Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help still have syswow64 on computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help still have syswow64 on computer

Unread postby Nismogsxr » January 25th, 2015, 5:18 pm

I received help with my computer about a week or two ago and It seemed like everything was good. I re-installed Avast antivirus on my computer and it shows that the malware is still on my computer. It is showing C:\Windows\syswow64\dllhost.exe. It is showing it as object http://f0fff0.com/q, http://fa8072.com/q, and http://fff5ee.com/q. It is really aggravating having to always having my volume turned off so I do not hear Avast constantly pinging saying virus has been detected.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Gail at 15:13:37 on 2015-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2579 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\ProgramData\cis5EB2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Program Files\AVAST Software\Avast\Setup\aswOfferTool.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRunOnce: [Adobe Speed Launcher] 1422216726
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\25163636F6F6E60235F6574786 : DHCPNameServer = 208.67.222.222 8.8.8.8 192.168.1.1
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\7594E4F503734663 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\7594E4F503734663 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\E4544574541425 : DHCPNameServer = 192.168.10.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2015-1-1 83176]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2015-1-1 43240]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-25 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-25 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-25 436624]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-1-1 26528]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-12-15 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-12-15 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-12-15 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-31 204288]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-25 87912]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-1-25 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-25 50344]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-17 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-15 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-2 255376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-1-25 271752]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-31 114704]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-1-25 4012248]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-17 142632]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2015-1-1 128200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2015-1-1 272600]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-15 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2015-1-11 20872]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-1 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-1-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-25 20:00:01 -------- d--h--w- C:\VTRoot
2015-01-25 19:45:59 -------- d-----w- C:\Users\Gail\AppData\Roaming\AVAST Software
2015-01-25 19:43:12 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-01-25 19:43:12 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-01-25 19:43:12 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-25 19:43:12 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-25 19:43:12 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-25 19:43:12 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-01-25 19:43:12 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-25 19:42:59 43152 ----a-w- C:\Windows\avastSS.scr
2015-01-25 19:42:44 5404888 ----a-w- C:\ProgramData\cis5EB2.exe
2015-01-24 16:02:31 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2015-01-24 13:53:16 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{82E48FC5-143C-4930-B4EF-A0D5341B192F}\mpengine.dll
2015-01-11 20:18:29 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2015-01-11 20:05:27 -------- d-----w- C:\Windows\ERUNT
2015-01-11 19:48:46 20872 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2015-01-11 19:48:40 -------- d-----w- C:\ProgramData\Unchecky
2015-01-09 14:06:07 129752 ----a-w- C:\Windows\System32\drivers\003A5A98.sys
2015-01-05 17:03:37 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-01-04 01:55:25 -------- d-----w- C:\Program Files\COMODO
2015-01-04 01:53:46 -------- d-----w- C:\ProgramData\Comodo
2015-01-02 03:34:58 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2015-01-02 03:28:58 272600 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2015-01-02 03:28:57 9890008 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2015-01-02 03:27:10 128200 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2015-01-02 03:25:27 83176 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2015-01-02 03:25:27 43240 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2015-01-02 03:23:14 96560 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2015-01-02 03:23:13 4400640 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2015-01-02 03:23:13 3667968 ----a-w- C:\Windows\System32\bcmihvui64.dll
2015-01-02 03:23:13 10434256 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2015-01-02 02:39:13 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2015-01-02 02:38:42 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2015-01-02 02:23:34 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-02 02:23:34 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-02 02:22:01 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-02 02:22:01 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-02 02:17:55 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-02 01:35:02 -------- d-----w- C:\Users\Gail\AppData\Roaming\ProductData
2015-01-02 01:33:49 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-02 01:32:52 -------- d-----w- C:\ProgramData\ProductData
2015-01-02 01:32:22 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2015-01-01 21:29:23 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-01-01 21:22:50 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-01 21:22:32 -------- d-----w- C:\Users\Gail\AppData\Local\Programs
2015-01-01 20:24:58 -------- d-----w- C:\Windows\SysWow64\vbox
2015-01-01 20:24:58 -------- d-----w- C:\Windows\System32\vbox
2015-01-01 20:14:21 -------- d-----w- C:\Program Files\AVAST Software
2015-01-01 20:09:41 -------- d-----w- C:\ProgramData\AVAST Software
2015-01-01 20:01:44 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-01-01 20:01:44 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-01 20:01:40 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-01 20:01:40 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-01 20:01:39 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
.
==================== Find3M ====================
.
2015-01-25 19:52:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 19:52:22 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-24 13:53:12 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
.
============= FINISH: 15:16:24.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2012 3:04:34 PM
System Uptime: 1/25/2015 3:10:25 PM (0 hours ago)
.
Motherboard: Acer | | JE70-SB
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 355.813 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 11/19/2014 11:09:05 PM - Windows Update
RP65: 11/25/2014 12:42:42 PM - Configured clear.fi
RP66: 12/8/2014 7:45:24 PM - Configured clear.fi
RP67: 12/10/2014 7:12:09 PM - Windows Update
RP68: 12/11/2014 4:56:52 AM - Windows Update
RP69: 12/11/2014 4:07:27 PM - Windows Update
RP70: 12/16/2014 6:10:32 PM - Windows Update
RP72: 12/17/2014 9:22:19 AM - Windows Modules Installer
RP73: 12/18/2014 9:47:01 AM - Windows Update
RP74: 1/1/2015 2:52:44 PM - Windows Update
RP75: 1/1/2015 3:13:14 PM - avast! antivirus system restore point
RP76: 1/1/2015 3:56:12 PM - Removed Fooz Kids
RP77: 1/1/2015 4:44:32 PM - Windows Update
RP78: 1/1/2015 9:19:28 PM - Windows Modules Installer
RP79: 1/1/2015 9:22:42 PM - Windows Modules Installer
RP80: 1/1/2015 9:27:12 PM - Checkpoint by HitmanPro
RP81: 1/1/2015 10:20:39 PM - Driver Booster : AMD SMBus
RP82: 1/1/2015 10:31:24 PM - Installed DirectX
RP83: 1/1/2015 11:40:26 PM - Removed newsXpresso
RP84: 1/3/2015 5:17:03 AM - Windows Update
RP85: 1/3/2015 8:56:16 PM - Installing COMODO Antivirus
RP86: 1/3/2015 8:58:53 PM - Device Driver Package Install: COMODO Network Service
RP87: 1/4/2015 5:17:16 AM - Windows Update
RP88: 1/5/2015 11:59:14 AM - avast! antivirus system restore point
RP89: 1/5/2015 12:14:43 PM - Windows Update
RP90: 1/6/2015 12:37:58 AM - Windows Update
RP91: 1/6/2015 12:14:36 PM - Windows Update
RP92: 1/7/2015 9:44:20 PM - Windows Update
RP93: 1/9/2015 11:45:08 AM - Windows Update
RP94: 1/10/2015 8:06:54 PM - Windows Update
RP95: 1/11/2015 2:13:20 PM - 1/11/15
RP96: 1/11/2015 2:16:39 PM - Removed Fooz Kids
RP97: 1/11/2015 2:17:48 PM - Removed Fooz Kids Platform
RP98: 1/11/2015 2:20:59 PM - Removed GeekBuddy.
RP99: 1/11/2015 2:53:18 PM - Removed COMODO Antivirus
RP100: 1/11/2015 3:35:09 PM - Installing COMODO Antivirus
RP101: 1/11/2015 3:36:03 PM - Device Driver Package Install: COMODO Network Service
RP102: 1/12/2015 9:30:39 PM - OTL Restore Point - 1/12/2015 9:30:31 PM
RP103: 1/13/2015 6:46:36 PM - OTL Restore Point - 1/13/2015 6:46:27 PM
RP104: 1/14/2015 8:22:34 PM - OTL Restore Point - 1/14/2015 8:22:25 PM
RP105: 1/15/2015 9:50:57 AM - Windows Update
RP106: 1/15/2015 9:59:49 AM - OTL Restore Point - 1/15/2015 9:59:47 AM
RP107: 1/15/2015 10:08:38 AM - OTL Restore Point - 1/15/2015 10:08:27 AM
RP108: 1/15/2015 10:09:39 AM - OTL Restore Point - 1/15/2015 10:09:38 AM
RP109: 1/15/2015 11:40:29 AM - Windows Update
RP110: 1/24/2015 8:45:25 AM - Windows Update
RP111: 1/24/2015 10:59:15 AM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP112: 1/24/2015 11:01:57 AM - Installed OpenOffice 4.1.1
RP113: 1/24/2015 4:05:31 PM - Windows Update
RP114: 1/25/2015 2:37:19 PM - avast! antivirus system restore point
RP115: 1/25/2015 2:39:32 PM - Removed COMODO Antivirus
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Reader X (10.1.13) MUI
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avast Free Antivirus
Backup Manager V3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
clear.fi Client
D3DX10
Dolby Advanced Audio v2
Driver Booster 2.1
ETDWare PS/2-X64 8.0.6.3_WHQL
Evernote v. 4.5.1
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
OpenOffice 4.1.1
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Shared C Run-time for x64
Shredder
Silent Hunter Wolves of the Pacific
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
1/24/2015 8:48:30 AM, Error: Schannel [36888] - The following fatal alert was generated: 70. The internal error state is 105.
1/24/2015 4:06:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2984981).
1/24/2015 4:06:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2984976).
1/24/2015 4:06:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2994023).
.
==== End Of File ===========================
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm
Advertisement
Register to Remove

Re: Please help still have syswow64 on computer

Unread postby Gary R » January 26th, 2015, 2:29 am

Looking over your logs now, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help still have syswow64 on computer

Unread postby Gary R » January 26th, 2015, 2:35 am

Hi Nismogsxr,

There's no obvious signs of infection in the logs you've supplied.

C:\Windows\syswow64\dllhost.exe is a legit System File that is part of your Operating System and essential to its operation, however we'll check it to make sure you do not have a corrupt copy on your computer. There's also another file I'd like you to check for me.

C:\Windows\syswow64\dllhost.exe
C:\ProgramData\cis5EB2.exe

  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please (or post me a link(s) to the results).
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help still have syswow64 on computer

Unread postby Nismogsxr » January 28th, 2015, 3:19 pm

When I searched C:\Windows\syswow64\dllhost.exe, everything was clean. However when I went to search C:\ProgramData\cis5EB2.exe, it is not there. I also went and turned on hidden files to where they would show, and still could not locate the file to search.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Please help still have syswow64 on computer

Unread postby Gary R » January 28th, 2015, 6:53 pm

OK, let's run a search for it to make sure it's actually on your computer, and not a "blip" on your DDS log.

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (don't include Code: Select all)
Code: Select all
:filefind
cis5EB2.exe

:file
C:\ProgramData\cis5EB2.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help still have syswow64 on computer

Unread postby Nismogsxr » January 29th, 2015, 1:38 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 12:34 on 29/01/2015 by Gail
Administrator - Elevation successful

========== filefind ==========

Searching for "cis5EB2.exe"
No files found.

========== file ==========

C:\ProgramData\cis5EB2.exe - Unable to find/read file.

-= EOF =-
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Please help still have syswow64 on computer

Unread postby Gary R » January 29th, 2015, 7:03 pm

OK, looks like that file is not now present on your computer.

Is Avast still flagging the C:\Windows\syswow64\dllhost.exe file ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help still have syswow64 on computer

Unread postby Gary R » February 1st, 2015, 2:01 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware