Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help: Infected by Poweliks and Rogue COM Surrogate tasks


  • Please log in to reply
13 replies to this topic

#1 cjwallau7474

cjwallau7474

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 10 November 2014 - 09:56 PM

I seem to be infected by Poweliks and I cannot remove the virus. When using Internet Explorer or Windows Explorer, rogue dllhost.exe programs are seen in task manager and outgoing activity is blocked by Anti-Malware and Norton 360. I have also notices that whenever I open Internet Explorer, the security is changed to custom, even though I keep telling it to run the default "Medium".

 

I have run scans with Norton 360, Malwarebytes Anti-Malware, and Hitman Pro. I cannot seem to get rid of this pesky beast.

 

Any help would be greatly appreciated.

 

Thanks,

Chris

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Taylor at 19:42:23 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6127.3361 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\msfeedssync.exe
C:\Windows\syswow64\wiaacmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{89E5CECD-F395-4684-8872-005752278130} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-29 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-9-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-9-30 1148120]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2014-8-18 49752]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [2014-11-10 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-9-30 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSviA64.sys [2014-11-7 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-9-30 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-9-30 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-11-9 127752]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-9-22 40240]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-9 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-9 968504]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-9-30 265040]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-9 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-9 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-29 539240]
S2 0196971316654632mcinstcleanup;McAfee Application Installer Cleanup (0196971316654632);C:\Windows\TEMP\019697~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\019697~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-17 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-5-18 1900400]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-22 1255736]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-29 1692480]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-10 04:09:36 -------- d-----w- C:\Program Files\HitmanPro
2014-11-10 04:06:54 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-10 03:24:39 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-10 03:24:15 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-10 03:24:15 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-10 03:24:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-10 03:24:15 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-10 03:24:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 00:04:06 -------- d-----w- C:\Users\Taylor\AppData\Local\SWTORPerf
2014-11-08 17:11:43 -------- d-----w- C:\Users\Taylor\AppData\Local\{F1D06827-4DA3-4F75-8B0F-CC57552FC667}
2014-11-07 02:57:54 78936 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2014-11-07 02:19:22 -------- d-----w- C:\NPE
2014-11-07 02:13:58 -------- d-----w- C:\Users\Taylor\AppData\Local\NPE
2014-10-27 15:25:18 -------- d-----w- C:\Users\Taylor\AppData\Local\{5D74B944-C1D2-4E4F-BABF-93986C59F87D}
2014-10-16 12:01:55 -------- d-----w- C:\Users\Taylor\AppData\Local\{9C00FC5E-783B-45D6-BDF9-43A6CC2A04FF}
.
==================== Find3M  ====================
.
2014-10-16 12:04:50 49752 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 06:45:10 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 06:45:10 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:26:58 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-08-26 02:26:57 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 19:43:02.73 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:09 AM

Posted 13 November 2014 - 07:41 PM

hi,

 

Your post is a few days old. If you still need help simply reply back and we can start.


How Can I Reduce My Risk to Malware?


#3 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 14 November 2014 - 12:00 AM

Yes. I am still in need of help.

Thank you.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:09 AM

Posted 14 November 2014 - 06:38 PM

Ok. We will get three downloads to use.:

 

Please download Powelikscleaner (by ESET) and save it to your Desktop.

    Double-click ESETPoweliksCleaner.exe to start the tool.
    Read the terms of the End-user license agreement and click Agree if you agree to them.
    The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
    The tool will produce a log in the same directory the tool was run from, your desktop.
    Please copy and paste the log in your next reply.

http://download.eset.com/special/ESETPoweliksCleaner.exe

 

 

Next:

 

 Please download AdwCleaner to your desktop.
    Right click on AdwCleaner.exe and select "run as admin"
    Click on Scan, Once the Scan is done click on Clean

    Items to remove will be checked for you.

    May be prompted for a restart to finish the removal process

    After the restart a log will be produced that you can copy/paste in your reply

   You can also find the logfile at C:\AdwCleaner[R1].txt as well
  
http://www.bleepingcomputer.com/download/adwcleaner/

 

Three:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. Looks like you can get the 64 bit version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

So three logs to post: The ESET tool log, Adwcleaner, and the FRST logs.


How Can I Reduce My Risk to Malware?


#5 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 14 November 2014 - 10:41 PM

After running the three scans I see significant improvement.

 

ESET Log:

 

[2014.11.14 20:15:58.829] - Begin
[2014.11.14 20:15:58.829] -
[2014.11.14 20:15:58.830] -     ....................................
[2014.11.14 20:15:58.830] -   ..::::::::::::::::::....................
[2014.11.14 20:15:58.831] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.14 20:15:58.832] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.14 20:15:58.832] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.14 20:15:58.833] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.14 20:15:58.834] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.14 20:15:58.834] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.14 20:15:58.834] -     ....................................
[2014.11.14 20:15:58.834] -
[2014.11.14 20:15:58.835] - --------------------------------------------------------------------------------
[2014.11.14 20:15:58.835] -
[2014.11.14 20:15:58.835] - INFO: OS: 6.1.7601 SP1
[2014.11.14 20:15:58.835] - INFO: Product Type: Workstation
[2014.11.14 20:15:58.835] - INFO: WoW64: True
[2014.11.14 20:15:58.836] - INFO: Machine guid: D97F3EDC-F08C-42F3-9F68-63D1DEDECA1C
[2014.11.14 20:15:58.836] -
[2014.11.14 20:16:03.358] - INFO: Scanning for system infection...
[2014.11.14 20:16:03.358] - --------------------------------------------------------------------------------
[2014.11.14 20:16:03.358] -
[2014.11.14 20:16:03.358] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.14 20:16:03.359] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.14 20:16:03.359] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.14 20:16:03.360] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.14 20:16:03.360] - INFO: Processing classes...
[2014.11.14 20:16:03.360] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}]
[2014.11.14 20:16:03.360] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
[2014.11.14 20:16:03.361] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}]
[2014.11.14 20:16:03.363] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.14 20:16:03.363] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.14 20:16:03.363] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:03.365] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.367] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.367] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:03.367] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.367] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.368] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.368] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:03.368] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:03.368] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.14 20:16:03.370] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.14 20:16:03.372] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.14 20:16:03.372] - INFO: Win32/Poweliks found
[2014.11.14 20:16:09.488] - INFO: process: dllhost.exe, pid 2068, parent 4336
[2014.11.14 20:16:09.488] - INFO: Terminated process pid = 2068
[2014.11.14 20:16:09.489] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.14 20:16:09.490] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.14 20:16:09.490] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.14 20:16:09.491] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.14 20:16:09.491] - INFO: Processing classes...
[2014.11.14 20:16:09.491] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}]
[2014.11.14 20:16:09.491] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
[2014.11.14 20:16:09.491] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}]
[2014.11.14 20:16:09.491] - INFO: Processing clsid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.14 20:16:09.491] - INFO: Deleted classid [\Registry\User\S-1-5-21-2704097141-2661915112-1365362054-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.14 20:16:09.492] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:09.492] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.492] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.492] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:09.492] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.492] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.493] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.493] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.14 20:16:09.493] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.14 20:16:09.493] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.14 20:16:09.493] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.14 20:16:09.493] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.14 20:16:09.493] - INFO: Cleaning status: 0
[2014.11.14 20:16:14.102] - End
 



#6 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 14 November 2014 - 10:42 PM

AdwCleaner Log:

 

# AdwCleaner v4.101 - Report created 14/11/2014 at 20:28:45
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Taylor - PHINEAS
# Running from : C:\Users\Taylor\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : COMSysApp

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Taylor\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Taylor\AppData\Roaming\ParetoLogic
File Deleted : C:\Windows\SysWOW64\dllhost.exe
File Deleted : C:\Windows\System32\dllhost.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [4160 octets] - [14/11/2014 20:27:23]
AdwCleaner[S0].txt - [3952 octets] - [14/11/2014 20:28:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4012 octets] ##########



#7 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 14 November 2014 - 10:44 PM

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Taylor (administrator) on PHINEAS on 14-11-2014 20:38:50
Running from C:\Users\Taylor\Desktop
Loaded Profile: Taylor (Available profiles: Taylor & Ashley & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2704097141-2661915112-1365362054-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-11] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {3691BE28-F892-4FE5-96C3-F95A4E62C391} URL = http://www.mysearchresults.com/search?&c=2633&t=03&q={searchTerms}
SearchScopes: HKCU - {90C0CAFE-4659-4263-BEDC-3B42DBBF1CDE} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140519,20028,0,31,0
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2704097141-2661915112-1365362054-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2704097141-2661915112-1365362054-1001: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Taylor\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF Plugin HKU\S-1-5-21-2704097141-2661915112-1365362054-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2704097141-2661915112-1365362054-1001: thehappycloud.com/HappyCloudPlugin -> C:\Users\Taylor\AppData\Local\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-16]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-10] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-09] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
S2 0196971316654632mcinstcleanup; C:\Windows\TEMP\019697~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-16] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141114.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141114.002\ENG64.SYS [129752 2014-09-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141114.002\EX64.SYS [2137304 2014-09-13] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-15] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 20:38 - 2014-11-14 20:39 - 00015488 _____ () C:\Users\Taylor\Desktop\FRST.txt
2014-11-14 20:38 - 2014-11-14 20:38 - 02116608 _____ (Farbar) C:\Users\Taylor\Desktop\FRST64.exe
2014-11-14 20:38 - 2014-11-14 20:38 - 00000000 ____D () C:\FRST
2014-11-14 20:26 - 2014-11-14 20:28 - 00000000 ____D () C:\AdwCleaner
2014-11-14 20:22 - 2014-11-14 20:22 - 02140160 _____ () C:\Users\Taylor\Desktop\AdwCleaner.exe
2014-11-14 20:15 - 2014-11-14 20:16 - 00014946 _____ () C:\Users\Taylor\Desktop\ESETPoweliksCleaner.exe_20141114.201558.5620.log
2014-11-14 20:13 - 2014-11-14 20:13 - 00186568 _____ (ESET) C:\Users\Taylor\Desktop\ESETPoweliksCleaner.exe
2014-11-12 08:07 - 2014-11-12 08:07 - 00000000 __SHD () C:\Users\Taylor\AppData\Local\EmieBrowserModeList
2014-11-11 20:29 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 20:29 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 20:29 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 20:29 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 20:29 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 20:29 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 20:29 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 20:29 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 20:29 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 20:29 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 20:29 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 20:29 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 20:29 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 20:29 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 20:29 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 20:29 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 20:29 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 20:29 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 20:29 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 20:29 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 20:29 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 20:29 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 20:29 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 20:29 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 20:29 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 20:29 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 20:29 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 20:29 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 20:29 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 20:29 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 20:29 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 20:29 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 20:29 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 20:29 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 20:29 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 20:29 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 20:29 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 20:29 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 20:29 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 20:29 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 20:29 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 20:29 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 20:29 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 20:29 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 20:29 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 20:29 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 20:29 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 20:29 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 20:29 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 20:29 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 20:29 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 20:29 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 20:29 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 20:29 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 20:29 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 20:29 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 20:29 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 20:29 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 20:29 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 20:29 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:29 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 20:29 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:29 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:29 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:29 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 20:29 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 20:29 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 20:29 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:29 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:29 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:29 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:29 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:29 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:29 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 20:29 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 20:29 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 20:29 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:29 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:29 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:29 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 20:29 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:29 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:28 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:28 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 20:28 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:28 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:28 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 20:28 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 20:28 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 20:28 - 2014-09-19 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 20:28 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 20:28 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 19:41 - 2014-11-10 19:41 - 00688992 ____R (Swearware) C:\Users\Taylor\Desktop\dds.com
2014-11-09 21:20 - 2014-11-09 21:20 - 00003398 _____ () C:\Windows\system32\.crusader
2014-11-09 21:09 - 2014-11-09 21:09 - 00001859 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-09 21:09 - 2014-11-09 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-09 21:09 - 2014-11-09 21:09 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-09 21:06 - 2014-11-09 21:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-09 20:24 - 2014-11-14 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 20:24 - 2014-11-09 20:24 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 20:24 - 2014-11-09 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 20:24 - 2014-11-09 20:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 20:24 - 2014-11-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 20:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-09 20:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-09 20:24 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-08 17:04 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Taylor\AppData\Local\SWTORPerf
2014-11-08 10:11 - 2014-11-08 10:11 - 00000000 ____D () C:\Users\Taylor\AppData\Local\{F1D06827-4DA3-4F75-8B0F-CC57552FC667}
2014-11-06 19:57 - 2013-09-09 19:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-11-06 19:19 - 2014-11-09 22:15 - 00000000 ____D () C:\NPE
2014-11-06 19:13 - 2014-11-09 22:27 - 00000000 ____D () C:\Users\Taylor\AppData\Local\NPE
2014-11-04 21:30 - 2014-11-08 15:26 - 00007663 _____ () C:\Users\Taylor\AppData\Local\Resmon.ResmonCfg
2014-10-27 08:25 - 2014-10-27 08:25 - 00000000 ____D () C:\Users\Taylor\AppData\Local\{5D74B944-C1D2-4E4F-BABF-93986C59F87D}
2014-10-23 01:51 - 2014-10-23 01:51 - 00000000 _____ () C:\Users\Taylor\AppData\Local\{3FDC212A-5880-4265-9E87-00E3465993D0}
2014-10-16 05:01 - 2014-10-16 05:02 - 00000000 ____D () C:\Users\Taylor\AppData\Local\{9C00FC5E-783B-45D6-BDF9-43A6CC2A04FF}
2014-10-16 00:19 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 00:19 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 00:19 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 00:19 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 00:19 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 00:19 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 00:19 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 00:19 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 00:19 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 00:19 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 00:19 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 00:19 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 00:19 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 00:19 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 00:19 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 00:19 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 00:19 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 00:19 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 00:19 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 20:37 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:37 - 2009-07-13 21:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 20:36 - 2011-09-21 18:12 - 00000000 ____D () C:\Users\Taylor\AppData\Roaming\ID Vault
2014-11-14 20:34 - 2011-08-29 17:09 - 01588008 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 20:30 - 2011-11-11 12:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 20:30 - 2010-11-20 20:47 - 00902172 _____ () C:\Windows\PFRO.log
2014-11-14 20:30 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 20:30 - 2009-07-13 21:51 - 00042431 _____ () C:\Windows\setupact.log
2014-11-14 19:57 - 2011-11-11 12:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 19:45 - 2012-08-13 20:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 17:01 - 2012-01-08 13:59 - 00000000 ____D () C:\Users\Taylor\AppData\Local\CrashDumps
2014-11-14 13:14 - 2011-09-21 18:11 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-11-14 10:01 - 2013-05-21 12:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-13 17:14 - 2009-07-13 22:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 14:52 - 2011-11-11 12:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 14:52 - 2011-11-11 12:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 05:45 - 2012-08-13 20:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 05:45 - 2012-08-13 20:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 05:45 - 2011-08-29 17:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 03:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:09 - 2009-07-13 21:45 - 00469680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:07 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:04 - 2011-09-21 20:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-08 15:46 - 2013-05-18 19:39 - 00000000 ____D () C:\ProgramData\Origin
2014-11-08 15:30 - 2011-09-21 18:19 - 00000000 ____D () C:\Users\Taylor\AppData\Local\ID Vault
2014-11-08 15:29 - 2011-08-29 17:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-08 15:28 - 2013-05-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-08 07:47 - 2011-08-29 17:50 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-08 07:47 - 2011-08-29 17:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-06 19:14 - 2011-09-21 19:54 - 00000000 ____D () C:\ProgramData\Norton
2014-11-04 21:11 - 2013-05-18 19:49 - 00001278 _____ () C:\Users\Public\Desktop\SimCity™.lnk
2014-11-04 21:05 - 2013-05-18 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-04 00:29 - 2014-04-08 18:10 - 00000000 ____D () C:\Users\Taylor\AppData\Local\{E2121B50-6B78-4DD6-9B4B-277B36874C8E}
2014-10-26 15:56 - 2012-04-14 13:44 - 00000000 ____D () C:\Users\Taylor\AppData\Local\HP
2014-10-22 18:44 - 2011-09-21 18:24 - 00000000 ____D () C:\Users\Ashley\AppData\Roaming\ID Vault
2014-10-16 05:04 - 2014-08-18 17:02 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-16 05:04 - 2014-08-18 17:02 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
2014-10-16 05:04 - 2011-09-21 18:11 - 00002203 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-10-16 05:04 - 2011-09-21 18:11 - 00002191 _____ () C:\Users\Public\Desktop\Constant Guard.lnk

Some content of TEMP:
====================
C:\Users\Taylor\AppData\Local\Temp\ose00000.exe
C:\Users\Taylor\AppData\Local\Temp\Quarantine.exe
C:\Users\Taylor\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 10:29

==================== End Of Log ============================



#8 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 14 November 2014 - 10:45 PM

FRST Addition.txt Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Taylor at 2014-11-14 20:39:24
Running from C:\Users\Taylor\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Clone Wars (HKU\S-1-5-21-2704097141-2661915112-1365362054-1001\...\SOE-Clone Wars) (Version:  - Sony Online Entertainment)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{2B25AEE3-D191-4735-870E-28743D727ED8}) (Version: 1.7.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Disney Pirates of the Caribbean Online (HKLM-x32\...\Disney Pirates of the Caribbean Online) (Version:  - Walt Disney Internet Group)
Disney Toontown Online (HKLM-x32\...\Disney Toontown Online) (Version:  - Walt Disney Internet Group)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-2704097141-2661915112-1365362054-1001\...\HappyCloud) (Version: 1.275 - Happy Cloud, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Home Designer Pro 2014 Trial Version (HKLM-x32\...\{A082E68D-7452-43BB-A4BE-228F99CEC984}) (Version: 15.2.1.0 - Chief Architect)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings Online (HKU\S-1-5-21-2704097141-2661915112-1365362054-1001\...\lotro_en) (Version:  - )
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity Web Player (HKU\S-1-5-21-2704097141-2661915112-1365362054-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3387F0D1-ADE7-41D7-828F-20E5E705FCAA} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {37954B8E-95AA-46D2-B1EC-B5A985EA9029} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {4EE656D0-9710-4ECA-8492-00324F6BDB1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5B522934-6D0D-4401-830D-37412D5ADA79} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {61ECBE70-D1C1-476E-8D93-53FF9B54DFA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {A8250CB3-4CBF-416E-A9CB-46593E5D469F} - System32\Tasks\4816 => Wscript.exe C:\Users\Taylor\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C59FC9D6-1B6D-44A4-B2E6-F1332B91CB11} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D26D1A9A-5EDB-4947-A620-790444423E3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {D4B262C0-730A-41FE-8977-FF36BFD6171D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F426F66E-EF23-4401-9569-B40A627EFB48} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F7F34F2A-495C-438E-9D4D-3D061D38A0D5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-30 09:30 - 2011-05-30 09:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-05-30 09:25 - 2011-05-30 09:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-05-30 09:25 - 2011-05-30 09:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SftService => 2
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2704097141-2661915112-1365362054-500 - Administrator - Disabled)
Ashley (S-1-5-21-2704097141-2661915112-1365362054-1003 - Administrator - Enabled) => C:\Users\Ashley
ASPNET (S-1-5-21-2704097141-2661915112-1365362054-1005 - Limited - Enabled)
Guest (S-1-5-21-2704097141-2661915112-1365362054-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2704097141-2661915112-1365362054-1002 - Limited - Enabled)
Taylor (S-1-5-21-2704097141-2661915112-1365362054-1001 - Administrator - Enabled) => C:\Users\Taylor

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 08:31:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 08:28:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: IsIDVaultRunning failed Only part of a ReadProcessMemory or WriteProcessMemory request was completed   at System.Diagnostics.NtProcessManager.GetModuleInfos(Int32 processId, Boolean firstModuleOnly)
   at System.Diagnostics.NtProcessManager.GetFirstModuleInfo(Int32 processId)
   at System.Diagnostics.Process.get_MainModule()
   at IDVaultSvc.IDVaultExecutionController.IsIDVaultRunning()

Error: (11/14/2014 08:18:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 05:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 05:01:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc8bf
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x0014ddbf
Faulting process id: 0x32e8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2014 11:28:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc8bf
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x0014d2bc
Faulting process id: 0x1d18
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/13/2014 05:00:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc6b8
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x0014d2bc
Faulting process id: 0x30fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/13/2014 11:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc96f
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x00093729
Faulting process id: 0x1198
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/13/2014 03:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x0014d2bc
Faulting process id: 0x38d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/12/2014 05:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc00000fd
Fault offset: 0x0014ddbf
Faulting process id: 0x4994
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (11/14/2014 08:39:25 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}2{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

Error: (11/14/2014 08:32:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/14/2014 08:31:27 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}2{30D49246-D217-465F-B00B-AC9DDD652EB7}

Error: (11/14/2014 08:30:26 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (11/14/2014 08:30:26 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{56EA1054-1959-467F-BE3B-A2A787C4B6EA}

Error: (11/14/2014 08:28:48 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{ECF5BF46-E3B6-449A-B56B-43F58F867814}

Error: (11/14/2014 08:28:48 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}2{56EA1054-1959-467F-BE3B-A2A787C4B6EA}

Error: (11/14/2014 08:28:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/14/2014 08:28:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/14/2014 08:28:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 31%
Total physical RAM: 6126.64 MB
Available physical RAM: 4213.66 MB
Total Pagefile: 12251.47 MB
Available Pagefile: 9797.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:775.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 9E2142E1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:09 AM

Posted 15 November 2014 - 11:19 AM

So hows it all looking on your end now? If all looks good we can remove the tools we used and call it quits,


How Can I Reduce My Risk to Malware?


#10 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 15 November 2014 - 08:05 PM

It's working great! I really appreciate the help.

#11 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:09 AM

Posted 15 November 2014 - 08:30 PM

Ok good, your welcome. One more thing to do then we can remove the tools we used.

We will use FRST to remove some items:

 

Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt

 

Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

HKLM-x32\...\Run: [] => [X]
Task: {A8250CB3-4CBF-416E-A9CB-46593E5D469F} - System32\Tasks\4816 => Wscript.exe C:\Users\Taylor\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D4B262C0-730A-41FE-8977-FF36BFD6171D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

How Can I Reduce My Risk to Malware?


#12 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 November 2014 - 11:02 AM

FIXLOG:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Taylor at 2014-11-16 08:59:24 Run:1
Running from C:\Users\Taylor\Desktop
Loaded Profile: Taylor (Available profiles: Taylor & Ashley & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Task: {A8250CB3-4CBF-416E-A9CB-46593E5D469F} - System32\Tasks\4816 => Wscript.exe C:\Users\Taylor\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D4B262C0-730A-41FE-8977-FF36BFD6171D} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8250CB3-4CBF-416E-A9CB-46593E5D469F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8250CB3-4CBF-416E-A9CB-46593E5D469F}" => Key deleted successfully.
C:\Windows\System32\Tasks\4816 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4816" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B262C0-730A-41FE-8977-FF36BFD6171D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B262C0-730A-41FE-8977-FF36BFD6171D}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.

==== End of Fixlog ====



#13 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:09 AM

Posted 16 November 2014 - 11:10 AM

OK. Good. Looks like we are done. there is one more tool you can use that will delete itself when done;

 

    Next please download Delfix.exe by Xplode and save it to your desktop.
    https://toolslib.net/downloads/viewdownload/2-delfix/
    Please start it and check the box next to "Remove disinfection tools" and click on the run button.
    The tool will delete itself once it finishes.

 

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?


#14 cjwallau7474

cjwallau7474
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 November 2014 - 11:52 AM

Done.

 

Thanks you for your help!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users