Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Excessive Dllhost and iexplorer.exe running


  • This topic is locked This topic is locked
7 replies to this topic

#1 fall_difh

fall_difh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 09 November 2014 - 01:26 PM

Hi I was wondering if you could help me with this problem. I actually started typing this thread on my computer but the thing crashed due to a ridiculous dllhost eating all of my memory. It was actually the first time I've crashed since I noticed this on my computer a day ago

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Greg at 19:58:43 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.751 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\AutoKMS\AutoKMS.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\runservice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\sarconsogulpe\sarconsogulpe.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\alg.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\ProgramData\Premium\VaudiX\VaudiX.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Windows\SysWOW64\C2MP\TrayMenu.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Greg\AppData\Local\YdrtPack\lyn9MGv4tk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\syswow64\dllhost.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\windows\syswow64\dllhost.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\windows\SysWOW64\wermgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [YdrtPack] C:\Users\Greg\AppData\Local\YdrtPack\lyn9MGv4tk.exe
uRun: [Only-search] C:\Users\Greg\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe
uRun: [Amjlworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Greg\AppData\Local\YdrtPack\PWCLIB.DLL
uRun: [Utffmedia] regsvr32.exe C:\Users\Greg\AppData\Local\Utffmedia\hpd5400t.DLL
uRun: [{67D0E6A3-B340-B9A1-616B-82CC490D0D5C}] C:\Users\Greg\AppData\Roaming\Ugen\odgoi.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\2656C6B696E6E2332316E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\455616D6D496E676F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\643474F405 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\742756762E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\96E63796768647F577966696F503338303 : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\C696E6B6379737 : DHCPNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{2D8CE850-2030-480D-8107-596B2ECEFD46} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3C3154DB-B8A4-4C37-B974-A2267F5E36E4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{88440206-3121-42CD-9871-9C6B8D1F3639} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A71E494F-0CD6-4C77-A509-7A8660F75660} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B35E4412-83A8-4661-876D-14623DF2199F} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/30&hid=3896585323&lg=EN&cc=US&l=1&q=
FF - ExtSQL: !HIDDEN! 1970-05-29 17:36; {4D7DE621-D61C-89A8-CEC6-0FB15A4CE838}; - 
.
---- FIREFOX POLICIES ----
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-11-1 79488]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-11-1 40064]
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\windows\System32\drivers\BFRD4G.sys [2013-4-20 47232]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\windows\System32\drivers\bftpdskc64.sys [2013-4-20 72016]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2014-4-12 283064]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-12-24 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-6-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-6-15 91296]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-6-12 2560]
R2 sarconsogulpe;sarconsogulpe;C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-6-15 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-6-15 259744]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2011-6-15 109216]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-6-15 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-6-15 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-6-15 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-6-15 283296]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-6-15 289440]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-12-24 138024]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-24 533096]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-12-24 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe --> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\windows\System32\drivers\bftpusbx64.sys [2013-4-20 20608]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-16 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-12-24 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-08 04:39:41 -------- d-----w- C:\FRST
2014-11-08 03:28:31 -------- d-----w- C:\$RECYCLE.BIN
2014-11-08 02:26:49 98816 ----a-w- C:\windows\sed.exe
2014-11-08 02:26:49 256000 ----a-w- C:\windows\PEV.exe
2014-11-08 02:26:49 208896 ----a-w- C:\windows\MBR.exe
2014-11-08 02:26:37 -------- d-----w- C:\ComboFix
2014-11-07 00:34:47 -------- d-----w- C:\Users\Greg\AppData\Roaming\Usidma
2014-11-07 00:26:24 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-07 00:26:03 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-07 00:26:03 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-07 00:26:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 23:33:22 326656 ----a-w- C:\windows\SysWow64\temp.012
2014-11-06 22:56:56 -------- d-----w- C:\Users\Greg\AppData\Local\Utffmedia
2014-11-06 22:56:42 -------- d-sh--w- C:\Users\Greg\AppData\Local\EmieUserList
2014-11-06 22:56:42 -------- d-sh--w- C:\Users\Greg\AppData\Local\EmieSiteList
2014-11-06 22:55:13 -------- d-----w- C:\Users\Greg\AppData\Roaming\BabSolution
2014-11-06 22:54:59 -------- d-----w- C:\Users\Greg\AppData\Local\YdrtPack
2014-11-04 22:20:19 -------- d-----w- C:\Adownloader
2014-10-16 22:38:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-16 22:38:44 -------- d-----w- C:\Program Files\iTunes
2014-10-16 22:38:44 -------- d-----w- C:\Program Files\iPod
2014-10-16 22:38:44 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-15 13:41:22 507392 ----a-w- C:\windows\System32\aepdu.dll
2014-10-15 13:34:38 3241472 ----a-w- C:\windows\System32\msi.dll
2014-10-15 13:34:38 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-15 13:27:57 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-15 13:26:29 424448 ----a-w- C:\windows\System32\rastls.dll
2014-10-15 13:26:29 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-10-15 13:11:41 681984 ----a-w- C:\windows\System32\termsrv.dll
2014-10-15 13:11:41 235520 ----a-w- C:\windows\System32\winsta.dll
2014-10-15 13:11:41 157696 ----a-w- C:\windows\SysWow64\winsta.dll
2014-10-15 13:11:40 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-10-15 13:11:40 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-10-15 13:11:40 455168 ----a-w- C:\windows\System32\winlogon.exe
2014-10-15 13:11:40 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2014-10-15 13:11:40 22016 ----a-w- C:\windows\System32\credssp.dll
2014-10-15 13:11:40 212480 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2014-10-15 13:11:40 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-10-15 13:11:40 150528 ----a-w- C:\windows\System32\rdpcorekmts.dll
2014-10-15 13:10:55 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-10-15 13:10:54 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-10-15 13:10:45 77312 ----a-w- C:\windows\System32\packager.dll
2014-10-15 13:10:45 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-15 02:19:26 -------- d-----w- C:\Downloads
2014-10-15 02:19:18 -------- d-----w- C:\Users\Greg\AppData\Roaming\BitComet
2014-10-14 20:35:02 -------- d-----w- C:\Users\Greg\AppData\Roaming\avidemux
2014-10-14 20:34:53 -------- d-----w- C:\Program Files\Avidemux 2.6 - 64bits
2014-10-14 20:33:14 16456460 ----a-w- C:\Program Files (x86)\avidemux_2.6.8_win64_v2.exe
.
==================== Find3M  ====================
.
2014-11-10 00:54:09 8169 --sha-w- C:\windows\SysWow64\mmf.sys
2014-10-22 01:18:25 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-10 02:05:59 276480 ----a-w- C:\windows\System32\generaltel.dll
2014-10-10 02:00:38 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-01 16:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-23 23:46:23 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 23:46:23 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 20:05:34.58 ===============
 

Attached Files


Edited by fall_difh, 09 November 2014 - 08:09 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 14 November 2014 - 07:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555408 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fall_difh

fall_difh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 14 November 2014 - 09:46 PM

After another malwarebytes scan it looks like Im not having the dllhost issues it still comes up but it's not a ton at once but the iexplore.exe are running and using much more memory than before. No original windows CD here

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Greg at 21:32:16 on 2014-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.1971 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\runservice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\sarconsogulpe\sarconsogulpe.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\C2MP\TrayMenu.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\taskeng.exe
C:\ProgramData\Premium\VaudiX\VaudiX.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\windows\System32\alg.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\Dwm.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Only-search] C:\Users\Greg\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe
uRun: [Utffmedia] regsvr32.exe C:\Users\Greg\AppData\Local\Utffmedia\hpd5400t.DLL
uRun: [Uhqgtvwo] regsvr32.exe /s "C:\Users\Greg\AppData\Local\{D33BB41E-D86E-4F72-8729-C5BF1C6F2B78}\Uhqgtvwo.dll"
uRun: [Amjlworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Greg\AppData\Local\YdrtPack\AcroPDF.dll
uRun: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\2656C6B696E6E2332316E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\455616D6D496E676F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\643474F405 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\742756762E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{21BB48BE-2053-4FDE-8BED-2AEC4AE71B08}\96E63796768647F577966696F503338303 : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{2D8CE850-2030-480D-8107-596B2ECEFD46} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{3C3154DB-B8A4-4C37-B974-A2267F5E36E4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{88440206-3121-42CD-9871-9C6B8D1F3639} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{A71E494F-0CD6-4C77-A509-7A8660F75660} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B35E4412-83A8-4661-876D-14623DF2199F} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/30&hid=3896585323&lg=EN&cc=US&l=1&q=
FF - ExtSQL: !HIDDEN! 1970-05-29 17:36; {4D7DE621-D61C-89A8-CEC6-0FB15A4CE838}; - 
.
---- FIREFOX POLICIES ----
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-11-1 79488]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-11-1 40064]
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\windows\System32\drivers\BFRD4G.sys [2013-4-20 47232]
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\windows\System32\drivers\bftpdskc64.sys [2013-4-20 72016]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2014-4-12 283064]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-12-24 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-6-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-6-15 91296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-6-12 2560]
R2 sarconsogulpe;sarconsogulpe;C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\sarconsogulpe\sarconsogulpe.exe run options=00001009990000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-6-15 29344]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-12-24 138024]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-24 533096]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-12-24 53376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe --> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-6-15 36000]
S3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\windows\System32\drivers\bftpusbx64.sys [2013-4-20 20608]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-6-15 259744]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2011-6-15 109216]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-6-15 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-6-15 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-6-15 283296]
S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-6-15 289440]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-16 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-12-24 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-15 01:12:26 -------- d-sh--w- C:\Users\Greg\AppData\Local\EmieBrowserModeList
2014-11-12 21:02:59 742400 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-11-12 21:00:59 1882624 ----a-w- C:\windows\System32\msxml3.dll
2014-11-12 21:00:58 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-11-12 21:00:58 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-11-12 21:00:58 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-11-11 16:41:21 -------- d-----w- C:\Users\Greg\AppData\Roaming\Electronic Arts
2014-11-11 16:37:42 -------- d-----w- C:\Users\Greg\AppData\Local\Unity
2014-11-08 04:39:41 -------- d-----w- C:\FRST
2014-11-08 03:28:31 -------- d-----w- C:\$RECYCLE.BIN
2014-11-08 02:26:49 98816 ----a-w- C:\windows\sed.exe
2014-11-08 02:26:49 256000 ----a-w- C:\windows\PEV.exe
2014-11-08 02:26:49 208896 ----a-w- C:\windows\MBR.exe
2014-11-08 02:26:37 -------- d-----w- C:\ComboFix
2014-11-07 00:34:47 -------- d-----w- C:\Users\Greg\AppData\Roaming\Usidma
2014-11-07 00:26:24 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-07 00:26:03 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-07 00:26:03 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-07 00:26:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 23:33:22 326656 ----a-w- C:\windows\SysWow64\temp.012
2014-11-06 22:56:56 -------- d-----w- C:\Users\Greg\AppData\Local\Utffmedia
2014-11-06 22:56:42 -------- d-sh--w- C:\Users\Greg\AppData\Local\EmieUserList
2014-11-06 22:56:42 -------- d-sh--w- C:\Users\Greg\AppData\Local\EmieSiteList
2014-11-06 22:55:13 -------- d-----w- C:\Users\Greg\AppData\Roaming\BabSolution
2014-11-06 22:54:59 -------- d-----w- C:\Users\Greg\AppData\Local\YdrtPack
2014-11-04 22:20:19 -------- d-----w- C:\Adownloader
2014-10-22 19:05:36 5680856 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 19:05:36 5382328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-22 19:01:20 7764184 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 19:01:20 7538872 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-16 22:38:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-16 22:38:44 -------- d-----w- C:\Program Files\iTunes
2014-10-16 22:38:44 -------- d-----w- C:\Program Files\iPod
2014-10-16 22:38:44 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-11-15 01:35:17 8169 --sha-w- C:\windows\SysWow64\mmf.sys
2014-11-12 16:46:26 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 16:46:26 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-22 01:18:25 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 20:33:46 16456460 ----a-w- C:\Program Files (x86)\avidemux_2.6.8_win64_v2.exe
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-10-01 16:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 21:35:04.90 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:43 AM

Posted 15 November 2014 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Wait for further instructions.

#5 fall_difh

fall_difh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 15 November 2014 - 12:15 PM

RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Greg [Administrator]
Mode : Delete -- Date : 11/15/2014  12:10:22
 
¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] Runservice.exe -- C:\windows\runservice.exe[-] -> Killed [TermProc]
[Suspicious.Path] VaudiX.exe -- C:\ProgramData\Premium\VaudiX\VaudiX.exe[-] -> Killed [TermProc]
[Tr.Poweliks] dllhost.exe -- C:\windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 38 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Only-search : C:\Users\Greg\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Utffmedia : regsvr32.exe C:\Users\Greg\AppData\Local\Utffmedia\hpd5400t.DLL [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Uhqgtvwo : regsvr32.exe /s "C:\Users\Greg\AppData\Local\{D33BB41E-D86E-4F72-8729-C5BF1C6F2B78}\Uhqgtvwo.dll" [7][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Amjlworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Greg\AppData\Local\YdrtPack\AcroPDF.dll [x] -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Only-search : C:\Users\Greg\AppData\Local\onlysearch\onlysearch\1.3.15.4\onlysearch.exe  -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Utffmedia : regsvr32.exe C:\Users\Greg\AppData\Local\Utffmedia\hpd5400t.DLL  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Uhqgtvwo : regsvr32.exe /s "C:\Users\Greg\AppData\Local\{D33BB41E-D86E-4F72-8729-C5BF1C6F2B78}\Uhqgtvwo.dll"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Run | Amjlworks : C:\Windows\SysWOW64\regsvr32.exe C:\Users\Greg\AppData\Local\YdrtPack\AcroPDF.dll  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LicCtrlService -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicCtrlService -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicCtrlService (C:\windows\runservice.exe) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2D8CE850-2030-480D-8107-596B2ECEFD46} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2D8CE850-2030-480D-8107-596B2ECEFD46} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2D8CE850-2030-480D-8107-596B2ECEFD46} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-1255701476-2273990348-714479081-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[IE:Addon] System : Bing Bar [{eec0f710-38b5-4aba-99bf-ec87564a4e13}] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 5100ce8d7e12944d123e64e300a63c5c
[BSP] a781be82f1efd7644017320ebd108ea0 : Kiwi MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 182272 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 373499904 | Size: 273059 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 932724736 | Size: 21508 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_11152014_120722.log
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Greg (administrator) on GREG-PC on 15-11-2014 12:12:39
Running from C:\Users\Greg\Desktop
Loaded Profile: Greg (Available profiles: Greg)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\sarconsogulpe\sarconsogulpe.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-06-15] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [Google Update] => C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-11] (Google Inc.)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk
ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
BootExecute: autocheck autochk *  /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - %EasyLifeSearch_IESearchEngineGuid% URL = http://search.easylifeapp.com/?q={searchTerms}
SearchScopes: HKCU - %EasyLifeSearch_IESearchEngineGuid% URL = http://search.easylifeapp.com/?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1255701476-2273990348-714479081-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A71E494F-0CD6-4C77-A509-7A8660F75660}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default
FF DefaultSearchEngine: Search The Web (Only-Search)
FF DefaultSearchUrl: hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/30&hid=3896585323&lg=EN&cc=US&l=1&q=
FF SearchEngineOrder.1: EasyLife
FF SearchEngineOrder.1,S: EasyLife
FF SelectedSearchEngine,S: EasyLife
FF Keyword.URL: user_pref("keyword.URL","");
FF NewTab: user_pref("browser.newtab.url","");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1255701476-2273990348-714479081-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Greg\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1255701476-2273990348-714479081-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Greg\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1255701476-2273990348-714479081-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1255701476-2273990348-714479081-1000: electronicarts.com/GameFacePlugin -> C:\Users\Greg\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF user.js: detected! => C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\searchplugins\EasyLife.xml
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: LivePhotoAcquisitionWizard - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\Extensions\{4D7DE621-D61C-89A8-CEC6-0FB15A4CE838} [2014-11-06]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-09-05]
FF Extension: Adblock Plus - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-13]
FF Extension: Greasemonkey - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-13]
FF Extension: Adblock Edge - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Adblock Plus) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-06]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Readium) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-11-06]
CHR Extension: (Luigi ) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdggfgjflojjegcheomoapfhdbeedfhb [2014-11-06]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-11-06]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-11-06]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-11]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11]
CHR Extension: (Adblock Plus) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11]
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11]
CHR Extension: (Readium) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-10-19]
CHR Extension: (Luigi ) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdggfgjflojjegcheomoapfhdbeedfhb [2014-03-28]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2013-12-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [bpkmdpcacpcmjefmpjimiibeghdnapin] - C:\ProgramData\Vaudix\bpkmdpcacpcmjefmpjimiibeghdnapin.crx []
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Greg\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-28]
CHR HKLM-x32\...\Chrome\Extension: [mnbimbggplfekkdiefllgeajhaoajkme] - C:\ProgramData\DownloadnSave\mnbimbggplfekkdiefllgeajhaoajkme.crx [2012-11-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe [266240 2014-09-20] () [File not signed]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [47232 2010-03-10] (BUFFALO INC.)
R0 bftpdskc64; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx64; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-12] (Disc Soft Ltd)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-02-08] (Windows ® 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 12:11 - 2014-11-15 12:11 - 00008985 _____ () C:\Users\Greg\Desktop\RKreport_DEL_11152014_121022.log
2014-11-15 11:50 - 2014-11-15 11:50 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-11-15 11:50 - 2014-11-15 11:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-15 11:48 - 2014-11-15 11:49 - 02116608 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2014-11-15 11:47 - 2014-11-15 11:48 - 17535064 _____ () C:\Users\Greg\Desktop\RogueKillerX64.exe
2014-11-14 21:45 - 2014-11-14 21:45 - 00006406 _____ () C:\Users\Greg\Desktop\attach.zip
2014-11-14 20:35 - 2014-11-14 20:35 - 00000000 ___RD () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-14 20:12 - 2014-11-14 20:12 - 00000000 __SHD () C:\Users\Greg\AppData\Local\EmieBrowserModeList
2014-11-14 16:04 - 2014-11-14 16:29 - 1056982793 _____ () C:\Users\Greg\Downloads\WWE.Friday.Night.SmackDown.2014.11.14.HDTV.x264-Ebi.mp4
2014-11-12 16:03 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 16:03 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 16:03 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 16:03 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-12 16:03 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 16:03 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-12 16:03 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 16:03 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-12 16:03 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 16:03 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:03 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 16:03 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:03 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 16:03 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:03 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 16:03 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 16:03 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 16:03 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 16:03 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 16:03 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-12 16:03 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 16:03 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 16:03 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:03 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 16:03 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 16:03 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 16:03 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 16:03 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 16:03 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 16:03 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 16:03 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 16:03 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-12 16:03 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 16:03 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-12 16:03 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 16:03 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 16:03 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 16:03 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:03 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 16:03 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 16:03 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 16:03 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 16:03 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 16:03 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 16:03 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 16:03 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 16:02 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 16:02 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 16:02 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-12 16:02 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 16:02 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 16:02 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 16:02 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 16:02 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-12 16:02 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 16:02 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 16:02 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 16:02 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:02 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 16:02 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 16:02 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-12 16:02 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 16:02 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 16:02 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 16:02 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 16:02 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:02 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 16:02 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 16:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 16:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 16:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 16:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 15:54 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 15:54 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 15:54 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 15:54 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 15:54 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 15:54 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 15:54 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 15:54 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 15:54 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 15:54 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 15:54 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 15:54 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 15:54 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 15:54 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 15:54 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 15:54 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 15:54 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 15:54 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 15:54 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-11 11:41 - 2014-11-11 11:41 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Electronic Arts
2014-11-11 11:37 - 2014-11-11 11:37 - 00000000 ____D () C:\Users\Greg\AppData\Local\Unity
2014-11-09 20:06 - 2014-11-14 21:44 - 00036239 _____ () C:\Users\Greg\Desktop\attach.txt
2014-11-09 20:06 - 2014-11-14 21:44 - 00028867 _____ () C:\Users\Greg\Desktop\dds.txt
2014-11-09 20:01 - 2014-11-14 20:42 - 00003758 _____ () C:\windows\System32\Tasks\AutoKMS
2014-11-09 19:57 - 2014-11-09 19:57 - 00688992 ____R (Swearware) C:\Users\Greg\Desktop\dds.com
2014-11-08 18:25 - 2014-11-08 18:39 - 723445386 _____ () C:\Users\Greg\Downloads\Copy of EVOLVE.2014.09.13.34.WEB-DL.flv
2014-11-08 08:42 - 2014-11-08 11:09 - 2409566772 _____ () C:\Users\Greg\Downloads\NJPW.2014.11.08.Power.Struggle.2014.iPPV.mkv
2014-11-07 23:42 - 2014-11-07 23:43 - 00048609 _____ () C:\Users\Greg\Desktop\Addition.txt
2014-11-07 23:40 - 2014-11-15 12:12 - 00025827 _____ () C:\Users\Greg\Desktop\FRST.txt
2014-11-07 23:39 - 2014-11-15 12:12 - 00000000 ____D () C:\FRST
2014-11-07 22:46 - 2014-11-07 22:46 - 00032748 _____ () C:\ComboFix.txt
2014-11-07 21:26 - 2014-11-07 22:46 - 00000000 ____D () C:\ComboFix
2014-11-07 21:26 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-07 21:26 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-07 21:26 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-07 21:26 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-07 21:26 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-07 21:26 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-07 21:26 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-07 21:26 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-07 21:24 - 2014-11-07 22:36 - 00000000 ____D () C:\Qoobox
2014-11-07 21:22 - 2014-11-07 22:36 - 00000000 ____D () C:\windows\erdnt
2014-11-07 21:19 - 2014-11-07 21:22 - 05593178 ____R (Swearware) C:\Users\Greg\Desktop\ComboFix.exe
2014-11-06 19:54 - 2014-11-06 19:56 - 00025329 _____ () C:\Users\Greg\AppData\Local\893686b8
2014-11-06 19:34 - 2014-11-06 19:35 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Usidma
2014-11-06 19:26 - 2014-11-14 20:18 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 19:26 - 2014-11-06 19:26 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 19:26 - 2014-11-06 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 19:26 - 2014-11-06 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 19:26 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-06 19:26 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-06 18:38 - 2014-11-06 18:38 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CBH
2014-11-06 18:34 - 2014-11-06 18:34 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grey Dog Software
2014-11-06 18:34 - 2014-11-06 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Dog Software
2014-11-06 18:34 - 1999-07-10 16:33 - 00278581 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01B
2014-11-06 18:34 - 1999-07-07 14:02 - 00007348 _____ () C:\windows\SysWOW64\Odbcjet.cnt
2014-11-06 18:34 - 1999-07-07 14:01 - 00171967 _____ () C:\windows\SysWOW64\Odbcjet.hlp
2014-11-06 18:34 - 1999-03-14 08:41 - 00553232 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01D
2014-11-06 18:34 - 1999-03-14 08:25 - 00422160 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01F
2014-11-06 18:34 - 1999-03-08 04:02 - 00598288 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.016
2014-11-06 18:34 - 1999-03-08 04:02 - 00164112 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.015
2014-11-06 18:34 - 1999-03-08 04:02 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.014
2014-11-06 18:34 - 1999-03-05 17:02 - 01499408 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.024
2014-11-06 18:34 - 1999-03-05 17:02 - 00241936 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01C
2014-11-06 18:34 - 1999-03-05 15:45 - 00053520 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.022
2014-11-06 18:34 - 1999-03-05 15:42 - 00499984 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.026
2014-11-06 18:34 - 1999-03-05 15:42 - 00209168 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.021
2014-11-06 18:34 - 1999-03-05 14:15 - 00831760 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.019
2014-11-06 18:34 - 1999-03-05 14:15 - 00614672 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.018
2014-11-06 18:34 - 1999-03-05 14:15 - 00315664 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01E
2014-11-06 18:34 - 1999-03-05 14:15 - 00311568 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.025
2014-11-06 18:34 - 1999-03-05 14:15 - 00286992 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.020
2014-11-06 18:34 - 1999-03-05 14:15 - 00229648 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.017
2014-11-06 18:34 - 1999-03-05 14:15 - 00151824 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.023
2014-11-06 18:34 - 1999-03-05 14:15 - 00074000 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrclr40.dll
2014-11-06 18:34 - 1999-03-05 14:15 - 00028944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrecr40.dll
2014-11-06 18:34 - 1999-02-07 16:00 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.01A
2014-11-06 18:34 - 1998-06-18 02:33 - 00030992 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.013
2014-11-06 18:34 - 1998-06-18 02:32 - 00378128 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.027
2014-11-06 18:33 - 2004-08-10 03:00 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.00C
2014-11-06 18:33 - 2001-08-10 00:01 - 00252176 _____ (Microsoft Corporation) C:\windows\SysWOW64\Msrd2x35.dll
2014-11-06 18:33 - 2001-08-09 22:54 - 00415504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrepl35.dll
2014-11-06 18:33 - 2001-08-09 22:53 - 01046288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet35.dll
2014-11-06 18:33 - 2001-08-09 22:50 - 00123664 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSJINT35.DLL
2014-11-06 18:33 - 2001-08-09 22:50 - 00024848 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSJTER35.DLL
2014-11-06 18:33 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.012
2014-11-06 18:33 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.00D
2014-11-06 18:33 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.00E
2014-11-06 18:33 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.010
2014-11-06 18:33 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.00F
2014-11-06 18:33 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.011
2014-11-06 18:33 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Vb5db.dll
2014-11-06 17:56 - 2014-11-06 17:57 - 00000000 ____D () C:\Users\Greg\AppData\Local\Utffmedia
2014-11-06 17:56 - 2014-11-06 17:56 - 00000000 __SHD () C:\Users\Greg\AppData\Local\EmieUserList
2014-11-06 17:56 - 2014-11-06 17:56 - 00000000 __SHD () C:\Users\Greg\AppData\Local\EmieSiteList
2014-11-06 17:55 - 2014-11-06 17:55 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\BabSolution
2014-11-06 17:54 - 2014-11-14 20:34 - 00000000 ____D () C:\Users\Greg\AppData\Local\YdrtPack
2014-11-06 17:54 - 2014-11-06 17:54 - 00003198 _____ () C:\windows\System32\Tasks\YourFileDownloader Installer Starter
2014-11-06 11:09 - 2014-11-06 11:09 - 00020956 _____ () C:\Users\Greg\Documents\Chris FAMU App confirmation.html
2014-11-06 11:09 - 2014-11-06 11:09 - 00000000 ____D () C:\Users\Greg\Documents\Chris FAMU App confirmation_files
2014-11-04 17:20 - 2014-11-04 17:25 - 00000000 ____D () C:\Adownloader
2014-11-04 17:20 - 2014-11-04 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adownloader
2014-10-21 12:53 - 2014-10-21 13:34 - 2180537591 _____ () C:\Users\Greg\Downloads\Best.Friends.with.Brian.Myers.mp4
2014-10-16 17:39 - 2014-10-16 17:39 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-16 17:39 - 2014-10-16 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-16 17:38 - 2014-10-16 17:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-16 17:38 - 2014-10-16 17:39 - 00000000 ____D () C:\Program Files\iTunes
2014-10-16 17:38 - 2014-10-16 17:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-16 17:38 - 2014-10-16 17:38 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-15 12:09 - 2013-05-31 19:51 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 12:00 - 2012-11-29 23:49 - 00000368 ____H () C:\windows\Tasks\VaudiXUpdaterTask{35792534-5545-4FBA-B01C-0BD2441126F1}.job
2014-11-15 11:46 - 2012-06-29 08:52 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 11:46 - 2012-06-11 16:45 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1255701476-2273990348-714479081-1000UA.job
2014-11-15 11:46 - 2011-12-24 22:16 - 01488505 _____ () C:\windows\WindowsUpdate.log
2014-11-14 23:26 - 2013-05-27 19:03 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\vlc
2014-11-14 22:03 - 2013-04-03 07:40 - 04409856 ___SH () C:\Users\Greg\Downloads\Thumbs.db
2014-11-14 20:47 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:47 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:46 - 2014-09-07 17:04 - 00456981 _____ () C:\windows\setupact.log
2014-11-14 20:44 - 2012-06-13 21:57 - 00000000 ____D () C:\Users\Greg\AppData\Local\CrashDumps
2014-11-14 20:42 - 2013-05-31 19:51 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 20:42 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-14 20:41 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-14 20:35 - 2012-06-12 12:03 - 00008169 ___SH () C:\windows\SysWOW64\mmf.sys
2014-11-14 20:34 - 2010-11-20 22:47 - 00570024 _____ () C:\windows\PFRO.log
2014-11-14 20:05 - 2009-07-13 23:45 - 00523808 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-14 20:00 - 2014-05-06 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-14 16:39 - 2012-06-11 16:45 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1255701476-2273990348-714479081-1000Core.job
2014-11-14 16:38 - 2012-07-02 15:39 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\uTorrent
2014-11-14 16:34 - 2012-06-11 16:45 - 00003876 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1255701476-2273990348-714479081-1000UA
2014-11-14 16:34 - 2012-06-11 16:45 - 00003480 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1255701476-2273990348-714479081-1000Core
2014-11-14 14:49 - 2014-02-08 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-14 14:48 - 2013-01-21 17:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 14:40 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini
2014-11-14 14:36 - 2013-07-18 09:41 - 00000000 ____D () C:\windows\system32\MRT
2014-11-14 14:36 - 2012-08-25 10:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-12 18:54 - 2014-05-12 15:46 - 00000000 ____D () C:\Users\Greg\Documents\Outlook Files
2014-11-12 18:54 - 2014-05-12 15:46 - 00000000 ____D () C:\Users\Greg\AppData\Local\4ABE1220-68C5-4FA8-80C7-74028F6DB5EF.aplzod
2014-11-12 16:04 - 2013-05-31 19:51 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 16:04 - 2013-05-31 19:51 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 11:46 - 2012-06-29 08:52 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 11:46 - 2012-06-29 08:52 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 11:46 - 2012-06-29 08:52 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-09 13:06 - 2009-07-14 00:13 - 00786558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-08 09:18 - 2012-06-11 18:34 - 00000000 ____D () C:\Program Files (x86)\GDS
2014-11-08 08:20 - 2013-11-14 17:17 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-11-08 08:17 - 2012-06-12 04:29 - 00000000 ____D () C:\Users\Greg\Documents\Bluetooth Folder
2014-11-07 23:51 - 2012-12-11 18:02 - 00000000 ___RD () C:\Dropbox
2014-11-07 23:51 - 2012-12-11 17:59 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Dropbox
2014-11-07 22:46 - 2014-07-29 00:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 22:29 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-11-07 21:59 - 2009-07-13 21:34 - 22806528 _____ () C:\windows\system32\config\system.bak
2014-11-07 21:59 - 2009-07-13 21:34 - 103284736 _____ () C:\windows\system32\config\software.bak
2014-11-07 21:59 - 2009-07-13 21:34 - 01572864 _____ () C:\windows\system32\config\default.bak
2014-11-07 21:59 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-11-07 21:59 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-11-06 21:06 - 2013-01-27 12:00 - 00000000 ____D () C:\windows\Sun
2014-11-06 20:57 - 2013-11-16 21:17 - 00000000 ____D () C:\temp
2014-11-06 20:57 - 2012-07-28 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-11-06 19:26 - 2013-04-11 13:59 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Malwarebytes
2014-11-06 19:26 - 2013-04-11 13:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 19:17 - 2012-06-12 04:35 - 00121576 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 18:38 - 2012-10-18 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBH
2014-11-05 01:55 - 2014-09-03 17:24 - 00000000 ____D () C:\Users\Greg\Downloads\Wrestling
2014-11-04 21:45 - 2014-10-14 15:35 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\avidemux
2014-10-30 00:01 - 2014-07-17 10:38 - 00000000 ____D () C:\Users\Greg\Downloads\yaw
2014-10-28 13:34 - 2012-06-12 11:27 - 00002358 _____ () C:\Users\Greg\Desktop\Google Chrome.lnk
2014-10-21 20:18 - 2014-06-04 00:21 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-21 20:18 - 2014-06-04 00:21 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-21 20:18 - 2014-06-04 00:21 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-21 20:18 - 2014-06-04 00:21 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 20:18 - 2013-11-25 11:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 20:18 - 2013-07-27 19:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-21 13:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-18 16:07 - 2014-07-19 11:17 - 00000000 ____D () C:\Users\Greg\Downloads\Work Stuff
 
Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Greg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbdyiaq.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 18:50
 
==================== End Of Log ============================
 
 
 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:43 AM

Posted 15 November 2014 - 02:38 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

() C:\Program Files\sarconsogulpe\sarconsogulpe.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - %EasyLifeSearch_IESearchEngineGuid% URL = http://search.easylifeapp.com/?q={searchTerms}
SearchScopes: HKCU - %EasyLifeSearch_IESearchEngineGuid% URL = http://search.easylifeapp.com/?q={searchTerms}
BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} ->  No File
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1255701476-2273990348-714479081-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchUrl: hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/30&hid=3896585323&lg=EN&cc=US&l=1&q=
FF SearchEngineOrder.1: EasyLife
FF SearchEngineOrder.1,S: EasyLife
FF SelectedSearchEngine,S: EasyLife
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\user.js
FF SearchPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\105yetch.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Greg\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-28]
CHR HKLM-x32\...\Chrome\Extension: [mnbimbggplfekkdiefllgeajhaoajkme] - C:\ProgramData\DownloadnSave\mnbimbggplfekkdiefllgeajhaoajkme.crx [2012-11-28]
R2 sarconsogulpe; C:\Program Files\sarconsogulpe\sarconsogulpe.exe 
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
Task: {3122DCD1-8E94-4B00-876D-205F65D161B8} - \EPUpdater No Task File <==== ATTENTION
Task: {423F159A-3A90-45A8-9450-89661B857B58} - System32\Tasks\VaudiXUpdaterTask{35792534-5545-4FBA-B01C-0BD2441126F1} => C:\ProgramData\Premium\VaudiX\VaudiX.exe [2012-09-19] () <==== ATTENTION
Task: {7C197126-3C06-4B75-A871-64E042EFD664} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Greg\AppData\Local\Temp\YourFileDownloaderOnIRomGxXW.exe <==== ATTENTION
Task: C:\windows\Tasks\VaudiXUpdaterTask{35792534-5545-4FBA-B01C-0BD2441126F1}.job => C:\ProgramData\Premium\VaudiX\VaudiX.exe <==== ATTENTION
C:\ProgramData\DownloadnSave
C:\Users\Greg\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx
[b][/b]
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

Edited by nasdaq, 15 November 2014 - 02:39 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:43 AM

Posted 21 November 2014 - 09:23 AM

Are you still with me?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,247 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:43 AM

Posted 27 November 2014 - 10:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users