WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


dllhost.exe *32 COM Surrogate and Windows Update

2 posters

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update 30th January 2014, 2:40 am

more_horiz
I was finally able to get Combofix to fully run and create a log. I should note that I have ran the Rootkit program 5 times and every time it continues to find this: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32)

That is even after running Combofix. I am also still getting the RUNDLL box upon startup where it says it can't find the temporary file I noted in an earlier post. On a brighter note, my Windows Security is finally working again where I can turn on Windows Defender and my Firewall. I have also been able to download approximately 180 Windows Updates as I was unable to do it the past couple of years.

AVG still won't uninstall and I still have 20-25 of the Com Surrogate processes running. Even though they are using less memory than they had before.

Here is the log from Combofix. I'm looking forward to what the next step is.

ComboFix 14-01-29.01 - Premiere Sound&Light 01/29/2014  19:30:03.5.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3996.1524 [GMT -6:00]
Running from: c:\users\Premiere Sound&Light\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\635X8ip4.exe.b
c:\programdata\635X8ip4.exe_.b
c:\users\PREMIE~1\AppData\Local\Temp\RtkBtMnt.exe
c:\users\Premiere Sound&Light\AppData\Local\temp\RtkBtMnt.exe
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-30  )))))))))))))))))))))))))))))))
.
.
2014-01-30 01:47 . 2014-01-30 01:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-30 01:47 . 2014-01-30 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-30 00:55 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4984D58C-B6E5-4FBC-B1E3-D98415F732C2}\mpengine.dll
2014-01-29 23:04 . 2014-01-29 23:04 -------- d-----w- c:\windows\Migration
2014-01-29 04:25 . 2014-01-29 04:25 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Local\Avg2013
2014-01-29 03:06 . 2014-01-29 03:06 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Local\Avg2014
2014-01-29 02:57 . 2014-01-29 23:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-29 02:57 . 2014-01-29 23:05 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-29 02:56 . 2014-01-29 04:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-28 05:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-28 05:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-28 05:59 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll
2014-01-28 05:59 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll
2014-01-28 05:58 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-28 05:58 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-28 05:58 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-01-28 05:58 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-28 05:58 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-28 05:58 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-28 05:56 . 2013-11-15 01:37 2334720 ----a-w- c:\windows\system32\jscript9.dll
2014-01-28 05:44 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2014-01-28 05:43 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2014-01-28 05:30 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2014-01-28 05:30 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-01-28 05:30 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-01-28 05:19 . 2014-01-28 05:21 -------- d-----w- c:\windows\system32\MRT
2014-01-28 05:03 . 2014-01-28 05:03 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Roaming\Oracle
2014-01-28 04:58 . 2014-01-28 04:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-28 04:56 . 2014-01-28 04:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-28 03:14 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2014-01-28 03:14 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2014-01-28 03:14 . 2011-03-02 16:12 221696 ----a-w- c:\windows\system32\dnsapi.dll
2014-01-28 03:14 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-01-28 03:14 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-01-28 03:14 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2014-01-28 03:14 . 2013-05-02 04:16 686080 ----a-w- c:\windows\system32\win32spl.dll
2014-01-28 03:14 . 2013-05-02 04:04 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-01-28 03:14 . 2013-05-02 04:03 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2014-01-28 03:11 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2014-01-28 03:11 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2014-01-28 03:11 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2014-01-28 03:11 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2014-01-28 03:11 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-01-28 03:11 . 2011-02-18 14:18 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2014-01-28 03:07 . 2013-08-01 04:10 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-28 03:07 . 2013-08-01 03:37 47104 ----a-w- c:\windows\system32\cdd.dll
2014-01-28 03:07 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2014-01-28 03:07 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2014-01-28 03:07 . 2013-06-15 13:27 20480 ----a-w- c:\windows\system32\icaapi.dll
2014-01-28 03:07 . 2013-06-15 11:38 29184 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-28 03:07 . 2013-04-24 02:10 1078272 ----a-w- c:\windows\system32\certutil.exe
2014-01-28 03:07 . 2013-04-24 01:46 812544 ----a-w- c:\windows\SysWow64\certutil.exe
2014-01-28 03:07 . 2013-04-24 04:09 50688 ----a-w- c:\windows\system32\certenc.dll
2014-01-28 03:07 . 2013-04-24 04:00 41984 ----a-w- c:\windows\SysWow64\certenc.dll
2014-01-28 03:06 . 2013-06-01 04:19 619008 ----a-w- c:\windows\system32\qedit.dll
2014-01-28 03:06 . 2013-06-01 04:06 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-28 03:04 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2014-01-28 03:04 . 2013-04-17 13:04 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-28 03:04 . 2013-04-17 12:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2014-01-28 03:03 . 2013-07-10 09:42 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2014-01-28 03:03 . 2013-07-10 09:47 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-01-28 03:01 . 2011-06-15 16:16 180736 ----a-w- c:\windows\system32\xmllite.dll
2014-01-28 03:01 . 2011-04-29 13:40 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-01-28 03:01 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-01-28 03:01 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2014-01-28 03:01 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2014-01-28 03:01 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2014-01-28 03:01 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2014-01-28 03:01 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2014-01-28 03:01 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2014-01-28 03:01 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2014-01-28 03:01 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2014-01-28 03:00 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2014-01-28 03:00 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-28 03:00 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-01-28 03:00 . 2011-04-29 13:39 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-01-28 03:00 . 2011-04-29 13:39 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-01-28 02:58 . 2013-07-03 02:22 31616 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-28 02:58 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-01-28 02:56 . 2013-07-05 04:45 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-28 02:50 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi
2014-01-28 02:50 . 2011-02-24 16:38 979840 ----a-w- c:\windows\system32\winresume.exe
2014-01-28 02:50 . 2011-02-24 16:37 1076608 ----a-w- c:\windows\system32\winload.efi
2014-01-28 02:50 . 2011-02-24 16:37 1063296 ----a-w- c:\windows\system32\winload.exe
2014-01-28 02:50 . 2011-02-24 16:37 20864 ----a-w- c:\windows\system32\kdusb.dll
2014-01-28 02:50 . 2011-02-24 16:37 18816 ----a-w- c:\windows\system32\kd1394.dll
2014-01-28 02:50 . 2011-02-24 16:37 17792 ----a-w- c:\windows\system32\kdcom.dll
2014-01-28 02:50 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2014-01-28 02:50 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2014-01-28 02:49 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-01-28 02:49 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2014-01-28 02:49 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-01-28 02:49 . 2009-07-10 11:51 302080 ----a-w- c:\windows\system32\shsvcs.dll
2014-01-28 02:47 . 2013-07-20 10:45 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 02:47 . 2013-07-20 10:44 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 02:47 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2014-01-28 02:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2014-01-28 02:47 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2014-01-28 02:47 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2014-01-28 02:47 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-28 02:47 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2014-01-28 02:47 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2014-01-28 02:46 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-01-28 02:46 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-01-28 02:46 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-28 02:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-28 02:46 . 2011-04-14 15:14 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2014-01-28 02:46 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-01-28 02:46 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2014-01-28 02:46 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2014-01-28 02:46 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2014-01-28 02:46 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-28 02:46 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-28 02:46 . 2013-07-04 04:13 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-01-28 02:44 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-01-28 02:44 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2014-01-28 02:44 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2014-01-28 02:44 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2014-01-28 02:44 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-28 02:44 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-01-28 02:43 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2014-01-28 02:43 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2014-01-28 02:43 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2014-01-28 02:43 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2014-01-28 02:42 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 15:59 . 2010-04-21 23:56 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 22:20 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe
2013-12-20 01:09 . 2013-12-17 04:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-20 01:09 . 2012-01-11 04:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 781824]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"LManager"="c:\progra~2\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files (x86)\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-01-07 2747744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANAAyADQAMwA3ADEAMwA3ADQALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA&prod=90&ver=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 00:12 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 01:09]
.
2014-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592603330-180509026-2455858920-1000Core.job
- c:\users\Premiere Sound&Light\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 18:08]
.
2014-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592603330-180509026-2455858920-1000UA.job
- c:\users\Premiere Sound&Light\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 18:08]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 07:52]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 07:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 488448]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-30 561200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1237288]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0209&m=aspire_6930
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe
Wow6432Node-HKLM-Run- - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-29  19:52:58
ComboFix-quarantined-files.txt  2014-01-30 01:52
ComboFix2.txt  2011-01-21 02:21
.
Pre-Run: 72,206,311,424 bytes free
Post-Run: 88,242,249,728 bytes free
.
- - End Of File - - 8DB691E7807D0BCE2A0DAFF1EF4DA038
BB9D3A6A13C5010348DA7C900BB6AF50

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update 30th January 2014, 5:28 am

more_horiz
Windows Defender is now finding this and after following the instructions for removal it remains.Virus:DOS/Rovnix.W

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update 30th January 2014, 7:00 pm

more_horiz
You say you're trying to uninstall AVG. I noticed that it's disabled. You will need to download and install another AV program from the list below.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*********************************************
Please make sure your new AV is installed before doing this next step. It should remove AVG from your computer.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    SecCenter::
    {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    Rootkit::

    Folder::
    c:\program files (x86)\AVG\AVG10


  • Save this as CFScript.txt, in the same location as ComboFix.exe

    dllhost.exe *32 COM Surrogate and Windows Update - Page 1 Cfscriptb4

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

**********************************************
Please run both versions of MBAM again and post the logs.

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update 31st January 2014, 3:00 am

more_horiz
OK. I think we're making some good progress here. I did all of the things from the last post and will be posting the logs. AVG was successfully removed and neither MBAM search found anything. All of the issues seem to be fixed other than just a couple. Windows Security Essentials continues to find 2 files that it is labeling as malicious. Upon removing them it states that I need to download Windows Defender Offline and boot to it from a flash drive. I have done that several times and it finds the files offline and I remove them as requested and upon running another scan they are right back there. WSE is the only program that has found these files. There was no sign of them on any of the other scans we have done. The 2 files that continue to be found are Virus:DOS/Rovnix.W and Virus:Win64/Rovnix.gen!C

The other thing that I have noticed is that my physical memory is running at about 46% with just one browser open. It appears the majority of that, 391,000k, is an svchost.exe. I looked at the services for the exe in task manager and they all have a PID of 592. There's about a dozen different things running under that process. It just seems to put a drain on the computer.

But all of the other issues have been fixed!

Do you have any ideas for what is left? Here are the logs from tonight as well.

ComboFix 14-01-29.01 - Premiere Sound&Light 01/30/2014 18:25:52.6.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3996.1864 [GMT -6:00]
Running from: c:\users\Premiere Sound&Light\Desktop\ComboFix.exe
Command switches used :: c:\users\Premiere Sound&Light\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG\AVG10
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\ace.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\arabica.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\boost.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\bsdiff.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\bzip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\carp.html
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\cryptopp.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\curl.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\dazukofs.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\expat.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\imagemagick.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\infozip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\lua.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\md4_md5_license.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\milter.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\minizip.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\openssl_license.html
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\sasl.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\tinyxml.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\unrar.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\untar.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\xalan_xerces.txt
c:\program files (x86)\AVG\AVG10\3rd_party\licenses\zlib.txt
c:\program files (x86)\AVG\AVG10\3rd_party\readme.txt
c:\program files (x86)\AVG\AVG10\avg.snu
c:\program files (x86)\AVG\AVG10\avg_us.chm
c:\program files (x86)\AVG\AVG10\avg_us.lng
c:\program files (x86)\AVG\AVG10\avgabout.dll
c:\program files (x86)\AVG\AVG10\avgamnot.dll
c:\program files (x86)\AVG\AVG10\avgapia.dll
c:\program files (x86)\AVG\AVG10\avgapix.dll
c:\program files (x86)\AVG\AVG10\avgar_us.chm
c:\program files (x86)\AVG\AVG10\avgatend.stp
c:\program files (x86)\AVG\AVG10\avgatupd.stp
c:\program files (x86)\AVG\AVG10\avgcclia.dll
c:\program files (x86)\AVG\AVG10\avgcclia.dll.old
c:\program files (x86)\AVG\AVG10\avgcclix.dll
c:\program files (x86)\AVG\AVG10\avgcerta.dll
c:\program files (x86)\AVG\AVG10\avgcerta.dll.old
c:\program files (x86)\AVG\AVG10\avgcertx.dll
c:\program files (x86)\AVG\AVG10\avgcfga.dll
c:\program files (x86)\AVG\AVG10\avgcfgex.exe
c:\program files (x86)\AVG\AVG10\avgcfgx.dll
c:\program files (x86)\AVG\AVG10\avgcfgx.dll.old
c:\program files (x86)\AVG\AVG10\avgchcla.dll
c:\program files (x86)\AVG\AVG10\avgchcla.dll.old
c:\program files (x86)\AVG\AVG10\avgchclx.dll
c:\program files (x86)\AVG\AVG10\avgchjwa.dll
c:\program files (x86)\AVG\AVG10\avgchjwa.dll.old
c:\program files (x86)\AVG\AVG10\avgchsva.exe
c:\program files (x86)\AVG\AVG10\avgchsva.exe.old
c:\program files (x86)\AVG\AVG10\avgclita.dll
c:\program files (x86)\AVG\AVG10\avgclita.dll.old
c:\program files (x86)\AVG\AVG10\avgclitx.dll
c:\program files (x86)\AVG\AVG10\avgcmgr.exe
c:\program files (x86)\AVG\AVG10\avgcorea.dll
c:\program files (x86)\AVG\AVG10\avgcorea.dll.old
c:\program files (x86)\AVG\AVG10\avgcorex.dll
c:\program files (x86)\AVG\AVG10\avgcrema.exe
c:\program files (x86)\AVG\AVG10\avgcsla.dll
c:\program files (x86)\AVG\AVG10\avgcslx.dll
c:\program files (x86)\AVG\AVG10\avgcslx.dll.old
c:\program files (x86)\AVG\AVG10\avgcsrva.exe
c:\program files (x86)\AVG\AVG10\avgcsrva.exe.old
c:\program files (x86)\AVG\AVG10\avgcsrvx.exe
c:\program files (x86)\AVG\AVG10\avgdg_us.chm
c:\program files (x86)\AVG\AVG10\avgdiagex.exe
c:\program files (x86)\AVG\AVG10\avgdumpa.exe
c:\program files (x86)\AVG\AVG10\avgdumpx.exe
c:\program files (x86)\AVG\AVG10\avgemca.exe
c:\program files (x86)\AVG\AVG10\avgf_us.chm
c:\program files (x86)\AVG\AVG10\avgfree_us.mht
c:\program files (x86)\AVG\AVG10\avgidp_us.chm
c:\program files (x86)\AVG\AVG10\avgidpsdkx.dll
c:\program files (x86)\AVG\AVG10\avgidpsdkx.dll.old
c:\program files (x86)\AVG\AVG10\avglnga.dll
c:\program files (x86)\AVG\AVG10\avglngx.dll
c:\program files (x86)\AVG\AVG10\avgloga.dll
c:\program files (x86)\AVG\AVG10\avgloga.dll.old
c:\program files (x86)\AVG\AVG10\avglogx.dll
c:\program files (x86)\AVG\AVG10\avglogx.dll.old
c:\program files (x86)\AVG\AVG10\avgls_us.chm
c:\program files (x86)\AVG\AVG10\avglscanx.exe
c:\program files (x86)\AVG\AVG10\avgmfapx.exe
c:\program files (x86)\AVG\AVG10\avgmfapx.exe.old
c:\program files (x86)\AVG\AVG10\avgmfarx.dll
c:\program files (x86)\AVG\AVG10\avgmfarx.dll.old
c:\program files (x86)\AVG\AVG10\avgmtrapx.dll
c:\program files (x86)\AVG\AVG10\avgmvfla.dll
c:\program files (x86)\AVG\AVG10\avgmvflx.dll
c:\program files (x86)\AVG\AVG10\avgmwdef_us.mht
c:\program files (x86)\AVG\AVG10\avgnsa.exe
c:\program files (x86)\AVG\AVG10\avgntdumpa.exe
c:\program files (x86)\AVG\AVG10\avgntdumpx.exe
c:\program files (x86)\AVG\AVG10\avgoutlooka.dll
c:\program files (x86)\AVG\AVG10\avgoutlookx.dll
c:\program files (x86)\AVG\AVG10\avgpostinstx.dll
c:\program files (x86)\AVG\AVG10\avgpp.dll
c:\program files (x86)\AVG\AVG10\avgppa.dll
c:\program files (x86)\AVG\AVG10\avgresf.dll
c:\program files (x86)\AVG\AVG10\avgrkta.dll
c:\program files (x86)\AVG\AVG10\avgrsa.exe
c:\program files (x86)\AVG\AVG10\avgrsa.exe.old
c:\program files (x86)\AVG\AVG10\avgsals_us.mht
c:\program files (x86)\AVG\AVG10\avgsbfree_us.mht
c:\program files (x86)\AVG\AVG10\avgsbga.dll
c:\program files (x86)\AVG\AVG10\avgscana.dll
c:\program files (x86)\AVG\AVG10\avgscana.exe
c:\program files (x86)\AVG\AVG10\avgscanx.dll
c:\program files (x86)\AVG\AVG10\avgscanx.exe
c:\program files (x86)\AVG\AVG10\avgsched.dll
c:\program files (x86)\AVG\AVG10\avgse.dll
c:\program files (x86)\AVG\AVG10\avgsea.dll
c:\program files (x86)\AVG\AVG10\avgsrma.dll
c:\program files (x86)\AVG\AVG10\avgsrmaa.exe
c:\program files (x86)\AVG\AVG10\avgsrmax.exe
c:\program files (x86)\AVG\AVG10\avgsrmx.dll
c:\program files (x86)\AVG\AVG10\avgssie.dll
c:\program files (x86)\AVG\AVG10\avgssiea.dll
c:\program files (x86)\AVG\AVG10\avgtray.exe
c:\program files (x86)\AVG\AVG10\avgtrial_us.mht
c:\program files (x86)\AVG\AVG10\avgui.exe
c:\program files (x86)\AVG\AVG10\avguiadv.dll
c:\program files (x86)\AVG\AVG10\avguires.dll
c:\program files (x86)\AVG\AVG10\avgupd.sig
c:\program files (x86)\AVG\AVG10\avgupdx.dll
c:\program files (x86)\AVG\AVG10\avgvva.dll
c:\program files (x86)\AVG\AVG10\avgvvx.dll
c:\program files (x86)\AVG\AVG10\avgwd.dll
c:\program files (x86)\AVG\AVG10\avgwd.dll.old
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe.old
c:\program files (x86)\AVG\AVG10\avgwdwsc.dll
c:\program files (x86)\AVG\AVG10\avgwdwsc.dll.old
c:\program files (x86)\AVG\AVG10\avgwebui.dll
c:\program files (x86)\AVG\AVG10\avgwsc.exe
c:\program files (x86)\AVG\AVG10\avgxpl.dll
c:\program files (x86)\AVG\AVG10\avgxpla.dll
c:\program files (x86)\AVG\AVG10\axioo.dll
c:\program files (x86)\AVG\AVG10\cf.dat
c:\program files (x86)\AVG\AVG10\Chrome\safesearch.crx
c:\program files (x86)\AVG\AVG10\contacts_us.html
c:\program files (x86)\AVG\AVG10\dfncfg.dat
c:\program files (x86)\AVG\AVG10\Drivers\avgld.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgld.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgldx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgldx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgmf.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgmf.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgmfx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgmfx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgrk.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgrk.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgrkx64.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgrkx86.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgtdi.cat
c:\program files (x86)\AVG\AVG10\Drivers\avgtdi.inf
c:\program files (x86)\AVG\AVG10\Drivers\avgtdia.sys
c:\program files (x86)\AVG\AVG10\Drivers\avgtdix.sys
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.cat
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.inf
c:\program files (x86)\AVG\AVG10\Drivers\ErHrVx64\AVGIDSEH.sys
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.cat
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.inf
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.cat
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.inf
c:\program files (x86)\AVG\AVG10\Drivers\Vista\AVGIDSFilter.sys
c:\program files (x86)\AVG\AVG10\Firefox\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG10\Firefox4\chrome.manifest
c:\program files (x86)\AVG\AVG10\Firefox4\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG10\Firefox4\Components\avgssff4.dll
c:\program files (x86)\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt
c:\program files (x86)\AVG\AVG10\Firefox4\install.rdf
c:\program files (x86)\AVG\AVG10\fixcfg.exe
c:\program files (x86)\AVG\AVG10\HtmLayout.dll
c:\program files (x86)\AVG\AVG10\HtmLayout.dll.old
c:\program files (x86)\AVG\AVG10\Icons\alert_mask.png
c:\program files (x86)\AVG\AVG10\Icons\background_middle_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_green.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_red.gif
c:\program files (x86)\AVG\AVG10\Icons\background_middle_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_green.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\background_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\block-doc.gif
c:\program files (x86)\AVG\AVG10\Icons\blocked.gif
c:\program files (x86)\AVG\AVG10\Icons\blocked12.png
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_green.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_red.gif
c:\program files (x86)\AVG\AVG10\Icons\border_bottom_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_green.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\border_top_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\box_bottom_red.gif
c:\program files (x86)\AVG\AVG10\Icons\box_top_red.gif
c:\program files (x86)\AVG\AVG10\Icons\caution.gif
c:\program files (x86)\AVG\AVG10\Icons\caution12.png
c:\program files (x86)\AVG\AVG10\Icons\click_here_gray.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_green.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_orange.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_red.gif
c:\program files (x86)\AVG\AVG10\Icons\click_here_yellow.gif
c:\program files (x86)\AVG\AVG10\Icons\clock.gif
c:\program files (x86)\AVG\AVG10\Icons\clock12.png
c:\program files (x86)\AVG\AVG10\Icons\close.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_blocked.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_caution.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_close.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_safe.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_unknown.gif
c:\program files (x86)\AVG\AVG10\Icons\icons_warning.gif
c:\program files (x86)\AVG\AVG10\Icons\LS_Logo_Results.gif
c:\program files (x86)\AVG\AVG10\Icons\safe.gif
c:\program files (x86)\AVG\AVG10\Icons\safe12.png
c:\program files (x86)\AVG\AVG10\Icons\unknown.gif
c:\program files (x86)\AVG\AVG10\Icons\vrsn-secured-lsfo.gif
c:\program files (x86)\AVG\AVG10\Icons\warning.gif
c:\program files (x86)\AVG\AVG10\Icons\warning12.png
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\driver\platform_VISTA\UniversalDD.sys
c:\program files (x86)\AVG\AVG10\imsdk64.dll
c:\program files (x86)\AVG\AVG10\js.dat
c:\program files (x86)\AVG\AVG10\license_us.htm
c:\program files (x86)\AVG\AVG10\mfaus.lns
c:\program files (x86)\AVG\AVG10\mfavera.txt
c:\program files (x86)\AVG\AVG10\mfaverx.txt
c:\program files (x86)\AVG\AVG10\mwbsr_e_free_us.mht
c:\program files (x86)\AVG\AVG10\mwbsr_f_free_us.mht
c:\program files (x86)\AVG\AVG10\PCTuneup\AxBrowsers.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\DiskCleanerHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\DiskDefragHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\helper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\localizer.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\MicroScanner.exe
c:\program files (x86)\AVG\AVG10\PCTuneup\PerlRegExp.bpl
c:\program files (x86)\AVG\AVG10\PCTuneup\RegistryCleanerHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\RescueCenterHelper.dll
c:\program files (x86)\AVG\AVG10\PCTuneup\rtl120.bpl
c:\program files (x86)\AVG\AVG10\PCTuneup\vcl120.bpl
c:\program files (x86)\AVG\AVG10\ph.dat
c:\program files (x86)\AVG\AVG10\sb.dat
c:\program files (x86)\AVG\AVG10\sb.dat.xcd
c:\program files (x86)\AVG\AVG10\sb2.dat
c:\program files (x86)\AVG\AVG10\sc.dat
c:\program files (x86)\AVG\AVG10\sc.dat.xcd
c:\program files (x86)\AVG\AVG10\SearchProvider.exe
c:\program files (x86)\AVG\AVG10\updatecomps.bak
c:\users\PREMIE~1\AppData\Local\Temp\RtkBtMnt.exe
c:\users\Premiere Sound&Light\AppData\Local\Temp\RtkBtMnt.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-31 )))))))))))))))))))))))))))))))
.
.
2014-01-31 00:34 . 2014-01-31 00:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-31 00:34 . 2014-01-31 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-30 05:44 . 2014-01-30 06:51 -------- d-----w- c:\windows\Microsoft Antimalware
2014-01-30 02:54 . 2013-10-28 05:41 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7BABD61-F8F7-4BAE-BAC2-AFFC395F80D5}\gapaengine.dll
2014-01-30 02:53 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4199604-979D-4DEE-9ACB-55DE6997C576}\mpengine.dll
2014-01-30 02:47 . 2014-01-30 02:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-01-30 02:47 . 2014-01-30 02:47 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-30 02:46 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-30 00:55 . 2013-12-16 07:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4984D58C-B6E5-4FBC-B1E3-D98415F732C2}\mpengine.dll
2014-01-29 23:04 . 2014-01-29 23:04 -------- d-----w- c:\windows\Migration
2014-01-29 04:25 . 2014-01-29 04:25 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Local\Avg2013
2014-01-29 03:06 . 2014-01-29 03:06 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Local\Avg2014
2014-01-29 02:57 . 2014-01-30 02:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-29 02:57 . 2014-01-30 02:11 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-29 02:56 . 2014-01-29 04:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-28 05:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-28 05:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-28 05:59 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll
2014-01-28 05:59 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll
2014-01-28 05:58 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-28 05:58 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-28 05:58 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-01-28 05:58 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-28 05:58 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-28 05:58 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-28 05:56 . 2013-11-15 01:37 2334720 ----a-w- c:\windows\system32\jscript9.dll
2014-01-28 05:44 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2014-01-28 05:43 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs
2014-01-28 05:30 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2014-01-28 05:30 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-01-28 05:30 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-01-28 05:19 . 2014-01-28 05:21 -------- d-----w- c:\windows\system32\MRT
2014-01-28 05:03 . 2014-01-28 05:03 -------- d-----w- c:\users\Premiere Sound&Light\AppData\Roaming\Oracle
2014-01-28 04:58 . 2014-01-28 04:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-28 04:56 . 2014-01-28 04:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-28 03:14 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2014-01-28 03:14 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2014-01-28 03:14 . 2011-03-02 16:12 221696 ----a-w- c:\windows\system32\dnsapi.dll
2014-01-28 03:14 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-01-28 03:14 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-01-28 03:14 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2014-01-28 03:14 . 2013-05-02 04:16 686080 ----a-w- c:\windows\system32\win32spl.dll
2014-01-28 03:14 . 2013-05-02 04:04 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-01-28 03:14 . 2013-05-02 04:03 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2014-01-28 03:11 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2014-01-28 03:11 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2014-01-28 03:11 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2014-01-28 03:11 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2014-01-28 03:11 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-01-28 03:11 . 2011-02-18 14:18 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2014-01-28 03:07 . 2013-08-01 04:10 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-28 03:07 . 2013-08-01 03:37 47104 ----a-w- c:\windows\system32\cdd.dll
2014-01-28 03:07 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2014-01-28 03:07 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2014-01-28 03:07 . 2013-06-15 13:27 20480 ----a-w- c:\windows\system32\icaapi.dll
2014-01-28 03:07 . 2013-06-15 11:38 29184 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-01-28 03:07 . 2013-04-24 02:10 1078272 ----a-w- c:\windows\system32\certutil.exe
2014-01-28 03:07 . 2013-04-24 01:46 812544 ----a-w- c:\windows\SysWow64\certutil.exe
2014-01-28 03:07 . 2013-04-24 04:09 50688 ----a-w- c:\windows\system32\certenc.dll
2014-01-28 03:07 . 2013-04-24 04:00 41984 ----a-w- c:\windows\SysWow64\certenc.dll
2014-01-28 03:06 . 2013-06-01 04:19 619008 ----a-w- c:\windows\system32\qedit.dll
2014-01-28 03:06 . 2013-06-01 04:06 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-28 03:04 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2014-01-28 03:04 . 2013-04-17 13:04 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-28 03:04 . 2013-04-17 12:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2014-01-28 03:03 . 2013-07-10 09:42 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2014-01-28 03:03 . 2013-07-10 09:47 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-01-28 03:01 . 2011-06-15 16:16 180736 ----a-w- c:\windows\system32\xmllite.dll
2014-01-28 03:01 . 2011-04-29 13:40 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-01-28 03:01 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-01-28 03:01 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2014-01-28 03:01 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2014-01-28 03:01 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2014-01-28 03:01 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2014-01-28 03:01 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2014-01-28 03:01 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2014-01-28 03:01 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2014-01-28 03:01 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2014-01-28 03:00 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2014-01-28 03:00 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-28 03:00 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-01-28 03:00 . 2011-04-29 13:39 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-01-28 03:00 . 2011-04-29 13:39 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-01-28 02:58 . 2013-07-03 02:22 31616 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-28 02:58 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-01-28 02:56 . 2013-07-05 03:58 1417664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-28 02:56 . 2013-07-05 02:15 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-01-28 02:50 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi
2014-01-28 02:50 . 2011-02-24 16:38 979840 ----a-w- c:\windows\system32\winresume.exe
2014-01-28 02:50 . 2011-02-24 16:37 1076608 ----a-w- c:\windows\system32\winload.efi
2014-01-28 02:50 . 2011-02-24 16:37 1063296 ----a-w- c:\windows\system32\winload.exe
2014-01-28 02:50 . 2011-02-24 16:37 20864 ----a-w- c:\windows\system32\kdusb.dll
2014-01-28 02:50 . 2011-02-24 16:37 18816 ----a-w- c:\windows\system32\kd1394.dll
2014-01-28 02:50 . 2011-02-24 16:37 17792 ----a-w- c:\windows\system32\kdcom.dll
2014-01-28 02:50 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2014-01-28 02:50 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2014-01-28 02:49 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-01-28 02:49 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2014-01-28 02:49 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-01-28 02:49 . 2009-07-10 11:51 302080 ----a-w- c:\windows\system32\shsvcs.dll
2014-01-28 02:47 . 2013-07-20 10:45 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 02:47 . 2013-07-20 10:44 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 02:47 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2014-01-28 02:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2014-01-28 02:47 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2014-01-28 02:47 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2014-01-28 02:47 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-28 02:47 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2014-01-28 02:47 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2014-01-28 02:46 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-01-28 02:46 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-01-28 02:46 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-28 02:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-28 02:46 . 2011-04-14 15:14 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2014-01-28 02:46 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-01-28 02:46 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2014-01-28 02:46 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2014-01-28 02:46 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2014-01-28 02:46 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-28 02:46 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-28 02:46 . 2013-07-04 04:13 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-01-28 02:44 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-01-28 02:44 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2014-01-28 02:44 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2014-01-28 02:44 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 15:59 . 2010-04-21 23:56 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-06 22:20 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe
2013-12-20 01:09 . 2013-12-17 04:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-20 01:09 . 2012-01-11 04:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-12 781824]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"LManager"="c:\progra~2\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files (x86)\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA&inst=NwA3AC0ANAAyADQAMwA3ADEAMwA3ADQALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA&prod=90&ver=9.0.872" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 00:12 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 01:09]
.
2014-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592603330-180509026-2455858920-1000Core.job
- c:\users\Premiere Sound&Light\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 18:08]
.
2014-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-592603330-180509026-2455858920-1000UA.job
- c:\users\Premiere Sound&Light\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 18:08]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 07:52]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17 07:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 488448]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-30 561200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1237288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0209&m=aspire_6930
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Launch Manager\QtZgAcer.EXE
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
.
**************************************************************************
.
Completion time: 2014-01-30 18:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-31 00:44
ComboFix2.txt 2014-01-30 01:52
ComboFix3.txt 2011-01-21 02:21
.
Pre-Run: 87,507,361,792 bytes free
Post-Run: 87,795,212,288 bytes free
.
- - End Of File - - A66D834F1463E5C48278D41ABB97D8D7
BB9D3A6A13C5010348DA7C900BB6AF50


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.26.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Premiere Sound&Light :: PREMIERESOUN-PC [administrator]

1/30/2014 7:02:10 PM
mbam-log-2014-01-30 (19-02-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 433144
Time elapsed: 1 hour(s), 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Premiere Sound&Light :: PREMIERESOUN-PC [administrator]

1/30/2014 8:13:12 PM
mbar-log-2014-01-30 (20-13-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 230582
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update 31st January 2014, 7:11 pm

more_horiz
It appears the majority of that, 391,000k, is an svchost.exe. I looked at the services for the exe in task manager and they all have a PID of 592. There's about a dozen different things running under that process. It just seems to put a drain on the computer.

You can end each of those processes one at a time and see what happens. I did some more checking about those viruses and [URL=Win64/Rovnix.gen!C]this[/URL] is what I found. If you use your computer for financial or other personal business you may want to consider wiping your hard drive and doing a fresh installation. That is the only way your computer will be considered safe again.
According to this MS site, MSE is supposed to clean this infection. I have no idea why it's not doing it but you can always check out the link to the MicroSoft virus and malware community for more insight.

descriptiondllhost.exe *32 COM Surrogate and Windows Update - Page 1 EmptyRe: dllhost.exe *32 COM Surrogate and Windows Update

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum