Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe *32 Com Surrogates running In task Manager


  • This topic is locked This topic is locked
2 replies to this topic

#1 chaz002

chaz002

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 17 April 2014 - 11:53 AM

Hello,

 

Windows 7 Pro 64 bit SP 1,  Microsoft Security essentials Intel Core i5-2410M 4GB RAM

 

There are currnelty multiple dllhost.exe processes running in taskmagr. Verified that it was a possible zbot Trojan when scanning through security essentials and attempted to do a System Recovery however I am unable to complete the recovery as a error appears on the C:. When I try to correct the error the process never completes. I have tried removing in safe mode and have been unsuccessful, any help would be greatly appreciated.

 

I saw a previous issue when  I searched dllhost however the fix was specific to that particular user.

 

 

I ran a scan using Faber Recovery Scan Tool, the results are below. 

 

Thank you,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by MTejada (administrator) on GMCVB-LT3199 on 17-04-2014 12:11:47
Running from D:\Marti Comp
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\windows\system32\locator.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\CBM\ScriptLogic.CBM.Agent.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\SLClient.exe
(ArcSoft, Inc.) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\mtejada\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\mtejada\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
() C:\Users\mtejada\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
(Dropbox, Inc.) C:\Users\mtejada\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\javaw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\CBM\ScriptLogic.CBM.UserExperience.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Crawler.com) C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
(Microsoft Corporation) C:\windows\system32\wbem\WMIADAP.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-04-24] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-01-16] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3056880 2013-10-10] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [DesktopAuthority User Experience] => C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\CBM\ScriptLogic.CBM.UserExperience.exe [132608 2009-10-29] (ScriptLogic Software Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [522736 2011-04-18] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PCPowerSpeed] => C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe [384608 2013-11-01] (Crawler.com)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [Google Update] => C:\Users\mtejada\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-11] (Google Inc.)
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [RebateInformer] => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [GenieoUpdaterService] => C:\Users\mtejada\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [291680 2013-02-17] ()
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [GenieoSystemTray] => C:\Users\mtejada\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [526688 2013-02-17] ()
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [Consumer Input Update] => C:\Program Files (x86)\Consumer Input\dca-ua.exe
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [GoogleChromeAutoLaunch_BF157CB4C305353AACC4C817DF5D401C] => C:\Users\mtejada\AppData\Local\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Run: [Nsworks Update] => regsvr32.exe C:\Users\mtejada\AppData\Local\Nsworks\CNHLX700.dll
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-581641037-551173555-1990678075-2829\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\mtejada\AppData\Local\Temp\sivnwrx\sitwgpy\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\mtejada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mtejada\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox64.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll No File
Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} -  No File
Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox64.dll No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Tcpip\..\Interfaces\{9DDD0483-73D2-4C22-8911-603B6E3B2B2C}: [NameServer]198.224.180.135 198.224.179.135
Tcpip\..\Interfaces\{D70F0CF0-5BE6-4E4A-93C4-DCD27AB543DC}: [NameServer]198.224.180.135 198.224.179.135
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @ei.HeadlineAlley_29.com/Plugin - C:\Program Files (x86)\HeadlineAlley_29EI\Installr\1.bin\NP29EISB.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\mtejada\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\mtejada\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\mtejada\AppData\Roaming\mozilla\plugins\npAAdvantagePlugin.dll (Billeo, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
 
Chrome: 
=======
CHR HomePage: hxxp://yahoo.genieo.com/?v=w3i8
CHR RestoreOnStartup: "hxxp://yahoo.genieo.com/?v=w3i8"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mtejada\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mtejada\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\mtejada\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (ArcadeWeb Plugin) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
CHR Plugin: (Google Update) - C:\Users\mtejada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaphcodaeekobnmpkdljikkcogmgmb [2013-02-20]
CHR Extension: (SweetPacks A8) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc [2013-10-03]
CHR Extension: (YouTube) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (ArcadeWeb) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld [2011-08-16]
CHR Extension: (AAdvantage eShopping(SM) assistant) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmcpohmeflbinmfpaenccnmobflogbp [2012-10-16]
CHR Extension: (Google Wallet) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\mtejada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\mtejada\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [angobeimajilfhlcpeiccndaifchnppl] - C:\Program Files (x86)\AppGraffiti\Chrome\graff_chr.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\mtejada\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-09-30]
CHR StartMenuInternet: Google Chrome - C:\Users\mtejada\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 ScriptLogic CBM Service; C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\CBM\ScriptLogic.CBM.Agent.exe [398848 2009-10-29] (ScriptLogic Software Corporation)
R2 SLClient; C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.08003.58725\SLClient.exe [556384 2009-10-29] (ScriptLogic Software Corporation)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5862400 2013-04-24] (Broadcom Corporation)
S2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-01] (Symantec Corporation)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-01-16] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NWUSBModem_001; C:\Windows\System32\DRIVERS\nwusbmdm_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort2_001; C:\Windows\System32\DRIVERS\nwusbser2_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-05-03] (Novatel Wireless Inc.)
S3 nwvzwmbnet_001; C:\Windows\System32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-05-03] (Novatel Wireless Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S1 coalspde; \??\C:\windows\system32\drivers\coalspde.sys [X]
S1 igjxufvp; \??\C:\windows\system32\drivers\igjxufvp.sys [X]
S1 lyrgjijn; \??\C:\windows\system32\drivers\lyrgjijn.sys [X]
S1 nvjcmtxk; \??\C:\windows\system32\drivers\nvjcmtxk.sys [X]
S1 nvmhwzyq; \??\C:\windows\system32\drivers\nvmhwzyq.sys [X]
S1 sukelofj; \??\C:\windows\system32\drivers\sukelofj.sys [X]
S1 ybsdsake; \??\C:\windows\system32\drivers\ybsdsake.sys [X]
S1 ztejshmg; \??\C:\windows\system32\drivers\ztejshmg.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-17 12:11 - 2014-04-17 12:11 - 00000000 ____D () C:\FRST
2014-04-17 11:48 - 2014-04-17 11:48 - 00000000 ____D () C:\ProgramData\Norton
2014-04-17 11:48 - 2014-04-17 11:48 - 00000000 ____D () C:\NPE
2014-04-17 08:51 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-17 08:51 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-04-17 08:51 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-17 08:51 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-04-17 08:46 - 2014-04-17 08:46 - 00058288 _____ (Symantec Corporation) C:\windows\system32\snacnp.dll
2014-04-09 15:12 - 2014-04-14 13:27 - 00271360 _____ () C:\Users\mtejada\Desktop\MTejada Archive.pst
2014-03-21 11:36 - 2014-03-21 12:08 - 00066048 _____ () C:\Users\mtejada\Desktop\MT lunchappt no 3rd parties.xls
2014-03-21 11:04 - 2014-03-31 15:39 - 00109056 _____ () C:\Users\mtejada\Desktop\MT-DC_Contacts w 3rd parties.xls
2014-03-21 11:04 - 2014-03-21 11:34 - 00080896 _____ () C:\Users\mtejada\Desktop\DC no 3rd Lunch Invites.xls
2014-03-18 12:01 - 2014-03-18 12:01 - 00061952 _____ () C:\Users\mtejada\Documents\FW HB Post What's Happening.msg
 
==================== One Month Modified Files and Folders =======
 
2014-04-17 12:11 - 2014-04-17 12:11 - 00000000 ____D () C:\FRST
2014-04-17 12:11 - 2009-07-14 01:13 - 00841732 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-17 12:10 - 2011-12-22 09:54 - 00000000 ____D () C:\Users\mtejada\AppData\Roaming\Dropbox
2014-04-17 12:09 - 2014-01-09 12:19 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 12:09 - 2013-10-10 08:09 - 00000416 _____ () C:\windows\Tasks\PC Help 24x7 logon.job
2014-04-17 12:09 - 2011-04-21 04:50 - 01587813 _____ () C:\windows\WindowsUpdate.log
2014-04-17 12:05 - 2012-04-13 11:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 11:55 - 2011-08-11 15:36 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581641037-551173555-1990678075-2829UA.job
2014-04-17 11:53 - 2014-02-05 11:17 - 00000300 _____ () C:\windows\Tasks\Digital Sites.job
2014-04-17 11:48 - 2014-04-17 11:48 - 00000000 ____D () C:\ProgramData\Norton
2014-04-17 11:48 - 2014-04-17 11:48 - 00000000 ____D () C:\NPE
2014-04-17 11:41 - 2014-01-09 12:19 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 11:36 - 2009-07-14 00:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 11:36 - 2009-07-14 00:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 11:28 - 2013-01-22 12:53 - 00021883 _____ () C:\windows\setupact.log
2014-04-17 11:28 - 2011-03-04 06:56 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-17 11:28 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-17 09:42 - 2011-06-28 07:55 - 00000000 ___RD () C:\Users\mtejada\Virtual Machines
2014-04-17 09:42 - 2011-06-28 07:55 - 00000000 ___RD () C:\Users\mtejada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 09:42 - 2011-06-28 07:55 - 00000000 ___RD () C:\Users\mtejada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 09:42 - 2011-06-28 07:54 - 00000000 ____D () C:\Users\mtejada
2014-04-17 09:42 - 2011-03-04 07:04 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-17 09:24 - 2013-01-25 09:03 - 00119722 _____ () C:\windows\PFRO.log
2014-04-17 08:56 - 2011-06-27 14:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-17 08:55 - 2011-08-11 15:36 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581641037-551173555-1990678075-2829Core.job
2014-04-17 08:54 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
2014-04-17 08:46 - 2014-04-17 08:46 - 00058288 _____ (Symantec Corporation) C:\windows\system32\snacnp.dll
2014-04-17 08:07 - 2012-08-16 20:52 - 00001396 __RSH () C:\Users\mtejada\ntuser.pol
2014-04-17 08:07 - 2011-12-22 09:56 - 00000000 ___RD () C:\Users\mtejada\Dropbox
2014-04-17 08:07 - 2011-06-27 14:55 - 00000136 _____ () C:\windows\system32\config\netlogon.ftl
2014-04-16 16:40 - 2013-10-17 15:23 - 00000492 __RSH () C:\Users\chaz.GMCVB.000\ntuser.pol
2014-04-16 16:40 - 2013-10-17 15:23 - 00000000 ____D () C:\Users\chaz.GMCVB.000
2014-04-16 16:28 - 2013-11-18 09:09 - 00439296 _____ () C:\windows\system32\AdpeakProxy64.dll
2014-04-16 09:58 - 2013-01-24 12:38 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6C57247F-BB86-418D-B0F3-DFC2E86C513A}
2014-04-14 13:27 - 2014-04-09 15:12 - 00271360 _____ () C:\Users\mtejada\Desktop\MTejada Archive.pst
2014-04-14 11:00 - 2011-10-21 09:23 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMTejada
2014-04-14 11:00 - 2011-10-21 09:23 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForMTejada.job
2014-04-14 08:04 - 2012-09-18 14:32 - 00000390 _____ () C:\windows\Tasks\Regwork.job
2014-04-10 06:38 - 2011-06-27 13:12 - 00003226 _____ () C:\windows\System32\Tasks\HPCeeScheduleForGMCVB-LT3199$
2014-04-10 06:38 - 2011-06-27 13:12 - 00000350 _____ () C:\windows\Tasks\HPCeeScheduleForGMCVB-LT3199$.job
2014-04-09 16:59 - 2011-11-02 19:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-09 16:59 - 2011-10-19 08:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-04-04 08:50 - 2011-08-11 15:36 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-581641037-551173555-1990678075-2829UA
2014-04-04 08:50 - 2011-08-11 15:36 - 00003498 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-581641037-551173555-1990678075-2829Core
2014-04-03 08:07 - 2011-06-27 15:02 - 00000000 ____D () C:\Program Files (x86)\Destination 3000-SQL
2014-04-02 14:50 - 2014-03-17 11:24 - 13385674 _____ () C:\Users\mtejada\Desktop\HB GMCVB powerpoint.pptx
2014-04-02 08:35 - 2014-01-09 12:19 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 08:35 - 2014-01-09 12:19 - 00003644 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 15:39 - 2014-03-21 11:04 - 00109056 _____ () C:\Users\mtejada\Desktop\MT-DC_Contacts w 3rd parties.xls
2014-03-31 15:32 - 2014-02-28 10:34 - 00015649 _____ () C:\Users\mtejada\Desktop\DC Luncheon Invites.xlsx
2014-03-21 12:08 - 2014-03-21 11:36 - 00066048 _____ () C:\Users\mtejada\Desktop\MT lunchappt no 3rd parties.xls
2014-03-21 11:34 - 2014-03-21 11:04 - 00080896 _____ () C:\Users\mtejada\Desktop\DC no 3rd Lunch Invites.xls
2014-03-18 12:01 - 2014-03-18 12:01 - 00061952 _____ () C:\Users\mtejada\Documents\FW HB Post What's Happening.msg
 
Some content of TEMP:
====================
C:\Users\chaz.GMCVB.000\AppData\Local\Temp\tbSwee.dll
C:\Users\HelpDesk\AppData\Local\Temp\MSNA30.exe
C:\Users\mtejada\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\mtejada\AppData\Local\Temp\BackupSetup.exe
C:\Users\mtejada\AppData\Local\Temp\dpinst.exe
C:\Users\mtejada\AppData\Local\Temp\Extract.exe
C:\Users\mtejada\AppData\Local\Temp\family-feud-battle-of-the-sexes_s1_l1_gF5841T1L1_d1423356216.exe
C:\Users\mtejada\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\mtejada\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\mtejada\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\mtejada\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\mtejada\AppData\Local\Temp\msvcp100.dll
C:\Users\mtejada\AppData\Local\Temp\msvcr100.dll
C:\Users\mtejada\AppData\Local\Temp\nsa5036.tmp.tbTV_B.dll
C:\Users\mtejada\AppData\Local\Temp\oi_{FE20669D-B24F-401F-A478-87FB5BB658D7}.exe
C:\Users\mtejada\AppData\Local\Temp\Resource.exe
C:\Users\mtejada\AppData\Local\Temp\setup.exe
C:\Users\mtejada\AppData\Local\Temp\SP52437.exe
C:\Users\mtejada\AppData\Local\Temp\SP52568.exe
C:\Users\mtejada\AppData\Local\Temp\SP52637.exe
C:\Users\mtejada\AppData\Local\Temp\SP52659.exe
C:\Users\mtejada\AppData\Local\Temp\SP52868.exe
C:\Users\mtejada\AppData\Local\Temp\SP53380.exe
C:\Users\mtejada\AppData\Local\Temp\SP53628.exe
C:\Users\mtejada\AppData\Local\Temp\SP53631.exe
C:\Users\mtejada\AppData\Local\Temp\SP53794.exe
C:\Users\mtejada\AppData\Local\Temp\SP53795.exe
C:\Users\mtejada\AppData\Local\Temp\SP53796.exe
C:\Users\mtejada\AppData\Local\Temp\SP54149.exe
C:\Users\mtejada\AppData\Local\Temp\sp54373.exe
C:\Users\mtejada\AppData\Local\Temp\SP54569.exe
C:\Users\mtejada\AppData\Local\Temp\SP54614.exe
C:\Users\mtejada\AppData\Local\Temp\sp54620.exe
C:\Users\mtejada\AppData\Local\Temp\SP54714.exe
C:\Users\mtejada\AppData\Local\Temp\SP54772.exe
C:\Users\mtejada\AppData\Local\Temp\SP55156.exe
C:\Users\mtejada\AppData\Local\Temp\SP55224.exe
C:\Users\mtejada\AppData\Local\Temp\SP55574.exe
C:\Users\mtejada\AppData\Local\Temp\SP56037.exe
C:\Users\mtejada\AppData\Local\Temp\SP56247.exe
C:\Users\mtejada\AppData\Local\Temp\SP56282.exe
C:\Users\mtejada\AppData\Local\Temp\SP56290.exe
C:\Users\mtejada\AppData\Local\Temp\SP56488.exe
C:\Users\mtejada\AppData\Local\Temp\SP56699.exe
C:\Users\mtejada\AppData\Local\Temp\SP56729.exe
C:\Users\mtejada\AppData\Local\Temp\SP56876.exe
C:\Users\mtejada\AppData\Local\Temp\SP56878.exe
C:\Users\mtejada\AppData\Local\Temp\SP57014.exe
C:\Users\mtejada\AppData\Local\Temp\SP57086.exe
C:\Users\mtejada\AppData\Local\Temp\SP57275.exe
C:\Users\mtejada\AppData\Local\Temp\SP57555.exe
C:\Users\mtejada\AppData\Local\Temp\SP57698.exe
C:\Users\mtejada\AppData\Local\Temp\SP57879.exe
C:\Users\mtejada\AppData\Local\Temp\SP58182.exe
C:\Users\mtejada\AppData\Local\Temp\sp58915.exe
C:\Users\mtejada\AppData\Local\Temp\SP59033.exe
C:\Users\mtejada\AppData\Local\Temp\SP59043.exe
C:\Users\mtejada\AppData\Local\Temp\SP59202.exe
C:\Users\mtejada\AppData\Local\Temp\SP59291.exe
C:\Users\mtejada\AppData\Local\Temp\SP59339.exe
C:\Users\mtejada\AppData\Local\Temp\SP59529.exe
C:\Users\mtejada\AppData\Local\Temp\SP60365.exe
C:\Users\mtejada\AppData\Local\Temp\SP60504.exe
C:\Users\mtejada\AppData\Local\Temp\SP60630.exe
C:\Users\mtejada\AppData\Local\Temp\SP61138.exe
C:\Users\mtejada\AppData\Local\Temp\SP62449.exe
C:\Users\mtejada\AppData\Local\Temp\SP62738.exe
C:\Users\mtejada\AppData\Local\Temp\sp64126.exe
C:\Users\mtejada\AppData\Local\Temp\SpOrder.dll
C:\Users\mtejada\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\mtejada\AppData\Local\Temp\tbedrs.dll
C:\Users\mtejada\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\mtejada\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\mtejada\AppData\Local\Temp\UninstallHPTCA.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2014-04-14 08:54
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   35.06KB   0 downloads


BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:18 PM

Posted 18 April 2014 - 12:15 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:18 PM

Posted 29 April 2014 - 04:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users