Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

dllhost.exe COM surrogate problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

dllhost.exe COM surrogate problem

Unread postby lynda » October 29th, 2014, 6:32 pm

Windows 7 Home Premium 64 bit is infected with the dllhost.exe COM surrogate problem:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.51.2
Run by Dworaks at 17:26:47 on 2014-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6062.3217 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://search.nation.com/?orig=HP&affid ... =571932689
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.0.17\AVG Web TuneUp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
TCP: NameServer = 8.8.8.8 97.64.168.12 97.64.183.165
TCP: Interfaces\{34CB43D5-985D-4A3A-AC1B-62EF2E9CF302} : DHCPNameServer = 8.8.8.8 97.64.168.12 97.64.183.165
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} -
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dworaks\AppData\Roaming\Mozilla\Firefox\Profiles\0jdc2wdu.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={B07B4557-0B43-4B55-95CB-F7BD6AAB0E5B}&mid=8f10e5d8672947d38d5469837c40f5c9-a72bb2fc6fe87703801b0301fcf40e953fa3d79c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-10-28 07:48:21&v=4.0.0.17&pid=wtu&sg=&sap=hp
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee.dll
FF - plugin: C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-1 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-10-7 262424]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-10-28 50976]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-10-16 3487248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-10-16 298080]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-3 2436280]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2013-3-11 231792]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-10-2 1384992]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2013-8-7 773152]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-1 13632]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-27 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-27 968504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]
R2 PbaDrvSvc_x64;Dell PBA x64 Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [2013-1-21 21504]
R2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [2014-10-28 1849368]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2013-2-26 1773056]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2012-9-23 39016]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-8-7 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-7 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-1 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-1 792560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-27 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-27 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-27 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2013-8-7 26856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-10-28 2282272]
S2 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2013-3-8 254824]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-1 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-10-29 19:53:56 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E683FBE-ABB8-4B02-B341-F943FCF60406}\mpengine.dll
2014-10-29 00:02:54 -------- d-----w- C:\FRST
2014-10-28 22:40:25 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\ProductData
2014-10-28 22:39:28 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-10-28 22:39:21 -------- d-----w- C:\ProgramData\ProductData
2014-10-28 22:39:17 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-10-28 22:39:07 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-10-28 22:37:28 -------- d-----w- C:\ProgramData\IObit
2014-10-28 22:37:22 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\IObit
2014-10-28 22:37:18 -------- d-----w- C:\Program Files (x86)\IObit
2014-10-28 12:48:40 -------- d-----w- C:\Users\Dworaks\AppData\Local\AVG Web TuneUp
2014-10-28 12:48:36 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-10-28 12:48:20 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-10-28 12:48:16 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-10-28 12:48:15 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-10-28 12:48:05 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2014-10-28 12:48:02 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2014-10-28 04:15:51 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\AVG2015
2014-10-28 04:13:41 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\TuneUp Software
2014-10-28 03:01:38 -------- d--h--w- C:\$AVG
2014-10-28 03:01:37 -------- d-----w- C:\ProgramData\AVG2015
2014-10-28 03:00:45 -------- d-----w- C:\Program Files (x86)\AVG
2014-10-28 02:56:07 -------- d-----w- C:\Users\Dworaks\AppData\Local\MFAData
2014-10-28 02:56:07 -------- d-----w- C:\Users\Dworaks\AppData\Local\Avg2015
2014-10-28 02:56:07 -------- d-----w- C:\ProgramData\MFAData
2014-10-28 02:42:30 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-28 02:29:09 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-28 02:28:47 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-28 02:28:47 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-28 02:28:46 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-28 02:28:46 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-28 02:28:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 22:54:27 -------- d--h--w- C:\ProgramData\CanonIJMIG
2014-10-27 22:54:12 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2014-10-27 22:51:56 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-10-27 22:51:05 -------- d-----w- C:\ProgramData\CanonIJPLM
2014-10-27 22:50:26 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2014-10-27 22:50:17 321536 ----a-w- C:\Windows\SysWow64\CNC_BUL.dll
2014-10-27 22:50:17 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2014-10-27 22:49:22 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2014-10-27 22:49:22 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL
2014-10-27 22:49:22 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2014-10-27 22:49:22 -------- d-----w- C:\Windows\System32\STRING
2014-10-27 22:46:02 -------- d-----w- C:\ProgramData\CanonIJWSpt
2014-10-27 22:29:10 -------- d-----w- C:\Program Files\Canon
2014-10-27 21:33:11 -------- d-----w- C:\Program Files (x86)\Canon
2014-10-27 10:34:35 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-26 22:55:08 87200 ----a-w- C:\ProgramData\wrnhoah.tmp
2014-10-26 22:54:38 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\Aqmapi
2014-10-26 22:54:10 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\Ushafehu
2014-10-25 22:31:49 0 ----a-w- C:\Windows\System32\iaowsy.dll
2014-10-25 15:19:25 -------- d-----w- C:\Program Files\iPod
2014-10-25 15:19:24 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 15:19:24 -------- d-----w- C:\Program Files\iTunes
2014-10-25 15:19:24 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-15 07:27:58 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-10 20:14:32 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-10-08 02:43:06 262424 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-10-06 02:41:40 124184 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-10-02 13:28:28 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{088848B9-2884-48CD-A8AC-B8E99CE8B98F}\gapaengine.dll
2014-09-30 18:32:10 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 18:32:10 371712 ----a-w- C:\Windows\System32\qdvd.dll
.
==================== Find3M ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-24 01:16:47 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 01:16:47 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:47:24 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 17:28:32.74 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2013 8:40:50 PM
System Uptime: 10/29/2014 4:45:15 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0YXT71
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 717.982 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP217: 10/26/2014 5:48:32 PM - Windows Update
RP218: 10/27/2014 4:19:27 PM - Removed Apple Mobile Device Support
RP219: 10/27/2014 4:21:21 PM - Removed QuickTime 7
RP220: 10/27/2014 6:51:48 PM - Removed Citrix Access Gateway Endpoint Analysis
RP221: 10/27/2014 9:59:50 PM - Installed AVG 2015
RP222: 10/27/2014 10:00:54 PM - Installed AVG 2015
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Software Update
AVG 2015
AVG Web TuneUp
Bonjour
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5500 series MP Drivers
Canon MG5500 series On-screen Manual
Canon MG5500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Cisco WebEx Meetings
Citrix Access Gateway Endpoint Analysis
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Custom
D3DX10
Dell Client System Update
Dell Data Protection | Access
Dell Edoc Viewer
DellAccess
EMBASSY Client Core
ERAS Connector
Fitbit Base Station (Driver Removal)
Fitbit Connect
Fitbit v2.1.0.9
Gemalto
GemPcCCID
GoPro Studio 2.0.1
Greenshot 1.0.6.2228
H&R Block Deluxe + Efile + State 2013
H&R Block Iowa 2013
HRBlockDirect version 1.1.2.0
Intel(R) Control Center
Intel(R) Network Connections 17.2.154.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
iTunes
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Online Plug-in
Origin
PBA Driver-x64
Photo Common
Photo Gallery
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Self-service Plug-in
SI TSS
SPBA (WBF) 5.9
Star Wars The Old Republic
Star Wars: The Old Republic
TextPad 7
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Into the Future
The Sims™ 3 Island Paradise
The Sims™ 3 Late Night
The Sims™ 3 Movie Stuff
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 University Life
The Sims™ 3 World Adventures
The Sims™ 4 Create A Sim Demo
toolkit32for64bit
Trusted Drive Manager
Updater
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Wave Crypto Runtime 2.0.9.0 x64
Wave Crypto Runtime 2.0.9.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zip Extractor Packages
.
==== Event Viewer Messages From Past Week ========
.
10/29/2014 4:46:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: jhtxyk
10/29/2014 4:45:41 PM, Error: Service Control Manager [7001] - The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
10/29/2014 4:45:41 PM, Error: Service Control Manager [7001] - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
10/29/2014 2:42:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EmbassyService service.
10/28/2014 5:52:36 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).
10/28/2014 5:39:19 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/28/2014 5:22:16 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
10/28/2014 5:08:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
10/28/2014 5:08:46 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2014 5:06:14 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:34:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
10/28/2014 4:33:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/28/2014 4:33:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/28/2014 4:33:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/28/2014 4:33:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/28/2014 4:33:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/28/2014 4:33:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/28/2014 4:32:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache jhtxyk MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/28/2014 4:32:43 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/28/2014 4:32:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2014 9:49:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
10/27/2014 6:58:01 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/27/2014 6:58:01 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/27/2014 6:41:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/27/2014 6:41:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
10/27/2014 6:41:22 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/27/2014 6:26:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Internet Updater service to connect.
10/27/2014 6:26:24 PM, Error: Service Control Manager [7000] - The Internet Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/27/2014 5:58:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
10/27/2014 4:51:09 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/27/2014 4:21:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
10/26/2014 7:07:56 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm
Advertisement
Register to Remove

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » October 30th, 2014, 10:03 am

Hello lynda,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please tell me is this computer used for any kind of business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Also please

Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

and

Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answer to my question related to type of using of your computer
  3. Contents of CKFiles.txt log file
  4. Contents of a log created by codecheck.txt

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 10:11 am

Hi and thanks for your response. This is not a business computer. Just a home PC.
I do not ahve any problems executing these instructions

Results from CKFiles.txt

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.DUAPEZ
----- EOF -----

Results from Codecheck
Codecheck Version 1.0

10030
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » October 30th, 2014, 4:20 pm

Hello lynda,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    Microsoft Security Essentials
    AVG AntiVirus Free Edition 2015
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to uninstall the
    AVG AntiVirus Free Edition 2015. How to do it? Please see Step 3 below.

Step 3.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    AVG 2015
    AVG Web TuneUp
    Java 7 Update 51
    Java Auto Updater
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 4.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 5.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 6.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 7.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *IObit*
    *jhtxyk*
    
    :folderfind
    *IObit*
    *jhtxyk*
    
    :Regfind
    IObit
    jhtxyk
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Contents of the SystemLook.txt log file
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:23 pm

Thanks for looking.
A. I do not have any problems with these instructions and will post each output from teh files in separate posts.
B. AdwCleaner results:

# AdwCleaner v3.311 - Report created 30/10/2014 at 16:38:45
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dworaks - DWORAKS-PC
# Running from : C:\Users\Dworaks\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\surf andu keep
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Program Files (x86)\surf andu keep
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

Task Deleted : DigitalSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Nation Toolbar
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

*************************

AdwCleaner[R0].txt - [4245 octets] - [30/10/2014 16:21:08]
AdwCleaner[S0].txt - [3937 octets] - [30/10/2014 16:38:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3997 octets] ##########
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:23 pm

C: JRT results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dworaks on Thu 10/30/2014 at 16:47:53.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{05C39246-E882-44C2-BA8C-95041B664284}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\searchdonkey"
Successfully deleted: [Folder] "C:\Users\Dworaks\AppData\Roaming\digitalsite"
Successfully deleted: [Folder] "C:\Users\Dworaks\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Dworaks\appdata\local\mobogenie"
Successfully deleted: [Folder] "C:\Users\Dworaks\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Dworaks\documents\optimizer pro"



~~~ FireFox

Successfully deleted: [File] C:\Users\Dworaks\AppData\Roaming\mozilla\firefox\profiles\0jdc2wdu.default\searchplugins\avg-secure-search.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/30/2014 at 17:15:53.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:24 pm

D: contents of JRT

OTL logfile created on: 10/30/2014 5:48:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dworaks\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 43.29% Memory free
11.84 Gb Paging File | 8.87 Gb Available in Paging File | 74.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.74 Gb Total Space | 712.59 Gb Free Space | 76.56% Space Free | Partition Type: NTFS

Computer Name: DWORAKS-PC | User Name: Dworaks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/30 16:45:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dworaks\Desktop\OTL.exe
PRC - [2014/10/06 21:54:03 | 000,810,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/24 03:18:53 | 003,600,216 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/10/02 13:36:40 | 003,264,544 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/10/02 13:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/06/14 16:45:20 | 000,924,040 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/06/14 16:44:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/06/14 16:43:52 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/06/13 21:00:38 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/06/09 19:55:00 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/22 05:42:44 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/02/19 16:38:58 | 000,453,736 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/06/22 13:40:50 | 000,773,152 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit\fitbit.exe
PRC - [2012/05/30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/30 14:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/28 12:49:12 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/15 03:34:39 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\07d2f1ab8192b165b752d2fc9e3225ba\IAStorUtil.ni.dll
MOD - [2014/10/15 03:32:44 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/15 03:32:26 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/15 03:32:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 03:32:18 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 03:32:16 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/15 03:32:08 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/15 03:32:05 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/15 03:09:02 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 03:08:54 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 03:08:53 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/24 03:18:35 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014/09/24 03:18:07 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014/09/24 03:18:07 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014/09/24 03:18:07 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014/09/24 03:18:07 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014/09/24 03:18:07 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014/09/24 03:18:07 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014/09/24 03:18:07 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014/09/11 03:36:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\eea1bb5d7447f7a6f982afbc0a952ebc\IAStorCommon.ni.dll
MOD - [2014/09/11 03:33:24 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/09 08:12:52 | 008,896,160 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2014/02/26 04:03:12 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/09/25 03:10:24 | 002,436,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/11 10:05:06 | 000,231,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService)
SRV:64bit: - [2013/03/08 12:13:56 | 000,254,824 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR)
SRV:64bit: - [2013/03/05 14:31:54 | 005,159,760 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2013/02/26 15:17:16 | 001,773,056 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2013/02/01 14:21:52 | 002,215,272 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2013/01/21 12:05:12 | 000,021,504 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe -- (PbaDrvSvc_x64)
SRV:64bit: - [2012/06/05 17:40:38 | 000,190,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/23 20:16:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/19 16:09:48 | 002,282,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/06/03 15:55:46 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/02 13:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/22 13:40:50 | 000,773,152 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit\fitbit.exe -- (Fitbit)
SRV - [2012/05/30 14:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/05/11 09:42:24 | 001,643,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/28 12:49:12 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/30 17:31:03 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/20 08:40:44 | 005,363,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/15 17:05:50 | 002,191,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTDVHD64.sys -- (IntcAzAudAddService)
DRV:64bit: - [2013/08/01 09:28:58 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/01 09:28:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/01 09:28:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/06/04 19:07:44 | 000,095,152 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/02/27 12:58:36 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/02/22 05:40:14 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/02/22 05:40:14 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/02/22 05:40:14 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/23 03:18:58 | 000,039,016 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dcdbas64.sys -- (dcdbas)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/15 20:21:08 | 000,515,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/05/30 16:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/04/02 14:47:26 | 000,026,856 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{19A031D7-1DCF-456B-BA2C-6953AB46AB77}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKLM\..\SearchScopes\{19A031D7-1DCF-456B-BA2C-6953AB46AB77}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=10.0.75.7: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=10.0.75.7: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/03 17:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dworaks\AppData\Roaming\Mozilla\Extensions
[2013/12/15 16:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dworaks\AppData\Roaming\Mozilla\Firefox\extensions
[2014/10/30 15:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dworaks\AppData\Roaming\Mozilla\Firefox\Profiles\0jdc2wdu.default\extensions
[2013/12/31 13:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/31 13:50:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\DWORAKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JDC2WDU.DEFAULT\EXTENSIONS\IOBITASCSURFINGPROTECTION@IOBIT.COM

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1962258163-3716458331-2083168627-1001\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34CB43D5-985D-4A3A-AC1B-62EF2E9CF302}: DhcpNameServer = 8.8.8.8 97.64.168.12 97.64.183.165
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/28 16:25:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/30 16:47:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/30 16:45:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dworaks\Desktop\OTL.exe
[2014/10/30 16:21:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/30 16:19:35 | 001,706,144 | ---- | C] (Thisisu) -- C:\Users\Dworaks\Desktop\JRT.exe
[2014/10/30 15:54:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/29 17:26:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dworaks\Desktop\dds.scr
[2014/10/28 19:02:54 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/28 17:52:38 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/10/28 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\ProductData
[2014/10/28 17:39:28 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014/10/28 17:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/10/28 17:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/10/28 17:39:07 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014/10/28 17:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/10/28 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\IObit
[2014/10/28 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/10/28 07:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Web TuneUp
[2014/10/27 23:13:41 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\TuneUp Software
[2014/10/27 21:56:07 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Local\MFAData
[2014/10/27 21:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/10/27 21:29:09 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/27 21:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/27 21:28:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/27 21:28:47 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/27 21:28:46 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/10/27 21:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/27 21:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/27 17:54:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/10/27 17:54:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2014/10/27 17:51:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/10/27 17:51:12 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\canon
[2014/10/27 17:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2014/10/27 17:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2014/10/27 17:50:17 | 000,321,536 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_BUL.dll
[2014/10/27 17:50:17 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2014/10/27 17:49:22 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL
[2014/10/27 17:49:22 | 000,359,936 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL
[2014/10/27 17:49:22 | 000,039,424 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL
[2014/10/27 17:49:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2014/10/27 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series User Registration
[2014/10/27 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2014/10/27 17:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014/10/27 17:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2014/10/27 17:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
[2014/10/27 17:26:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/10/27 16:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014/10/26 17:54:38 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\Aqmapi
[2014/10/26 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\AppData\Roaming\Ushafehu
[2014/10/25 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/10/25 10:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/25 10:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/25 10:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/25 10:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/25 10:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/10/15 02:28:49 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 02:28:49 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 02:28:49 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 02:28:49 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 02:28:48 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 02:28:48 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 02:28:44 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/15 02:28:44 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/15 02:28:44 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/15 02:28:43 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/15 02:28:43 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/15 02:28:42 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/15 02:28:42 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/15 02:28:42 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/15 02:28:42 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/15 02:28:42 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/15 02:28:41 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/15 02:28:41 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/15 02:28:41 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/15 02:28:41 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/15 02:28:40 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/15 02:28:40 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/15 02:28:40 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/15 02:28:40 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/15 02:28:40 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/15 02:28:40 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/15 02:28:40 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/15 02:28:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/15 02:28:40 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/15 02:28:39 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/15 02:28:39 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/15 02:28:39 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/15 02:28:39 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/15 02:28:39 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/15 02:28:39 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/15 02:28:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/15 02:28:38 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/15 02:28:38 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/15 02:28:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/15 02:28:38 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/15 02:28:38 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/15 02:28:38 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/15 02:28:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/15 02:28:37 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/15 02:28:37 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/15 02:28:37 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/15 02:28:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/15 02:28:37 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/15 02:28:37 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/15 02:28:37 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/15 02:28:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/15 02:28:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/15 02:28:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/15 02:28:36 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/15 02:28:36 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/15 02:28:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/15 02:28:36 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/15 02:28:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/15 02:28:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/15 02:28:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/15 02:28:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/15 02:28:35 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/15 02:28:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/15 02:28:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/15 02:28:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/15 02:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/15 02:28:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/15 02:28:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/15 02:28:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/15 02:28:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/15 02:28:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/15 02:28:31 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 02:28:31 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 02:28:30 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 02:28:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 02:28:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 02:28:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 02:28:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 02:28:29 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 02:28:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 02:28:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 02:28:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 02:28:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 02:28:28 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 02:28:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 02:28:27 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 02:28:27 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 02:28:27 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 02:28:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 02:28:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 02:28:26 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 02:28:26 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 02:28:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 02:28:25 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 02:28:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 02:28:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 02:28:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 02:28:24 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 02:28:24 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 02:28:24 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 02:28:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 02:28:23 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 02:28:23 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 02:28:23 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 02:28:23 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 02:28:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 02:28:22 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 02:28:22 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 02:28:22 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 02:28:00 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 02:27:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 02:27:58 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 02:27:54 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 02:27:54 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 02:27:53 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 02:27:53 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 02:27:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 02:27:52 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 02:27:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 02:27:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 02:27:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 02:27:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/04 18:45:31 | 000,000,000 | ---D | C] -- C:\Users\Dworaks\Desktop\Homecoming
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/10/30 17:31:03 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/30 16:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/30 16:48:45 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/30 16:48:45 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/30 16:45:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dworaks\Desktop\OTL.exe
[2014/10/30 16:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/30 16:39:46 | 472,739,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/30 16:19:38 | 001,706,144 | ---- | M] (Thisisu) -- C:\Users\Dworaks\Desktop\JRT.exe
[2014/10/30 16:10:06 | 001,375,089 | ---- | M] () -- C:\Users\Dworaks\Desktop\adwcleaner_3.311.exe
[2014/10/30 09:07:15 | 000,025,088 | ---- | M] () -- C:\Users\Dworaks\Desktop\codecheck.exe
[2014/10/30 09:06:28 | 000,468,480 | ---- | M] () -- C:\Users\Dworaks\Desktop\CKScanner.exe
[2014/10/29 17:26:33 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dworaks\Desktop\dds.scr
[2014/10/29 14:48:50 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/29 14:48:50 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/29 14:48:50 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/28 16:25:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/10/27 21:28:58 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/27 21:27:49 | 000,001,104 | -H-- | M] () -- C:\ProgramData\@system2.att
[2014/10/27 21:27:33 | 000,001,368 | ---- | M] () -- C:\ProgramData\@system.att
[2014/10/27 17:57:54 | 000,465,770 | ---- | M] () -- C:\Users\Dworaks\Documents\IMG_20141027_0002.pdf
[2014/10/27 17:56:49 | 000,669,915 | ---- | M] () -- C:\Users\Dworaks\Documents\IMG_20141027_0001.pdf
[2014/10/27 17:46:10 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2014/10/27 17:28:40 | 000,002,364 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5500 series On-screen Manual.lnk
[2014/10/26 22:12:16 | 000,010,112 | ---- | M] () -- C:\bootsqm.dat
[2014/10/25 17:38:35 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\u
[2014/10/25 17:31:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\iaowsy.dll
[2014/10/25 10:19:57 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/15 03:26:43 | 000,437,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/09 21:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 21:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/09 21:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/06 22:41:16 | 000,016,138 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2014/10/06 15:35:00 | 001,869,880 | ---- | M] () -- C:\Users\Dworaks\Desktop\Camera settings.pdf
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/30 16:10:03 | 001,375,089 | ---- | C] () -- C:\Users\Dworaks\Desktop\adwcleaner_3.311.exe
[2014/10/30 09:07:14 | 000,025,088 | ---- | C] () -- C:\Users\Dworaks\Desktop\codecheck.exe
[2014/10/30 09:06:26 | 000,468,480 | ---- | C] () -- C:\Users\Dworaks\Desktop\CKScanner.exe
[2014/10/28 16:25:45 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/10/27 21:28:58 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/27 17:57:43 | 000,465,770 | ---- | C] () -- C:\Users\Dworaks\Documents\IMG_20141027_0002.pdf
[2014/10/27 17:56:44 | 000,669,915 | ---- | C] () -- C:\Users\Dworaks\Documents\IMG_20141027_0001.pdf
[2014/10/27 17:50:17 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\CNC1771D.TBL
[2014/10/27 17:46:10 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2014/10/27 17:28:40 | 000,002,364 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5500 series On-screen Manual.lnk
[2014/10/26 22:12:16 | 000,010,112 | ---- | C] () -- C:\bootsqm.dat
[2014/10/26 17:55:14 | 000,001,368 | ---- | C] () -- C:\ProgramData\@system.att
[2014/10/26 17:54:24 | 000,001,104 | -H-- | C] () -- C:\ProgramData\@system2.att
[2014/10/25 17:32:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\u
[2014/10/25 17:31:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\iaowsy.dll
[2014/10/25 10:19:57 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/06 15:34:56 | 001,869,880 | ---- | C] () -- C:\Users\Dworaks\Desktop\Camera settings.pdf
[2014/08/26 10:21:35 | 000,000,600 | ---- | C] () -- C:\Users\Dworaks\AppData\Local\PUTTY.RND
[2014/07/09 00:16:33 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/06 05:06:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\RtkMsgs.dll
[2013/10/10 20:08:33 | 000,005,120 | ---- | C] () -- C:\Users\Dworaks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/10 20:04:48 | 000,000,258 | RHS- | C] () -- C:\Users\Dworaks\ntuser.pol
[2013/10/09 15:38:01 | 000,000,115 | ---- | C] () -- C:\Users\Dworaks\AppData\Roaming\WB.CFG
[2013/10/09 15:38:01 | 000,000,006 | ---- | C] () -- C:\Users\Dworaks\AppData\Roaming\WBPU-TTL.DAT
[2013/08/07 20:45:18 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/08/07 20:45:17 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/08/01 09:17:04 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/08/01 09:17:02 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/03/08 11:37:36 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll
[2013/03/08 11:37:34 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll
[2013/03/08 11:37:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll
[2013/03/08 11:37:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll
[2013/03/08 11:37:32 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll
[2013/03/08 11:37:30 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll
[2013/03/08 11:37:30 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll
[2013/03/08 11:37:30 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll
[2013/03/08 11:37:28 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll
[2013/03/08 11:37:28 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll
[2013/03/08 11:37:26 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll
[2013/03/08 11:37:26 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll
[2013/03/08 11:37:26 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll
[2013/03/08 11:37:24 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll
[2013/03/08 11:37:24 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll
[2013/03/08 11:37:22 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll
[2013/03/08 11:37:22 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll
[2013/03/08 11:37:20 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll
[2013/03/08 11:37:20 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll
[2013/03/08 11:37:20 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll
[2013/03/08 11:37:18 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll
[2013/03/08 11:37:18 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll
[2013/03/08 11:37:16 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll
[2013/03/08 11:37:16 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll
[2013/03/08 11:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll
[2013/03/08 11:37:14 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll
[2013/03/08 11:37:12 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll
[2013/03/08 11:37:12 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/10/17 17:55:40 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\.minecraft
[2014/05/30 14:31:27 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\.technic
[2013/10/09 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\0D0S1L2Z1P1B
[2014/10/26 19:01:48 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\Aqmapi
[2014/10/27 17:54:34 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\canon
[2014/03/19 20:25:47 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\GoPro
[2013/08/25 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\Greenshot
[2013/08/21 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\Helios
[2013/08/25 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\ICAClient
[2014/10/28 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\IObit
[2013/11/27 10:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\Origin
[2014/10/28 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\ProductData
[2014/01/12 20:45:06 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\TaxCut
[2014/10/27 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\TuneUp Software
[2014/10/27 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\Ushafehu
[2013/10/04 09:24:32 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\webex

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/10/26 17:54:24 | 000,000,448 | -H-- | M] ()(C:\Users\Dworaks\AppData\Roaming\????) -- C:\Users\Dworaks\AppData\Roaming\麽鎒駓覜
[2014/10/26 17:54:24 | 000,000,448 | -H-- | C] ()(C:\Users\Dworaks\AppData\Roaming\????) -- C:\Users\Dworaks\AppData\Roaming\麽鎒駓覜

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:24 pm

E: Results of Extras.txt

OTL Extras logfile created on: 10/30/2014 5:48:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dworaks\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 43.29% Memory free
11.84 Gb Paging File | 8.87 Gb Available in Paging File | 74.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.74 Gb Total Space | 712.59 Gb Free Space | 76.56% Space Free | Partition Type: NTFS

Computer Name: DWORAKS-PC | User Name: Dworaks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05471B7A-4EF5-4FD7-A932-AB38140B5F2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B0C8070-11FA-4E7F-8C7C-83678319CC2F}" = lport=445 | protocol=6 | dir=in | app=system |
"{280A08AC-1C5C-429B-A960-AEBE50FF1110}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{282416C8-A697-4A66-9576-68EAA3605DB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BAF1592-0E59-422E-8AB0-1A20FD4A996C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A9706DA-F0C9-4789-A2C6-53EC882B9EAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B0C0D10-BD50-4782-BAB1-D15E92271947}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48A6EAC8-7CAB-4F2C-B12A-4CEAB55DDF6D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48D0CA8F-0F95-449F-AB23-8874D4105EED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{4A203658-2954-4463-AE31-F1EA4F1AC78D}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C288051-CA21-498B-AA95-8FE5DE4A4B71}" = lport=445 | protocol=6 | dir=in | app=system |
"{5713D55E-50EA-4A61-BAA0-0571C577E65B}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B7C6888-B387-4020-96A5-69ACA48AD0ED}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{6C6231BC-9E8C-46A1-82E6-583E48B5F00E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CCAD775-E209-42FD-B0B9-2063E58BD5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{7931BE64-93FB-4C51-A907-3ABD2B5CCDD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B3D3159-286E-4430-BFD4-565BB835CB4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{7EC11011-180E-4C41-B9E5-B3F024A6DF75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87DD8583-6E9D-4744-9F95-FD7E3D7EE8C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{89F4D92B-FF74-463F-9D84-BD0EBDDF2D88}" = lport=138 | protocol=17 | dir=in | app=system |
"{98CC59F1-D036-4FD1-9176-E3046C64494B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE3BE358-08CB-4966-96D0-2A0B28AA7BB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{B30443C9-561C-4CF8-A35D-E3A2801E3916}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B825D024-D6E8-4154-9B73-8C0DB66BDA28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF017563-4C95-43E8-8DBC-36C75DC6B05B}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{C4F2952E-57DD-45C2-BB69-2EEA2FC3C18F}" = lport=rpc | protocol=6 | dir=in | svc=* | app=%systemroot%\system32\svchost.exe |
"{D9B3DD78-770F-42B7-ACE1-1BBE12A8A983}" = lport=rpc | protocol=6 | dir=in | svc=* | app=%systemroot%\system32\svchost.exe |
"{E75908F3-0D04-4A78-AECB-F290EBC00366}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6B30A1E-C4B5-4AF2-924D-0E5DB1EFD64B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8CC5B9C-88B0-41D2-BFDD-41F668941558}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD5A703E-FFE6-48ED-ABDF-1CC809E7926A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF706383-DB35-4F72-B43C-B69B8F05DECB}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CC68FB-2F49-40BF-B39C-ABD8140ED13C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0BE175C2-5278-485B-894E-4EAD644F1C69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FF7805E-F2F4-43C3-B2F8-EDA178D89006}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12F0EE9C-F61D-472B-8247-590B12CAF68D}" = protocol=58 | dir=in | name=@firewallapi.dll,-26078 |
"{12F38EFA-5D26-4205-83F9-DDACD2BF7A47}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{17DA868F-BFE4-4B98-9A67-EAE1CBA39681}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{1BD30484-13B9-483C-A35B-2B3B1D812C22}" = dir=out | app=c:\program files\citrix\secure access client\nsepa.exe |
"{1E696280-F116-420E-AC7B-2FADB56AAAEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1E9DD273-41CB-4455-939B-EC9BF86EAEFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-26078 |
"{20457272-B558-48E9-97B5-5CB67872C7E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E693AD7-84D8-4EB8-9464-E9D2C71F2BCE}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{34E5960B-4047-4141-8D8E-47132FEDAEDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38F804CC-630F-40B8-B9DF-710FF805CB51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C338C07-7653-44E1-A97F-DE24309A6DE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-26023 |
"{427984FF-0763-429B-81D5-C6D39F173AE2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{42D01ECD-1FA9-442A-9D0F-9D9A187877B7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4659665F-80E0-4010-9B8C-EF19EF8AE1C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{4DB58D50-20CA-4D26-94EC-CF74EF57EA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-26079 |
"{4E98937B-53FF-4C10-9CCE-F5955AB27179}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
"{60A43B89-876F-485C-A09B-2054ADF76FF2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67EC324F-22EB-4108-A069-0AE687A9283E}" = protocol=1 | dir=out | name=@firewallapi.dll,-26023 |
"{6C8FA165-A198-40D1-B3C6-5D23B4FE7083}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{6F612A50-DF9A-4160-B070-6E520FADEA09}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{718B7693-1F32-41AB-AA40-117B9262FEA1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{77ACDF89-B001-4EB4-8235-74E215E8B9F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-26022 |
"{78C195AA-4E5D-40B8-A293-8410FA886D6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78D9973E-FD22-44AF-BFCC-9090CF0D0A37}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7FA4ED24-4DF6-4870-AE9D-39AAB6FBF5AD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{81C0C870-4CB7-4B9B-A4EF-2B7FED9836BA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{83E2A092-AF0D-40C3-A5E8-3C2870692657}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8776F0DD-7CF7-4526-BF88-B4DE0A01974A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A58E2510-6653-4D88-8838-BC32C5F6E262}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC4590BA-3337-45B9-8FBE-62ACD7CC56C0}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B0CC24C7-2544-40FF-A6DA-68D026DE318D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1121C03-7238-46C7-9088-311AD0255B98}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{B4ED6F77-8BDD-4ADC-9D28-B62357C26B4D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{B9491639-4DCA-46CA-A3B3-BC3B5CD15EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{BE08C5CA-97D8-4073-976D-3603CED55959}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF803531-E6EE-4639-ACC4-910F2E13B8D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFFB25CD-6DEA-4BD2-9B58-7CCFD615DA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 4 create a sim demo\game\bin\ts4cas.exe |
"{C538B644-87D0-47B7-B6CB-3D529326459E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C96B2F06-DCAA-4D40-8892-75F510F58975}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEBB1C56-8534-4A71-903F-E248C8C10698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEFBE2B1-C340-4F54-B778-C7AAC25105FB}" = protocol=6 | dir=out | app=system |
"{D4BB85FB-AB47-46BF-B560-F02349A5C7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DBFD553B-A4E8-4831-B18E-B83815B9F60A}" = protocol=58 | dir=out | name=@firewallapi.dll,-26079 |
"{E0ABBF80-00E5-4331-87FB-67A055B91AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{E0ACEDF4-C1A3-4588-94AE-6A73E59D2812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5AC4FA6-16F8-41BE-9FEA-28EEB5443FCE}" = protocol=1 | dir=in | name=@firewallapi.dll,-26022 |
"{E934DCEA-620B-4B6C-A2A7-94043835D982}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 4 create a sim demo\game\bin\ts4cas.exe |
"{EFDBCA68-A324-4CDA-BC55-0F98D2F7264B}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
"{F40B0F76-66AB-48DA-8BFE-F81DA1C464BC}" = dir=in | app=c:\program files\citrix\secure access client\nsepa.exe |
"{F544B69D-5121-48B2-BE7B-EF837CBB4F7A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{21DA5B27-C6D9-4CEA-B98A-FB571F9AF582}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{63A43E6D-7BB6-412A-BAE3-932FECD6886B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A36D8A59-D685-4A28-A092-A42B3C6BBB94}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{FCB7E2FC-C519-4103-9DB8-BCC9F87E0A53}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series" = Canon MG5500 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}" = DellAccess
"{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}" = Trusted Drive Manager
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{59ACD2BB-FC62-4427-81D2-618CF81A2A32}" = Preboot Manager
"{5F160A36-29D0-4AE0-986C-671A564BC0D4}" = Wave Crypto Runtime 2.0.9.0 x64
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7567A068-2F02-40D1-A34C-16D79ECD35A6}" = GemPcCCID
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}" = EMBASSY Client Core
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{858C1B33-C3D5-4377-B77B-1E2F338C7F66}" = Intel(R) Network Connections 17.2.154.0
"{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}" = Wave Support Software Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90DB5C39-360F-4187-9D56-E3B013CEEF73}" = Wave Infrastructure Installer
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}" = SI TSS
"{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}" = Private Information Manager
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C403F3CF-A531-4D11-ADAE-7D002F8264FE}" = Citrix Access Gateway Endpoint Analysis
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D46BCA58-0AF7-4455-8017-34CE3FEEE808}" = ERAS Connector
"{DD317AA5-F0EF-480F-9501-507712B5E0B6}" = SPBA (WBF) 5.9
"{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}" = PBA Driver-x64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Greenshot_is1" = Greenshot 1.0.6.2228
"Microsoft Security Client" = Microsoft Security Essentials
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"PROSetDX" = Intel(R) Network Connections 17.2.154.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1606C5A0-DCD7-4543-A185-FAAD210E5284}" = Citrix Receiver(Aero)
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}" = Wave Crypto Runtime 2.0.9.0 x86
"{30A6A2A7-7B5B-4595-98B4-6B6D3F376531}" = H&R Block Iowa 2013
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6D7195-3B74-46AF-9BD1-49EBECD0A455}" = Citrix Receiver(DV)
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{42D65288-92F3-4AD6-892C-DFEE475F69A9}" = Citrix Receiver Updater
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = HRBlockDirect version 1.1.2.0
"{6908ED99-F02B-4E99-A202-3FAC99C510ED}" = The Sims™ 4 Create A Sim Demo
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BDC0D7C-9E42-4667-8FA9-2F26A2FEF4D0}" = Citrix Receiver(USB)
"{6C487153-A286-48F7-BE55-717552E90E20}" = Self-service Plug-in
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A0FE2C0-7A7E-444E-8BD4-087178A91865}" = Online Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F53AC20-2D32-4341-9DA1-29DD40E2199E}" = TextPad 7
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C257E096-67B0-4122-98F3-EE0D8798E03B}" = Fitbit Connect
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB63285D-990D-4207-AE31-000025626917}" = toolkit32for64bit
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D67AEDE1-BCCF-4C5D-BF4F-A08FE92075B7}" = Citrix Receiver Inside
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB1C49C7-AC32-4785-A281-774744FC78F5}" = Citrix Authentication Manager
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EC94A726-7636-4693-9627-D8A8B44793EE}" = Citrix Receiver (HDX Flash Redirection)
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE796DE-0A72-464D-9D21-F04BC41A092B}" = H&R Block Deluxe + Efile + State 2013
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Canon MG5500 series On-screen Manual" = Canon MG5500 series On-screen Manual
"Canon MG5500 series User Registration" = Canon MG5500 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fitbit Data Uploader_is1" = Fitbit v2.1.0.9
"FITBIT&10C4&84C4" = Fitbit Base Station (Driver Removal)
"GoPro Studio" = GoPro Studio 2.0.1
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"swtor_swtor" = Star Wars The Old Republic
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2014 6:47:28 PM | Computer Name = Dworaks-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 17f4 Start Time:
01cff4909ad54ac4 Termination Time: 5 Application Path: C:\Users\Dworaks\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 10/30/2014 6:25:37 PM | Computer Name = Dworaks-PC | Source = DCOM | ID = 10010
Description =


< End of report >
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:26 pm

F: Results from Systemlook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 18:20 on 30/10/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*IObit*"
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 7:29 pm

G: I still see a lot of the dllhost.exe *32 COM Surrogate tasks open and filling up with memory.
Prior to this i installed Malwarebyte Anti-Malware and that application pops up banners in the corner with "Malicious Website Blocked" then information related to the C:\Windows\SysWOW64\dllhost.exe and the site attempting to be accessed.
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » October 30th, 2014, 8:49 pm

Hello lynda,

I still see a lot of the dllhost.exe *32 COM Surrogate tasks open and filling up with memory.
We are not finished yet... :D

F: Results from Systemlook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 18:20 on 30/10/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*IObit*"
It looks like you posted a part of that log file. Please check it and post the whole contents. If you find something wrong with Systemlook.txt, please rerun that step (7) and post results in your next reply.

In the meantime... I will continue to analyze your other logs.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 30th, 2014, 9:28 pm

Reran F:

Results of Systemlook.txt ---

SystemLook 30.07.11 by jpshortstuff
Log created at 19:54 on 30/10/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*IObit*"
C:\Windows\System32\IObitSmartDefragExtension.dll --a---- 128288 bytes [22:39 28/10/2014] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306

Searching for "*jhtxyk*"
No files found.

========== folderfind ==========

Searching for "*IObit*"
C:\Program Files (x86)\IObit d------ [22:37 28/10/2014]
C:\Program Files (x86)\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\Program Files (x86)\IObit\IObit Uninstaller d------ [22:39 28/10/2014]
C:\ProgramData\IObit d------ [22:37 28/10/2014]
C:\Users\All Users\IObit d------ [22:37 28/10/2014]
C:\Users\Dworaks\AppData\LocalLow\IObit d------ [22:38 28/10/2014]
C:\Users\Dworaks\AppData\Roaming\IObit d------ [22:37 28/10/2014]
C:\Users\Dworaks\AppData\Roaming\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\Users\Dworaks\AppData\Roaming\IObit\IObit Uninstaller d------ [22:39 28/10/2014]

Searching for "*jhtxyk*"
No folders found.

========== Regfind ==========

Searching for "IObit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 7]
"apppath"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 7]
"installpath"="C:\Program Files (x86)\IObit\Surfing Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ASC]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\LiveUpdate]
"AppPath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Uninstaller 3]
"UninstallerFree"="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LiveUpdateSvc]
"ImagePath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LiveUpdateSvc]
"ImagePath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LiveUpdateSvc]
"ImagePath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"=""C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"=""C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto"

Searching for "jhtxyk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jhtxyk]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\jhtxyk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\jhtxyk]

-= EOF =-
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » October 31st, 2014, 1:26 am

Hello lynda,

Very good job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Processes
    ctfmon.exe
    dllhost.exe
    
    :Services
    LiveUpdateSvc
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    File not found (No name found) -- C:\USERS\DWORAKS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0JDC2WDU.DEFAULT\EXTENSIONS\IOBITASCSURFINGPROTECTION@IOBIT.COM
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
    [2014/10/28 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Dworaks\AppData\Roaming\IObit
    
    :Files
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\syswow64\dllhost.exe
    C:\Program Files (x86)\IObit
    C:\Users\Dworaks\AppData\Roaming\IObit
    C:\Windows\SysNative\IObitSmartDefragExtension.dll
    C:\Windows\SysNative\SmartDefragBootTime.exe
    C:\ProgramData\IObit
    C:\Users\All Users\IObit
    C:\Users\Dworaks\AppData\LocalLow\IObit
    C:\Users\Dworaks\AppData\Roaming\IObit 
    C:\Windows\*.tmp
    C:\ProgramData\*.tmp
    @C:\ProgramData\TEMP:054203E4
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LiveUpdateSvc]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LiveUpdateSvc]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LiveUpdateSvc]
    "ImagePath"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 7"=-
    [HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 7"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jhtxyk]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\jhtxyk]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\jhtxyk]
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 3.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *cheapinsurance*
    *coreclickhoo*
    *crossrider*
    *datamngr*
    *dealshark*
    *digitalsite*
    *filescout*
    *fighters*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *mobogenie*
    *optimizer*
    *pricegong*
    *SafeGuard*
    *smartbar*
    *searchab*
    *searchdonkey*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *cheapinsurance*
    *coreclickhoo*
    *crossrider*
    *dealshark*
    *datamngr*
    *digitalsite*
    *smartbar*
    *fighters*
    *filescout*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *mobogenie*
    *optimizer*
    *pricegong*
    *SafeGuard*
    *searchab*
    *searchdonkey*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    cheapinsurance
    coreclickhoo
    crossrider
    Conduit
    datamngr
    dealshark
    digitalsite
    filescout
    fighters
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    istart123
    MyWay
    mobogenie
    optimizer
    pricegong
    SafeGuard
    searchab
    searchdonkey
    smartbar
    sprotector
    superfish
    Tarma
    trolltech
    vshare
    whitesmoke
    wajam
    Yontoo
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the zoek-results.log file
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 12:04 pm

A. No problems with these
B. Results from OTL -

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
No active process named ctfmon.exe was found!
Process dllhost.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
C:\Users\Dworaks\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Dworaks\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
File move failed. C:\Windows\SysWOW64\ctfmon.exe scheduled to be moved on reboot.
File move failed. C:\Windows\syswow64\dllhost.exe scheduled to be moved on reboot.
C:\Program Files (x86)\IObit\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Temp folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
File\Folder C:\Users\Dworaks\AppData\Roaming\IObit not found.
C:\Windows\SysNative\IObitSmartDefragExtension.dll moved successfully.
C:\Windows\SysNative\SmartDefragBootTime.exe moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File\Folder C:\Users\All Users\IObit not found.
C:\Users\Dworaks\AppData\LocalLow\IObit\SafeBrowse folder moved successfully.
C:\Users\Dworaks\AppData\LocalLow\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Dworaks\AppData\LocalLow\IObit folder moved successfully.
File\Folder C:\Users\Dworaks\AppData\Roaming\IObit not found.
C:\Windows\invcol.tmp moved successfully.
C:\ProgramData\wrnhoah.tmp moved successfully.
ADS C:\ProgramData\TEMP:054203E4 deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dworaks\Desktop\cmd.bat deleted successfully.
C:\Users\Dworaks\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IObit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LiveUpdateSvc not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LiveUpdateSvc\\ImagePath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LiveUpdateSvc not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry value HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe not found.
Registry value HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jhtxyk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\jhtxyk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\jhtxyk\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dworaks
->Flash cache emptied: 182915 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dworaks
->Java cache emptied: 37064125 bytes

User: Public

Total Java Files Cleaned = 35.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dworaks
->Temp folder emptied: 32976558032 bytes
->Temporary Internet Files folder emptied: 4874555171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28296735 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1343841719 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 78693493 bytes

Total Files Cleaned = 37,481.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312014_072622

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\ctfmon.exe scheduled to be moved on reboot.
File move failed. C:\Windows\syswow64\dllhost.exe scheduled to be moved on reboot.
C:\Users\Dworaks\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dworaks\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\DWORAKS-PC-20141030-1837.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20141030183721730).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20141030183721730).log not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 1:17 pm

c: Zoek results:



Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Dworaks on Fri 10/31/2014 at 11:06:06.01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dworaks\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

10/31/2014 11:07:37 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Dworaks\AppData\LocalLow\{2F06FD93-26CF-1CC2-AC7E-35295A68B2B3} deleted
C:\Users\Dworaks\AppData\Local\Packages\windows_ie_ac_001\AC\{2F06FD93-26CF-1CC2-AC7E-35295A68B2B3} deleted
C:\Users\Dworaks\daemonprocess.txt deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Dworaks\AppData\Local\cache deleted
C:\Users\Dworaks\Downloads\avg_free_stb_all_2015_5557_cnet.exe deleted
C:\Users\Dworaks\AppData\LocalLow\{499110B0-969B-03A1-A23F-C16F5D9D234B} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\2d14ad59.msi" deleted
"C:\Users\Dworaks\AppData\Roaming\????" not deleted
"C:\PROGRA~3\9e0347dcc2c42c3e\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" deleted
"C:\PROGRA~3\9e0347dcc2c42c3e\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}.old" deleted
"C:\windows\SysNative\tasks\Dell\Client System Update" deleted
"C:\Windows\SysNative\tasks\Dell\Client System Update" deleted
"C:\PROGRA~3\9e0347dcc2c42c3e" deleted
"C:\windows\SysNative\tasks\Dell" deleted
"C:\Windows\SysNative\tasks\Dell" deleted
"C:\Users\Dworaks\AppData\Roaming\webex" deleted
"C:\Users\Dworaks\AppData\Roaming\Aqmapi" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Dworaks\AppData\Roaming\Mozilla\Firefox\Profiles\0jdc2wdu.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
A0C99FDB62BE2C620C439A4273DE5D88 - C:\Program Files\Citrix\Secure Access Client\npagee.dll - Citrix Access Gateway
A0C99FDB62BE2C620C439A4273DE5D88 - C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee.dll - Citrix Access Gateway
E5AE569FEB47BDE05D0DCC83594EE488 - C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee64.dll - Citrix Access Gateway
E5AE569FEB47BDE05D0DCC83594EE488 - C:\Program Files\Citrix\Secure Access Client\npagee64.dll - Citrix Access Gateway


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{19A031D7-1DCF-456B-BA2C-6953AB46AB77} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Internet Explorer\SearchScopes\{19A031D7-1DCF-456B-BA2C-6953AB46AB77} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88256D243F296DA498C2FDEE74F5969A deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2413A56B-473B-80AA-461F-8A87771BB413} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1F07653-3C80-CA85-C05E-308CC42F9463} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42D65288-92F3-4AD6-892C-DFEE475F69A9} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\88256D243F296DA498C2FDEE74F5969A deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dworaks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Dworaks\AppData\Local\Mozilla\Firefox\Profiles\0jdc2wdu.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=46 31348068 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dworaks\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dworaks\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Dworaks\AppData\Roaming\????" not deleted

==== EOF on Fri 10/31/2014 at 12:15:05.01 ======================
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware