Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious processes slowing down computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 zero06

zero06

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 15 December 2014 - 06:27 PM

I noticed a few days ago that my computer was running extremely slow. Opening Firefox and browsing the internet was so slow that the mouse would stop moving many times. My computer has 4 GB of RAM and an Intel quad core. It should not be running this slow while only browsing the web. I opened windows task messenger and noticed many processes running under my Windows account name. They looked like OS processes, but there appeared to be a lot more than there normally are. Some of these processes were taking up 600 MB of RAM. I would close the process, but over time another suspicious OS process would take up around the same amount of memory. I have another computer with the same WIndows 7 OS and it doesn't have so many system processes running under the account name.

 

Any help would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 15 December 2014 - 06:31 PM

It doesn't look like I can attach the DDS log to my post. So I copied it and posted it down below

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2012 4:00:39 PM
System Uptime: 12/15/2014 2:40:53 PM (1 hours ago)
.
Motherboard: Intel Corporation |  | DG965OT
Processor: Intel® Core™2 Quad CPU    Q6600  @ 2.40GHz | LGA 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 439 GiB total, 58.966 GiB free.
D: is FIXED (NTFS) - 492 GiB total, 445.288 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&18D45AA6&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29A4&SUBSYS_505A107B&REV_02\3&18D45AA6&0&18
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82562V 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_0001107B&REV_02\3&18D45AA6&0&C8
Manufacturer: Intel
Name: Intel® 82562V 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_0001107B&REV_02\3&18D45AA6&0&C8
Service: e1express
.
==== System Restore Points ===================
.
RP233: 12/5/2014 5:36:46 PM - Windows Update
RP234: 12/9/2014 3:05:12 PM - Windows Update
RP235: 12/10/2014 8:39:14 PM - Windows Update
RP236: 12/14/2014 3:53:31 PM - Windows Update
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
µTorrent
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.08)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Bonjour
Combined Community Codec Pack 2013-11-27
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Dotfuscator and Analytics Community Edition
Drift City
Entity Framework Designer for Visual Studio 2012 - enu
Epson Event Manager
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
FileZilla Client 3.7.0.1
Fraps (remove only)
Free iPod Video Converter 1.34
Free YouTube Download version 3.2.49.1022
Free YouTube to MP3 Converter version 3.12.42.716
Freemake Video Converter version 4.1.3
GOM Player
Google Chrome
Google Update Helper
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
ijji - Gunz
iTunes
Java 7 Update 45
Java Auto Updater
LG VZW United Drivers
LocalESPC
LocalESPCui for en-us
MagicDisc 2.7.106
McAfee Security Scan Plus
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Office Word Viewer 2003
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.0
mIRC
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Rakion International
RangeMax Wireless-N USB Adapter WN111v2
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SpeedFan (remove only)
teenSMART UAC
teenSMART v3
Update for  (KB2504637)
Update for Microsoft Visual Studio 2012 (KB2781514)
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 5.10 (64-bit)
WN111v2
.
==== Event Viewer Messages From Past Week ========
.
12/15/2014 7:54:09 AM, Error: Schannel [36887]  - The following fatal alert was received: 80.
12/15/2014 2:42:24 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/15/2014 2:42:23 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 20 December 2014 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 20 December 2014 - 07:14 PM

The computer is running much better now. All those suspicious processes are gone now too. My task manager looks normal now. I also restarted the computer to make sure those processes wouldn't return. Thanks for the help Nasdaq and hopefully everything is fine now.

Here are the logs

 

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fidel Julian [Administrator]
Mode : Delete -- Date : 12/20/2014  15:56:53

¤¤¤ Processes : 5 ¤¤¤
[Tr.Poweliks] dllhost.exe -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
[Tr.Poweliks] dllhost.exe -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe -- C:\Windows\syswow64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe -- C:\Windows\syswow64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe -- C:\Windows\syswow64\svchost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 17 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC502893-6536-4D28-993A-E06FD99B60CC} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC502893-6536-4D28-993A-E06FD99B60CC} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CC502893-6536-4D28-993A-E06FD99B60CC} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-895995975-2728096295-479137989-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-895995975-2728096295-479137989-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-895995975-2728096295-479137989-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 194.145.200.27 pagead2.googlesyndication.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FIREFX:Addon] 5belkrzr.default : FlashGot Mass Downloader [{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] ff168d13847c66747d17c52e525ef143
[BSP] 3ad368b94613ef80d0d195f21e2c2777 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 449899 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 921600000 | Size: 503868 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_12202014_154837.log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Fidel Julian (administrator) on FIDELJULIAN-PC on 20-12-2014 15:59:43
Running from C:\Users\Fidel Julian\Desktop\farbar
Loaded Profile: Fidel Julian (Available profiles: Fidel Julian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
() C:\Program Files (x86)\wrapper_inst\file_to_run.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(LG Electronics) C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-24] ()
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Run: [BYR_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [392320 2012-12-09] (LG Electronics)
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Run: [EPSONDEB4F6] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Run: [EPSON WorkForce 610 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\MountPoints2: {5795178b-e0f7-11e2-94a7-0019d14c834a} - H:\TL_Bootstrap.exe
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\MountPoints2: {c4c41452-78a6-11e2-a01f-0019d14c834a} - F:\vs_ultimate.exe
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
Startup: C:\Users\Fidel Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-895995975-2728096295-479137989-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {22A7AB9B-5F41-42D0-A2B1-EEF814630729} URL =
SearchScopes: HKLM-x32 -> DefaultScope {22A7AB9B-5F41-42D0-A2B1-EEF814630729} URL =
SearchScopes: HKU\S-1-5-21-895995975-2728096295-479137989-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-895995975-2728096295-479137989-1000 -> {22A7AB9B-5F41-42D0-A2B1-EEF814630729} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3316751&CUI=UN83466961411253310&UM=2&UP=SPAC8B2657-5C25-41D8-A3CF-EBC2A5FF941A&SSPV=SP2151B_sp_ie
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 194.145.200.27 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-895995975-2728096295-479137989-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: DownloadHelper - C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-03-06]
FF Extension: Adblock Plus - C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-03]
FF HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3316751&SearchSource=48&CUI=UN38200901249581427&UM=2&UP=SP3A09A102-E648-4BBE-BDBD-F8F7279646A6&SSPV=
CHR Profile: C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Freemake Video Converter) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-03-26] (Freemake) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4610408 2013-08-25] (INCA Internet Co., Ltd.)
R2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-15] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:59 - 2014-12-20 15:59 - 00000000 ____D () C:\FRST
2014-12-20 15:58 - 2014-12-20 15:59 - 00000000 ____D () C:\Users\Fidel Julian\Desktop\farbar
2014-12-20 15:57 - 2014-12-20 15:57 - 00005166 _____ () C:\Users\Fidel Julian\Desktop\RKreport_DEL_12202014_155652.log
2014-12-20 15:32 - 2014-12-20 15:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-20 15:32 - 2014-12-20 15:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-20 15:28 - 2014-12-20 15:29 - 18315864 _____ () C:\Users\Fidel Julian\Desktop\RogueKillerX64.exe
2014-12-20 15:25 - 2014-12-20 15:25 - 00001486 _____ () C:\Users\Fidel Julian\Desktop\instr.txt
2014-12-17 17:13 - 2014-12-17 18:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 17:12 - 2014-12-17 17:12 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 17:12 - 2014-12-17 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 17:12 - 2014-12-17 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 17:12 - 2014-12-17 17:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 17:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 17:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 17:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 14:16 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:16 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 18:15 - 2014-12-16 18:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Fidel Julian\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 14:54 - 2014-12-16 14:54 - 00000000 ____D () C:\Windows\pss
2014-12-15 15:10 - 2014-12-15 15:11 - 00020419 _____ () C:\Users\Fidel Julian\Desktop\dds.txt
2014-12-15 15:10 - 2014-12-15 15:11 - 00010314 _____ () C:\Users\Fidel Julian\Desktop\attach.txt
2014-12-15 15:07 - 2014-12-15 15:07 - 00688992 ____R (Swearware) C:\Users\Fidel Julian\Downloads\dds.com
2014-12-11 05:19 - 2014-12-11 05:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 20:40 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 20:40 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 20:40 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 20:40 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 20:40 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 20:40 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 20:40 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 20:40 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 20:40 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 20:40 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 17:19 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 17:19 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 17:19 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 17:19 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 17:19 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 17:19 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 17:19 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 17:19 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:19 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 17:19 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 17:19 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 17:19 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:19 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:19 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 17:19 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 17:19 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 17:19 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:19 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 17:19 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 17:19 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:19 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 17:19 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 17:19 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 17:19 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:19 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 17:19 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 17:19 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 17:19 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 17:19 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 17:19 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 17:19 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 17:19 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 17:19 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 17:19 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 17:19 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 17:19 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 17:19 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 17:19 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 17:19 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:19 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 17:19 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 17:19 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 17:19 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 17:19 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 17:19 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 17:19 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 17:19 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 17:19 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 17:19 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 17:19 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 17:19 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 17:19 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 17:19 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 17:19 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 17:19 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 17:19 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 17:19 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 17:19 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:19 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 17:19 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:18 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:18 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 17:18 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 17:18 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 17:18 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:18 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:18 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:18 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:18 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 17:18 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 17:18 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 17:18 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 17:18 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 17:18 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 06:45 - 2014-12-09 06:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 10:31 - 2014-12-07 10:31 - 00045545 _____ () C:\Users\Fidel Julian\Downloads\Presentation 1(1).pptx
2014-12-07 08:09 - 2014-12-07 08:10 - 00042991 _____ () C:\Users\Fidel Julian\Downloads\Presentation 1.pptx
2014-12-04 14:59 - 2014-12-04 15:00 - 00007558 _____ () C:\Users\Fidel Julian\Desktop\fvUG-v8A.B
2014-11-21 13:47 - 2014-11-21 13:48 - 00000000 ____D () C:\Users\Fidel Julian\Downloads\CD-ADAPCO.STAR-CCM+.9.02.005-R8_WIN.LINUX-SSQ
2014-11-21 11:22 - 2014-11-21 12:23 - 00000000 ____D () C:\Users\Fidel Julian\Downloads\CD-Adapco Star CCM+ 9.04.011-R8 x64

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:57 - 2012-12-24 10:57 - 00000000 ____D () C:\Users\Fidel Julian\AppData\Local\PMB Files
2014-12-20 15:55 - 2012-12-16 15:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 15:44 - 2012-12-14 16:00 - 02022739 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 15:34 - 2009-07-13 20:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 15:34 - 2009-07-13 20:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 15:27 - 2013-12-04 14:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 15:27 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 15:27 - 2009-07-13 20:51 - 00161172 _____ () C:\Windows\setupact.log
2014-12-19 17:52 - 2012-12-17 13:03 - 00808920 _____ () C:\Windows\PFRO.log
2014-12-18 18:14 - 2014-10-03 07:48 - 00007603 _____ () C:\Users\Fidel Julian\AppData\Local\Resmon.ResmonCfg
2014-12-18 18:05 - 2013-12-04 14:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 17:57 - 2013-10-17 16:38 - 00000000 ____D () C:\temp
2014-12-17 17:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\schemas
2014-12-17 17:34 - 2014-04-26 06:03 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-12-17 17:34 - 2013-09-15 06:50 - 00000000 ____D () C:\ProgramData\Conduit
2014-12-17 17:33 - 2013-12-10 16:23 - 00000000 ____D () C:\Program Files (x86)\runonce
2014-12-17 17:33 - 2013-09-15 06:51 - 00000000 ____D () C:\Program Files\wrapper_inst
2014-12-17 17:33 - 2013-09-15 06:49 - 00000000 ____D () C:\Users\Fidel Julian\AppData\Local\CRE
2014-12-17 14:18 - 2013-02-16 18:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-14 17:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:45 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 15:05 - 2013-12-04 14:12 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:19 - 2014-05-06 07:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 05:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 05:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 20:47 - 2013-08-14 15:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:41 - 2012-12-14 16:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 19:00 - 2013-12-03 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 15:55 - 2012-12-16 15:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 15:55 - 2012-12-16 15:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 15:55 - 2012-12-16 15:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-06 18:04 - 2014-01-17 12:45 - 00000000 ____D () C:\Users\Fidel Julian\AppData\Roaming\mIRC
2014-12-03 11:34 - 2014-06-15 10:56 - 00000000 ____D () C:\Users\Fidel Julian\Downloads\vids
2014-12-03 11:30 - 2013-02-15 21:31 - 00000000 ____D () C:\Users\Fidel Julian\AppData\Roaming\uTorrent
2014-11-27 17:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Fidel Julian\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Fidel Julian\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Fidel Julian\AppData\Local\Temp\ExPromo.exe
C:\Users\Fidel Julian\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.15.exe
C:\Users\Fidel Julian\AppData\Local\Temp\mirc732.exe
C:\Users\Fidel Julian\AppData\Local\Temp\mirc734.exe
C:\Users\Fidel Julian\AppData\Local\Temp\mirc736.exe
C:\Users\Fidel Julian\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Fidel Julian\AppData\Local\Temp\oi_{CC50B3B5-50C3-4AB1-8C63-D9FD7F2BBA0B}.exe
C:\Users\Fidel Julian\AppData\Local\Temp\oi_{D1263A8D-9405-48AB-A821-282F463C7034}.exe
C:\Users\Fidel Julian\AppData\Local\Temp\PC-Registry-EXE-0808.exe
C:\Users\Fidel Julian\AppData\Local\Temp\PC-Registry-EXE-0808[1].exe
C:\Users\Fidel Julian\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Fidel Julian\AppData\Local\Temp\sfextra.dll
C:\Users\Fidel Julian\AppData\Local\Temp\SpOrder.dll
C:\Users\Fidel Julian\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Fidel Julian\AppData\Local\Temp\tbSwe2.dll
C:\Users\Fidel Julian\AppData\Local\Temp\twapi-0fc8de8f-b2ea-6445-9b9d-9188dbce5017.dll
C:\Users\Fidel Julian\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Fidel Julian\AppData\Local\Temp\uttD523.tmp.exe
C:\Users\Fidel Julian\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 17:45

==================== End Of Log ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 21 December 2014 - 08:47 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

() C:\Program Files (x86)\wrapper_inst\file_to_run.exe
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3316751&SearchSource=48&CUI=UN38200901249581427&UM=2&UP=SP3A09A102-E648-4BBE-BDBD-F8F7279646A6&SSPV=
CHR Extension: (Freemake Video Converter) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-03]
R2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-15] ()
Task: {0E93087A-DBE4-4A67-91E2-1C4B2C22BFC6} - \bench-sys No Task File <==== ATTENTION
Task: {63A33D38-4613-460A-918F-602C3AC871C0} - \bench-Updater removing No Task File <==== ATTENTION
C:\Program Files (x86)\wrapper_inst

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 21 December 2014 - 03:49 PM

The computer is running fine. I can browse the web like I used to and the CPU usage or RAM usage isn't going up to 100 percent.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Fidel Julian at 2014-12-21 12:22:41 Run:1
Running from C:\Users\Fidel Julian\Desktop\farbar
Loaded Profile: Fidel Julian (Available profiles: Fidel Julian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

() C:\Program Files (x86)\wrapper_inst\file_to_run.exe
HKU\S-1-5-21-895995975-2728096295-479137989-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKU\S-1-5-21-895995975-2728096295-479137989-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3316751&SearchSource=48&CUI=UN38200901249581427&UM=2&UP=SP3A09A102-E648-4BBE-BDBD-F8F7279646A6&SSPV=
CHR Extension: (Freemake Video Converter) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-03]
R2 pcregservice; C:\Program Files (x86)\wrapper_inst\file_to_run.exe [31344 2013-09-15] ()
Task: {0E93087A-DBE4-4A67-91E2-1C4B2C22BFC6} - \bench-sys No Task File <==== ATTENTION
Task: {63A33D38-4613-460A-918F-602C3AC871C0} - \bench-Updater removing No Task File <==== ATTENTION
C:\Program Files (x86)\wrapper_inst

End
*****************

Processes closed successfully.
C:\Program Files (x86)\wrapper_inst\file_to_run.exe => No running process found
HKU\S-1-5-21-895995975-2728096295-479137989-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
"HKU\S-1-5-21-895995975-2728096295-479137989-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Fidel Julian\AppData\Roaming\Mozilla\Firefox\Profiles\5belkrzr.default\user.js => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKU\S-1-5-21-895995975-2728096295-479137989-1000\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully.
Chrome HomePage deleted successfully.
C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj => Moved successfully.
C:\Users\Fidel Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj" => Key deleted successfully.
C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx => Moved successfully.
pcregservice => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E93087A-DBE4-4A67-91E2-1C4B2C22BFC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E93087A-DBE4-4A67-91E2-1C4B2C22BFC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63A33D38-4613-460A-918F-602C3AC871C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63A33D38-4613-460A-918F-602C3AC871C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-Updater removing" => Key deleted successfully.
C:\Program Files (x86)\wrapper_inst => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 22 December 2014 - 08:16 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 22 December 2014 - 08:57 PM

OK, I've updated Java and flash to the newest version. Is that everything? Is my computer healthy again?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 23 December 2014 - 09:38 AM

Unless you have other issues we are good.

#10 zero06

zero06
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 December 2014 - 05:32 PM

No more issues here. Everything is running fine. Thank you for all your help.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 AM

Posted 24 December 2014 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users