
2013-09-12 03:39 . 2013-09-12 03:39 614000 ----a-w- c:windowssystem32msvcp110_clr0400.dll
2013-09-12 03:39 . 2013-09-12 03:39 30312 ----a-w- c:windowssystem32aspnet_counters.dll
2013-09-12 03:39 . 2013-09-12 03:39 18000 ----a-w- c:windowssystem32msvcr100_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"SDTray"="c:program files (x86)Spybot - Search & Destroy 2SDTray.exe" [2013-07-25 5624784]
"avgnt"="c:program files (x86)AviraAntiVir Desktopavgnt.exe" [2013-11-26 683576]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *00sdnclean64.exe
.
R1 MpKsle5a80500;MpKsle5a80500;c:windowssystem32MpEngineStoreMpKsle5a80500.sys;c:windowsSYSNATIVEMpEngineStoreMpKsle5a80500.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:windowssystem32driversAmUStor.SYS;c:windowsSYSNATIVEdriversAmUStor.SYS [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:windowssystem32DRIVERSpoint64.sys;c:windowsSYSNATIVEDRIVERSpoint64.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:windowssystem32DRIVERSS3XXx64.sys;c:windowsSYSNATIVEDRIVERSS3XXx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:windowssystem32DRIVERSSiSG664.sys;c:windowsSYSNATIVEDRIVERSSiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:windowssystem32DRIVERSwdcsam64.sys;c:windowsSYSNATIVEDRIVERSwdcsam64.sys [x]
S0 sptd;sptd;c:windowsSystemRootSystem32Driverssptd.sys;c:windowsSystemRootSystem32Driverssptd.sys [x]
S1 avkmgr;avkmgr;c:windowssystem32DRIVERSavkmgr.sys;c:windowsSYSNATIVEDRIVERSavkmgr.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:program filesCommon FilesActivIdentityac.sharedstore.exe;c:program filesCommon FilesActivIdentityac.sharedstore.exe [x]
S2 AFBAgent;AFBAgent;c:windowssystem32FBAgent.exe;c:windowsSYSNATIVEFBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:program files (x86)AviraAntiVir Desktopsched.exe;c:program files (x86)AviraAntiVir Desktopsched.exe [x]
S2 ASMMAP64;ASMMAP64;c:program files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys;c:program files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [x]
S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:program files (x86)Spybot - Search & Destroy 2SDFSSvc.exe;c:program files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:program files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe;c:program files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:program files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe;c:program files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:windowssystem32DRIVERSETD.sys;c:windowsSYSNATIVEDRIVERSETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys;c:windowsSYSNATIVEdriversmbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys;c:windowsSYSNATIVEDriverspcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:windowssystem32DriversSPUVCbv_x64.sys;c:windowsSYSNATIVEDriversSPUVCbv_x64.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:windowssystem32driversWSDScan.sys;c:windowsSYSNATIVEdriversWSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-09 03:36 1210320 ----a-w- c:program files (x86)GoogleChromeApplication31.0.1650.63Installerchrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-11 03:22]
.
2013-12-10 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-10 20:18]
.
2013-12-10 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-03-10 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOTCLSID{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:program files (x86)ASUSASUS WebStorageSERVICEAsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersAsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOTCLSID{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:program files (x86)ASUSASUS WebStorageSERVICEAsusWSShellExt64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:windowssystem32blank.htm
mLocal Page = c:windowsSysWOW64blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERSS-1-5-21-345118570-2158966208-1483405875-1001SoftwareSecuROMLicense information*]
"datasecu"=hex:20,dc,04,a1,f6,8f,0b,ae,bb,3e,a2,62,3b,18,67,6c,14,16,0b,31,9d,
86,b1,ca,d7,62,d7,c0,fb,48,a2,c4,3c,3c,f5,03,a0,8c,6f,1c,71,56,e5,6e,18,a3,
"rkeysecu"=hex:5e,03,37,21,ff,fe,e7,6b,54,a9,2d,04,89,4c,c2,11
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:program files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
c:program files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
c:program files (x86)AviraAntiVir Desktopavguard.exe
c:windowsSysWOW64PnkBstrA.exe
c:program files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe
c:program files (x86)ASUSControlDeckControlDeckStartUp.exe
c:program files (x86)ASUSSmartLogonsensorsrv.exe
.
**************************************************************************
.
Completion time: 2013-12-10 15:44:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-10 23:44
.
Pre-Run: 24,285,749,248 bytes free
Post-Run: 25,330,450,432 bytes free
.
- - End Of File - - E905DED186CCDDBCDA9A16E9681C0FFB
5C616939100B85E558DA92B899A0FC36

Share this post


Link to post
Share on other sites

Unless you see something in that wall of text I just added to our conversation I think you can close this out. I got exterminate to work finally, with 0 hits on the quick scan even.

 

I was able to play a custom League of Legends game with normal fps. Still the same old crappy lag, but that is well documented from Riot. (Think you could fix them? That would be awesome because I miss playing League).

 

After the laggy League game I moved to Counter-Strike and that worked like a champ.

 

Thanks Juliet! +10000 cool points have been added to your account.

Share this post


Link to post
Share on other sites

Don't give up on me yet. I see files/folders I cannot find information on.

 

 

Show system files in Windows 7 and then see if the file is there.

 

Click on Control Panel

Click on Folder Options

Click on View Tab

 

Check:

Show hidden files,folders, or drives, press OK

======================================================

 

***NOTE: Be sure to re-hide hidden files and folders when mission is accomplished!

 

 

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

click on Browse, and upload the following file for analysis:

 

c:usersMikeAppDataRoamingOspiqud

 

please also have this file scanned

c:windowssystem32MpEngineStoreMpKsle5a80500.sys

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will produce a log called FRST.txt in the same directory the tool is run from.

[*]Please copy and paste log back here.

[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Copies of logs are saved at %systemdrive%:FRSTLogs (in most cases this will be C:FRSTLogs).

Edited by Juliet
typo

Share this post


Link to post
Share on other sites

I deleted the 1st one with all of those empty folders. Every one of those was a virus that Avira or Anti-Malware cleared up, they just left the directories.

 

As to the other, I can see it normally, but it does not show up when I use the list from the Virus Total site.

 

Oh, also your Exterminate ran a full scan last night with 0 threats detected if that helps as well.

Edited by Argent

Share this post


Link to post
Share on other sites

thats all good news.

I was going crossed eyed looking for info.....

 

Eset?, good scanner to use.

 

this below is for me, please:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will produce a log called FRST.txt in the same directory the tool is run from.

[*]Please copy and paste log back here.

[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Copies of logs are saved at %systemdrive%:FRSTLogs (in most cases this will be C:FRSTLogs)

Share this post


Link to post
Share on other sites

I would like to delete those empty folders/files of your computer before I give you the all clear.

 

the last scan requested would be helpful.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...