Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple DLLHOST.EXE and CHROME.EXE*32


  • This topic is locked This topic is locked
3 replies to this topic

#1 ibrich71

ibrich71

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 01 November 2014 - 03:07 PM

Getting hit by the multiple dllhost.exe and chrome.exe.

 

Trying to get fff5.ee.com, nemo-finder.me

 

C:\Windows/SysWOW64\dllhost.exe

 

IP addresses trying to get to:

95.215.1.57

88.214.193.211

193.169.244.216

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by Rich at 14:47:07 on 2014-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.2993 [GMT -5:00]
.
AV: Trend Micro Maximum Security *Enabled/Updated* {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Maximum Security *Enabled/Updated* {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = localhost:8118
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Trend Micro Password Manager BHO: {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Trend Micro Password Manager ToolBar: {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Rich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_F4A0C51D1A92B691D4D2455D23409767] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22TAT12K05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{19524B9D-7755-4EC1-B9C8-DEE6003D7CB0}\255737862557C65637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{19524B9D-7755-4EC1-B9C8-DEE6003D7CB0}\C496E6B63797370303236383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{83CD1AE4-97D5-41C7-808B-25F93F9D1CC6} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Trend Micro Password Manager BHO: {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll
x64-BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-TB: Trend Micro Password Manager ToolBar: {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Platinum] "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
x64-Run: [PwmConsole.exe] "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-RunOnce: [8bb366d8-3e44-497a-a2c7-b22d014f335c] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
x64-RunOnce: [ea827ef6-f09e-411a-bc8c-49684499f68c] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [078cc855-9793-4453-a497-8ca6ce1baa92] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [40436497-33b7-4275-b4b0-830a72ea084d] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [2a57028b-0783-43ec-9e65-90305526c3e8] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [6e68d53d-fe53-48c0-88ed-2d0b88250ed0] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [8a04c90f-4ada-44d3-ae32-25951c274ec5] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [81c36ecd-469a-4f6e-aa3c-1fb0b98163fb] REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [5bdc99c6-50c8-4a66-bff2-34b212801937] REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [e96bdf00-8b3b-445f-9e00-112d067edd77] REG DELETE HKEY_CLASSES_ROOT\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [ade13177-be2f-4a3e-9f15-81c75fb76cf1] REG DELETE HKEY_CLASSES_ROOT\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [1a658937-c979-4c29-86f7-9ede4490c48d] REG DELETE HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [68c97fca-22d4-4eac-8fca-8aa5439bce37] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [0474e35e-c051-4018-a0a7-b8713bcb3ba0] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [39d66873-fb19-42ec-916a-0415e2c8b97d] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [b0cbf4ed-375c-47ea-89fd-30efb1d3c80b] C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe
x64-RunOnce: [6e453490-4795-4527-bbba-caaa46e65213] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
x64-RunOnce: [351c6765-dbfc-4b4a-8f8f-e1fd065a0030] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [dd2ae0a6-92c0-4db4-82c2-935c47cff397] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [4529a5a8-7caf-41fe-87be-a1350addb87b] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [fe0c437d-2485-42da-96cd-6782a6bbc14e] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [1f79e13f-4f03-4d92-b297-1905c9e0f214] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [0bcb0f28-5f3f-47fd-afaa-1a6f8a74ffa5] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [3387049e-0c1b-445b-8fb4-c9f69f99854d] REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [6933d6ba-cf76-49e1-ba12-e588f4dc9dcf] REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [b1d17fe7-7515-4ae0-abd9-b51c8c896e72] REG DELETE HKEY_CLASSES_ROOT\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [699bfaa8-4a15-4491-982d-bd4d05c4e2e9] REG DELETE HKEY_CLASSES_ROOT\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [29e3a2f6-9c38-4b8e-a50b-c0f84fa534d6] REG DELETE HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [ab09067a-4344-4ffb-8dc1-23758f840635] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [1a951cf4-2d63-4219-92ef-6b0a2890a3af] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [90d8eeed-ff26-428b-af29-4fca981f3432] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [1e786a5a-31a1-48d2-ac5a-e50f19d77c9e] C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe
x64-RunOnce: [fb3650dd-c9fe-4150-aea7-28846e4d1f10] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\kbfilter.inf
x64-RunOnce: [5b8b366b-0a26-44df-ae2a-276ed6b1ab71] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [5d3bc787-a8af-47aa-b4cd-026dd6ded15d] REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn /f
x64-RunOnce: [db6f41c2-2832-48c0-9bb5-2cb8c9c44db5] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [67bd879f-c480-46ba-8e97-82a6a91a2091] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [6ae6cfdd-7b50-42d5-9c81-c5f3dcccf41e] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg /f /v update_url /d https://clients2.google.com/service/update2/crx
x64-RunOnce: [d191e3db-aa23-42ce-bbb5-63776b447a8c] REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [9eec4872-ca0b-4522-9503-35f4d35751e8] REG ADD HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [5a5cdba8-d7b7-41da-969b-9c8725be5e58] REG ADD HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.trendmicro.directpass /f /v "" /d "C:\Program Files\Trend Micro\TMIDS\PwmNativeMessaging\manifest.json"
x64-RunOnce: [d62b6b7a-f21d-4810-a8ea-aedf56aaabfc] REG DELETE HKEY_CLASSES_ROOT\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [cd23842e-ba20-403e-89b1-df65e02f1c5a] REG DELETE HKEY_CLASSES_ROOT\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [977ab37d-13a6-4673-be20-a0f09643fd7f] REG DELETE HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [9a1bcf3e-3da9-4b31-831d-985d10698283] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} /v LocalizedString /f
x64-RunOnce: [b8c4e3ab-2a4f-4cc3-bf55-0744de7da4ba] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C96A30C3-E55D-42E5-BE76-487E17873F1F} /v LocalizedString /f
x64-RunOnce: [53ffe5b3-f2a4-4651-ad6e-d9ff25e23f9c] REG DELETE HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} /v LocalizedString /f
x64-RunOnce: [acbac179-2b96-47a8-a7ac-e01709e50b66] C:\Program Files\Trend Micro\TMIDS\PwmChromeGPOMod.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\3qddhyc1.default\
FF - prefs.js: browser.startup.homepage - www.jsonline.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Enounce\MySpeed\npmyspd.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Rich\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rich\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Rich\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
FF - ExtSQL: !HIDDEN! 2013-12-06 18:36; emily@wilford.biz; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2014-10-27 50976]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-9-21 70296]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2014-10-27 93664]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-10-27 308344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\drivers\tmusa.sys [2014-10-27 106296]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-28 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-28 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-9-16 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-9-16 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2014-10-27 106296]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2014-10-27 407864]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-8-16 39832]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/25 01:51:07;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-25 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-10-25 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-25 39464]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-9-16 70112]
S3 kbfilter;kbfilter;C:\Windows\System32\drivers\kbfilter.sys [2014-10-27 67408]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-9-16 106552]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-19 56832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-10-29 00:53:54    25136    ----a-w-    C:\Windows\DCEBoot64.exe
2014-10-29 00:52:26    236080    ----a-w-    C:\Windows\RegBootClean64.exe
2014-10-29 00:20:31    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-29 00:18:05    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-29 00:18:05    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-29 00:18:05    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-29 00:18:05    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-29 00:18:05    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 23:52:48    --------    d-sh--w-    C:\found.000
2014-10-28 01:56:04    98    ----a-w-    C:\install.bat
2014-10-28 01:56:04    81    ----a-w-    C:\uninstall.bat
2014-10-28 01:56:04    67408    ----a-w-    C:\Windows\System32\drivers\kbfilter.sys
2014-10-28 01:56:04    67408    ----a-w-    C:\kbfilter.sys
2014-10-28 01:15:35    --------    d--h--w-    C:\TMRescueDisk
2014-10-28 01:12:42    106296    ----a-w-    C:\Windows\System32\drivers\tmeevw.sys
2014-10-28 01:12:41    407864    ----a-w-    C:\Windows\System32\drivers\tmnciesc.sys
2014-10-28 01:11:53    93664    ----a-w-    C:\Windows\System32\drivers\tmevtmgr.sys
2014-10-28 01:11:53    305832    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-10-28 01:11:53    121944    ----a-w-    C:\Windows\System32\drivers\tmactmon.sys
2014-10-28 01:11:50    50976    ----a-w-    C:\Windows\System32\drivers\TMEBC64.sys
2014-10-28 01:11:43    106296    ----a-w-    C:\Windows\System32\drivers\tmusa.sys
2014-10-28 01:07:05    59    ----a-w-    C:\Windows\System32\SupportTool.exe.bat
2014-10-28 01:01:05    --------    d-----w-    C:\Program Files\Trend Micro
2014-10-28 01:00:47    --------    d-----w-    C:\ProgramData\Trend Micro
2014-10-28 00:45:10    --------    d-----w-    C:\Users\Rich\AppData\Local\Trend Micro
2014-10-25 23:18:45    87200    ----a-w-    C:\ProgramData\wrnhoah.tmp
2014-10-25 22:45:39    --------    d-----w-    C:\Users\Rich\AppData\Roaming\Huqyegew
2014-10-25 22:42:57    --------    d--h--w-    C:\8496cbe
2014-10-25 22:22:34    0    ----a-w-    C:\Windows\System32\cfujg.dll
2014-10-25 22:22:30    70656    ----a-w-    C:\Windows\System32\gtupfv.dll
2014-10-17 00:22:10    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-17 00:22:08    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2014-10-17 00:22:08    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-17 00:22:08    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-17 00:22:08    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-17 00:22:08    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-17 00:22:08    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-17 00:22:02    507392    ----a-w-    C:\Windows\System32\aepdu.dll
2014-10-17 00:22:02    276480    ----a-w-    C:\Windows\System32\generaltel.dll
2014-10-17 00:22:01    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-10-17 00:18:40    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-10-05 01:09:47    --------    d-----w-    C:\Users\Rich\AppData\Local\Skype
2014-10-05 01:09:36    --------    d-----r-    C:\Program Files (x86)\Skype
2014-10-04 21:04:12    --------    d-----w-    C:\Users\Rich\AppData\Local\Diagnostics
.
==================== Find3M  ====================
.
2014-10-25 14:33:39    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-25 14:33:39    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-22 06:42:39    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-10 15:23:12    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 14:53:56.86 ===============
 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 05 November 2014 - 12:17 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 09 November 2014 - 12:00 PM

Hi,

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 10 November 2014 - 12:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users