Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.EXE and DLLHOST.EXE eating up my resources


  • This topic is locked This topic is locked
8 replies to this topic

#1 twitterfon231

twitterfon231

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 19 November 2014 - 05:32 PM

My workstation computer is having really bad performance issues and I have reason to believe that these two files have a lot to do with the issue. Please advise.



BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 20 November 2014 - 07:33 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ìAll clear.î  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Edited by RPMcMurphy, 20 November 2014 - 07:36 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 21 November 2014 - 11:42 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by User (administrator) on MARCO on 21-11-2014 11:20:55
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZOJQS0X
Loaded Profiles: Marco & User & Administrator (Available profiles: Marco & User & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
(HP) C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Phase Five Systems) C:\Program Files\Jump Desktop\JumpService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Apple Inc.) C:\Program Files\itunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\cAudioFilterAgent\caudiofilteragent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Phase Five Systems) C:\Program Files\Jump Desktop\JumpDesktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Users\User\AppData\Roaming\Dashlane\Dashlane.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LogMeIn, Inc.) C:\Users\User\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\User\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\User\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\LMI_Rescue_srv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [45384 2011-04-28] ()
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1293824 2014-02-14] (Dell Inc.)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-01-27] (RealNetworks, Inc.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
HKLM\...\Run: [DellNetExtender] => C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1293824 2014-02-14] (Dell Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [831104 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2014-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3060248 2014-11-12] ()
HKU\S-1-5-21-3534027689-2904490822-2608032076-1003\...\Run: [SearchProtect] => C:\Users\Marco\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-3534027689-2904490822-2608032076-1003\...\Run: [BackgroundContainer] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Marco\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [Jump Desktop] => C:\Program Files\Jump Desktop\JumpDesktop.exe [469032 2013-11-18] (Phase Five Systems)
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [Dashlane] => C:\Users\User\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-11-14] ()
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Run: [DellSystemDetect] => C:\Users\User\AppData\Local\Apps\2.0\57KRKRC0.MBW\DT8DAVXP.N3N\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-08] (Dell)
HKU\S-1-5-21-3534027689-2904490822-2608032076-500\...\Run: [SearchProtect] => C:\Users\Administrator\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=3746f688-4cf2-d256-98b2-91df04f95720&searchtype=ds&q={searchTerms}&installDate={installDate}
HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-3534027689-2904490822-2608032076-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3534027689-2904490822-2608032076-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5CFC7B314C32CE01
HKU\S-1-5-21-3534027689-2904490822-2608032076-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1003 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={27481DD2-FD81-4993-98A1-B52D100A33CC}&mid=57aeb84a17fd47d1ad04012ea3f7e542-39ca0260b663a7b6b1acd155022834a4667a3474&lang=en&ds=AVG&pr=pr&d=2012-05-14 19:12:10&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1003 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1004 -> ComcastSearch URL = 
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1004 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=3746f688-4cf2-d256-98b2-91df04f95720&searchtype=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1004 -> {4FCBE9DB-D704-4E64-B410-86648B731CAD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN38266543362667532&UM=2
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={D84BDA20-6603-48E6-8E07-D23D67B29467}&mid=57aeb84a17fd47d1ad04012ea3f7e542-39ca0260b663a7b6b1acd155022834a4667a3474&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-12 12:41:43&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3534027689-2904490822-2608032076-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3534027689-2904490822-2608032076-1003 -> No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File
Toolbar: HKU\S-1-5-21-3534027689-2904490822-2608032076-500 -> No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://secureaccess.planwithtan.com/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://secureaccess.planwithtan.com/MLWebCacheCleaner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.26.88.31 75.75.75.75 71.3.0.116
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bjoo468f.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://finance.yahoo.com/
FF NetworkProxy: "ftp", ":0"
FF NetworkProxy: "http", ":0"
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", ":0"
FF NetworkProxy: "ssl", ":0"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3534027689-2904490822-2608032076-1004: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bjoo468f.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bjoo468f.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: AVG Web TuneUp - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bjoo468f.default\Extensions\avg@toolbar [2014-11-12]
FF Extension: NetExtender Launcher  - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bjoo468f.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-01-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-01-27]
FF HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3534027689-2904490822-2608032076-1004\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\User\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\User\AppData\Roaming\Dashlane\3.0.7.74002\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-11-17]
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-14]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (RealDownloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-13] (Intel Corporation)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [332288 2011-08-10] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [431616 2011-08-10] (SEIKO EPSON CORPORATION) [File not signed]
S4 eventlo g; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JumpDesktop; C:\Program Files\Jump Desktop\JumpService.exe [7680 2013-05-07] (Phase Five Systems) [File not signed]
R2 LMIRescue_1e2b6e41-5f97-4e2d-90ac-9ee4b6a12d59; C:\Users\User\AppData\Local\LogMeIn Rescue Applet\LMIR0008.tmp\LMI_Rescue_srv.exe [3087664 2014-11-21] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2014-09-08] (Conexant Systems, Inc.)
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [364032 2014-02-14] (Dell Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 vToolbarUpdater18.1.10; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-12] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-11-12] (AVG Technologies)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [19592 2011-08-10] (SEIKO EPSON CORPORATION)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [22600 2012-07-24] (SonicWALL Inc.)
S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3200 2010-01-18] (Windows ® Win 7 DDK provider)
S3 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2009-11-25] (SEIKO EPSON CORPORATION)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 11:20 - 2014-11-21 11:21 - 00000000 ____D () C:\FRST
2014-11-20 11:08 - 2014-11-20 11:15 - 00021393 _____ () C:\Users\User\Desktop\MILI GM Pipeline Report updated 11-20-14.xlsx
2014-11-19 09:46 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:46 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 10:32 - 2014-11-18 10:32 - 00323712 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller(4).exe
2014-11-16 14:49 - 2014-11-18 14:14 - 00000000 ____D () C:\Users\User\Desktop\Brians Dropbox photos
2014-11-16 14:44 - 2014-11-20 15:37 - 00000000 ___RD () C:\Users\User\Dropbox
2014-11-16 14:44 - 2014-11-18 10:33 - 00001011 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-11-16 14:41 - 2014-11-16 14:41 - 00323712 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller(3).exe
2014-11-16 14:40 - 2014-11-18 10:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-16 14:39 - 2014-11-20 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-11-16 14:39 - 2014-11-16 14:39 - 00323712 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller(2).exe
2014-11-16 14:38 - 2014-11-16 14:38 - 00323712 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller(1).exe
2014-11-12 12:42 - 2014-11-21 11:15 - 00003949 _____ () C:\Windows\system32\debug.log
2014-11-12 12:42 - 2014-11-12 16:42 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Web TuneUp
2014-11-12 12:41 - 2014-11-12 15:22 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-11-12 12:41 - 2014-11-12 12:41 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-11-12 12:41 - 2014-11-12 12:41 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-12 12:41 - 2014-11-12 12:41 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-12 12:41 - 2014-11-12 12:41 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-11-12 12:41 - 2014-11-12 12:41 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-11-11 20:59 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 20:59 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 20:59 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 20:59 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 20:59 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 20:59 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 20:59 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 20:59 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 20:59 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 20:59 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 20:59 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 20:59 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 20:59 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 20:59 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 20:59 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 20:59 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 20:59 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 20:59 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 20:59 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 20:59 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 20:59 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 20:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 20:59 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:59 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:59 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:58 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:58 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:58 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:58 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 20:58 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:58 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:58 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:58 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:58 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:58 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:58 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:58 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 20:58 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 16:12 - 2014-11-17 14:52 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 16:10 - 2014-11-11 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 16:10 - 2014-11-11 16:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-11 16:10 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 16:10 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 16:08 - 2014-11-11 16:08 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 16:04 - 2014-11-11 16:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2015
2014-11-11 16:03 - 2014-11-14 08:16 - 00000968 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-11 16:03 - 2014-11-14 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-11 16:03 - 2014-11-11 16:04 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-11 16:03 - 2014-11-11 16:03 - 00000000 ___HD () C:\$AVG
2014-11-11 16:02 - 2014-11-11 16:02 - 00000000 ____D () C:\Program Files\AVG
2014-11-11 16:01 - 2014-11-11 16:06 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2015
2014-11-11 16:01 - 2014-11-11 16:01 - 04637504 _____ (AVG Technologies) C:\Users\User\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-11-11 15:53 - 2014-11-11 15:53 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2013
2014-11-10 15:05 - 2014-11-12 12:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-06 11:43 - 2014-11-06 11:43 - 00009411 _____ () C:\Users\User\Desktop\Actual Housekeeping Hours.xlsx
2014-11-05 14:46 - 2014-11-12 17:59 - 00000000 ____D () C:\Users\User\Desktop\ICE Program
2014-10-31 10:54 - 2014-10-31 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-31 10:54 - 2014-10-31 10:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-30 08:18 - 2014-10-30 08:18 - 00001649 _____ () C:\Users\User\Desktop\OUTLOOK.EXE - Shortcut.lnk
2014-10-29 21:34 - 2014-10-29 21:34 - 00213784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-10-29 17:32 - 2014-10-29 17:32 - 00000000 ____D () C:\Users\User\Desktop\Marco Island Lakeside Procedures Manual
2014-10-28 10:53 - 2014-10-31 10:54 - 00002045 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-28 10:53 - 2014-10-31 10:54 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-24 12:29 - 2014-10-24 12:29 - 00000000 ____D () C:\Users\Marco\AppData\Local\Conexant
2014-10-23 11:02 - 2014-10-23 11:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-23 11:02 - 2014-10-23 11:02 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 11:19 - 2012-04-27 10:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 11:17 - 2011-12-21 10:52 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Rescue Applet
2014-11-21 10:59 - 2012-04-12 10:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 10:58 - 2014-06-02 12:58 - 00000288 _____ () C:\Windows\Tasks\Speedial.job
2014-11-21 10:42 - 2014-01-27 15:02 - 00000512 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3534027689-2904490822-2608032076-1004.job
2014-11-21 08:17 - 2013-01-03 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-21 03:02 - 2011-12-08 16:29 - 01092772 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 23:19 - 2012-04-27 10:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 16:42 - 2014-08-30 14:38 - 00000314 _____ () C:\Windows\Tasks\HP WEP.job
2014-11-20 15:44 - 2013-07-23 15:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-11-20 15:43 - 2009-07-13 23:34 - 00022416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 15:43 - 2009-07-13 23:34 - 00022416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 15:35 - 2014-09-08 15:22 - 00004952 _____ () C:\Users\Public\CAFADEBUG.log
2014-11-20 15:34 - 2010-11-20 16:48 - 00637542 _____ () C:\Windows\PFRO.log
2014-11-20 15:34 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 15:34 - 2009-07-13 23:39 - 00066727 _____ () C:\Windows\setupact.log
2014-11-20 11:06 - 2014-04-21 16:00 - 00002073 _____ () C:\Users\User\Desktop\Sharefile.lnk
2014-11-20 10:53 - 2011-09-15 11:51 - 00000000 ____D () C:\Users\User\Desktop\Weekly Reports
2014-11-18 13:23 - 2014-08-21 14:01 - 00000000 ____D () C:\Users\User\AppData\Local\join.me
2014-11-17 12:29 - 2014-02-02 17:15 - 00001905 _____ () C:\Users\User\Desktop\Dashlane.lnk
2014-11-17 12:29 - 2014-02-02 15:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dashlane
2014-11-13 09:21 - 2010-11-20 16:01 - 00799798 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 12:00 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 11:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 10:56 - 2009-07-13 23:33 - 00408760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:04 - 2013-08-15 02:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:00 - 2011-11-01 11:42 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:59 - 2013-12-11 02:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 17:59 - 2011-12-08 16:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 16:34 - 2009-01-28 10:26 - 00000000 ____D () C:\TEMP
2014-11-11 16:10 - 2013-11-21 15:49 - 00001097 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 16:10 - 2013-11-21 15:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-11-11 16:10 - 2013-11-21 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 15:49 - 2014-06-12 10:21 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-11-11 10:21 - 2014-08-18 09:14 - 00000000 ____D () C:\Users\User\Desktop\Chamber Faxes
2014-11-05 14:51 - 2014-10-20 14:39 - 00009500 _____ () C:\Users\User\Desktop\2015 TAN Allocation.xlsx
2014-11-04 10:37 - 2012-01-03 12:20 - 00000000 ____D () C:\Program Files\Citrix
2014-11-04 09:08 - 2011-12-21 14:40 - 00001571 _____ () C:\Users\User\Desktop\roomMaster for Windows (Quick Start).lnk
2014-10-29 17:32 - 2014-04-22 11:58 - 00000000 ____D () C:\Users\User\Documents\Marco Island Lakeside Procedures Manual
2014-10-24 12:28 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-23 11:15 - 2014-10-21 09:11 - 00401981 _____ () C:\Users\User\Desktop\2015.MILI.Budget Template.xlsx
2014-10-23 11:02 - 2011-12-08 16:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-23 11:02 - 2011-11-01 11:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-23 11:02 - 2011-11-01 11:24 - 00000000 ____D () C:\Program Files\Adobe
 
Files to move or delete:
====================
C:\Users\Public\mbam-setup-1.75.0.1300.exe
C:\Users\User\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\dlLogic.exe
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxbtchb.dll
C:\Users\User\AppData\Local\temp\EnableExtDll.dll
C:\Users\User\AppData\Local\temp\ICReinstall_Picasa_Setup.exe
C:\Users\User\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\lowproc.exe
C:\Users\User\AppData\Local\temp\MSN5F6E.exe
C:\Users\User\AppData\Local\temp\nsi5A94.tmp.exe
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\RdpUtils.dll
C:\Users\User\AppData\Local\temp\SecurityScan_Release.exe
C:\Users\User\AppData\Local\temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 00:18
 
==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 21 November 2014 - 12:42 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKU\S-1-5-21-3534027689-2904490822-2608032076-1003\...\Run: [BackgroundContainer] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Marco\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
Task: {BB6D9386-156F-4040-90D8-889FDF57A0CE} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Marco\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: C:\Windows\Tasks\Speedial.job => C:\Users\User\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 21 November 2014 - 03:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-11-2014
Ran by User at 2014-11-21 13:08:04 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: Marco & User & Administrator (Available profiles: Marco & User & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3534027689-2904490822-2608032076-1003\...\Run: [BackgroundContainer] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Marco\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
Task: {BB6D9386-156F-4040-90D8-889FDF57A0CE} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Marco\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: C:\Windows\Tasks\Speedial.job => C:\Users\User\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-3534027689-2904490822-2608032076-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB6D9386-156F-4040-90D8-889FDF57A0CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6D9386-156F-4040-90D8-889FDF57A0CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
C:\Windows\Tasks\Speedial.job => Moved successfully.
EmptyTemp: => Removed 3.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 21 November 2014 - 04:33 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 21 November 2014 - 05:33 PM

No malware found on PC.



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 21 November 2014 - 07:20 PM

Great! Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 29 November 2014 - 10:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users