Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuous Activity in HDD; Applications Hang or Run Slowly


  • This topic is locked This topic is locked
6 replies to this topic

#1 joshuals

joshuals

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:09:22 PM

Posted 07 February 2015 - 11:17 PM

Computer runs normally after boot up until accessing the Internet in IE or Chrome.  Normally I an IE user. I installed Chrome today just to see if the problems persisted; they did.  Once the Internet has been accessed there is continuous activity in the HDD and all operations with the computer become very slow.  For example, right clicking on a file, folder, or a shortcut takes approximately 60 seconds before a pulldown appears.  
 
Attempting to re-access the Internet with IE when there is continuous activity in the HDD results in a white screen with a blank address bar and the browser hangs.  If a shutdown is done while the computer is in this state, a message is received that a program needs to close (even when it appears that no programs are open) and a brief message goes by with verbiage having to do with Task Host Window.
 
When there is continuous activity in the HDD, disconnecting from the network results in the HDD activity ending and a return to normal HDD activity.  If I reconnect to the network, after a few moments, the continuous activity resumes on its own.
 
There has been no obvious malware activity on this computer.  The symptoms I describe above began on February 6.
 
I have run the following tools before making this post:
  •  
  • FRST
 
  • MBAM: no malicious items found
 
  • ADWCleaner: a few malicious items were found and removed
 
  • JRT: a few malicious items were found and removed but most items had to do with the junk that Best Buy installed on the computer four years ago
 
  • TDSSKiller: no malicious items found
 
  • RogueKiller: several PUP's found and deleted
 
  • Another FRST Scan for which I created and ran a fix
 
  • Eset Online Scanner: found 13 items but most were false positives; removed 3 items
 
 
 
I have not run ComboFix on this machine, though it was run on this computer several years ago at the direction of a BC helper; I see that there are remnants.  The only software installed on this computer recently is an update to Abobe Flash.
 
Attempting to run the above tools while there was continuous activity in the HDD sometimes resulted in a hung app for that tool.  Successful runs for those tools were made after rebooting the computer and running the tool before accessing the Internet (excluding Eset).  After running all the above tools, the problem persists.
 
Problem does not seem to show itself in Safe Mode w/ Networking, though I haven't thoroughly tested it.
 
Task Manager does not show any processes taking up a lot of CPU or Memory, even when there is continuous activity in the HDD.
 
Note that the FRST scan included with this post was run after the tools in the list above were run.  Additionally, the FRSTscan included in this post was run when the computer was experiencing high HDD activity.
 
Thank you in advance for your help.
 
========================================================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Admin (administrator) on TRISTAR149 on 07-02-2015 20:52:50
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & Admin (Available profiles: Ben & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(noahdfear_tools) C:\personal\malware_training\bb_editor\bbEditor.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-10-03] (Intel® Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305080173-2023649632-172057087-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1305080173-2023649632-172057087-1000\...\RunOnce: [Adobe Speed Launcher] => 1423347026
HKU\S-1-5-21-1305080173-2023649632-172057087-1003\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1305080173-2023649632-172057087-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1305080173-2023649632-172057087-1003\...\RunOnce: [Adobe Speed Launcher] => 1423350967
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360214013-SHPD-FSD40014}] => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe /m
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1305080173-2023649632-172057087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
HKU\S-1-5-21-1305080173-2023649632-172057087-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1305080173-2023649632-172057087-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1305080173-2023649632-172057087-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1305080173-2023649632-172057087-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1305080173-2023649632-172057087-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://www.fcd.maricopa.gov/maps/gismaps/plugin/mgaxctrl6.5.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2015-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\IPSFF [2014-07-26]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [606720 2010-09-28] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-05] (Microsoft Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-28] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20150206.001\IDSvia64.sys [669400 2015-02-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150207.003\ENG64.SYS [129752 2015-01-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20150207.003\EX64.SYS [2137304 2015-01-30] (Symantec Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2010-07-07] (Prolific Technology Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-02-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 20:52 - 2015-02-07 20:55 - 00023333 _____ () C:\Users\Ben\Desktop\FRST.txt
2015-02-07 16:51 - 2015-02-07 20:52 - 00000000 ____D () C:\FRST
2015-02-07 16:08 - 2015-02-07 16:08 - 00000961 _____ () C:\Users\Ben\Desktop\LOGS.lnk
2015-02-07 14:59 - 2015-02-07 15:00 - 55915216 _____ (Microsoft Corporation) C:\Users\Ben\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-02-07 14:28 - 2015-02-07 14:28 - 00000081 _____ () C:\Users\Ben\Downloads\fixlist.txt
2015-02-07 14:22 - 2015-02-07 14:22 - 00000058 _____ () C:\Users\Ben\Downloads\CFScript.txt
2015-02-07 14:12 - 2015-02-07 14:12 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 14:12 - 2015-02-07 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 09:39 - 2015-02-07 09:39 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-07 09:38 - 2015-02-07 09:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-03 20:44 - 2015-02-03 20:44 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-03 20:44 - 2015-02-03 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-03 20:44 - 2015-02-03 20:44 - 00000000 ____D () C:\Program Files\iPod
2015-02-03 20:43 - 2015-02-03 20:44 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-03 20:43 - 2015-02-03 20:44 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 19:07 - 2015-02-02 19:07 - 00001384 _____ () C:\Users\Ben\Desktop\2015-02-02 Documents emailed to Clients - Shortcut.lnk
2015-01-27 17:50 - 2015-02-07 20:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 17:50 - 2015-02-05 09:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 17:27 - 2015-02-07 10:49 - 02132992 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-01-24 07:42 - 2015-01-24 07:43 - 110587080 _____ (Oracle Corporation) C:\Users\Ben\Downloads\VirtualBox-4.3.20-96997-Win.exe
2015-01-13 16:57 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:57 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:57 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:57 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:57 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:57 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:57 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:57 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:57 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 16:57 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:57 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:57 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:57 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 20:39 - 2012-04-30 11:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 20:30 - 2011-01-08 01:26 - 01340739 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 19:53 - 2012-04-16 07:05 - 00000000 ____D () C:\Users\Ben\Documents\Outlook Files
2015-02-07 17:00 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 16:16 - 2014-06-14 05:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:16 - 2012-04-30 11:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 16:16 - 2012-04-20 22:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\SoftThinks
2015-02-07 16:13 - 2012-04-28 20:07 - 00000000 ____D () C:\Program Files\Recuva
2015-02-07 15:17 - 2009-07-13 21:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 15:17 - 2009-07-13 21:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 15:09 - 2012-09-10 02:58 - 00126686 _____ () C:\Windows\setupact.log
2015-02-07 15:09 - 2011-01-08 02:40 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2015-02-07 15:09 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 14:34 - 2012-04-30 11:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-02-07 14:15 - 2012-09-13 15:03 - 00571116 _____ () C:\Windows\PFRO.log
2015-02-07 14:12 - 2012-04-30 11:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-07 14:05 - 2012-06-09 19:54 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\KeePass
2015-02-07 13:25 - 2012-04-16 12:38 - 00000000 ____D () C:\xfer
2015-02-07 10:56 - 2012-04-23 08:53 - 00000000 ____D () C:\Windows\ERDNT
2015-02-06 23:55 - 2014-06-14 05:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 20:24 - 2012-04-20 22:15 - 00000000 ____D () C:\Users\Admin
2015-02-05 09:17 - 2012-11-07 08:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 09:17 - 2012-11-07 08:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 21:34 - 2012-04-30 11:07 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 21:34 - 2012-04-30 11:07 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:44 - 2012-09-14 05:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-03 20:43 - 2012-04-22 20:49 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-01 19:37 - 2012-04-16 07:06 - 00000000 ____D () C:\personal
2015-01-28 07:19 - 2012-04-28 20:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-28 07:19 - 2012-04-28 20:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 18:01 - 2012-04-16 07:11 - 00000000 ____D () C:\star_choice
2015-01-25 10:30 - 2012-04-22 20:51 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Apple Computer
2015-01-24 17:19 - 2012-04-23 08:35 - 00000918 _____ () C:\Users\Admin\Desktop\bleepinsite.url
2015-01-24 17:01 - 2009-07-13 22:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-24 07:43 - 2014-01-14 19:51 - 00000000 ____D () C:\Users\Ben\.VirtualBox
2015-01-23 20:33 - 2014-01-14 19:52 - 00000000 ____D () C:\Users\Ben\VirtualBox VMs
2015-01-13 17:22 - 2012-04-18 12:31 - 00777338 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 17:06 - 2013-07-12 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 16:58 - 2012-04-17 11:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 16:30 - 2014-06-12 05:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-01-10 14:22 - 2012-04-28 20:09 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-10 14:22 - 2012-04-28 20:09 - 00000000 ____D () C:\Program Files\Speccy
2015-01-09 10:51 - 2012-04-16 07:11 - 00000000 ____D () C:\vf_hoa
 
==================== Files in the root of some directories =======
 
2012-06-17 05:00 - 2014-05-05 18:43 - 0007607 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-03-15 22:11 - 2013-03-15 22:11 - 0000096 _____ () C:\ProgramData\defraggler_list.txt
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\dllnt_dump.dll
C:\Users\Admin\AppData\Local\temp\Quarantine.exe
C:\Users\Admin\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 09:23
 
==================== End Of Log ============================

Attached Files


Edited by joshuals, 07 February 2015 - 11:21 PM.


BC AdBot (Login to Remove)

 


#2 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:09:22 PM

Posted 09 February 2015 - 11:03 PM

Update

Since no one has had the chance to respond to my topic, let me post this update.

 

I belive the problem has been found:  In recent days, upon launching Microsoft Outlook (my e-mail client), the loading of the Norton Anti-Spam Outlook Plugin has taken an unusually long time.  Today, upon launching Outlook an error message was received regarding the plugin and I was offered the opportunity to disable it, which I did.  The high HDD activity stopped and the computer has been running normally ever since.

 

I ask that a helper comment on my FRST log if there are things that need to be addressed and I will follow the helper's instructions.  Otherwise, please feel free to close the topic as the problem does not appear to be malware related.

 

Thank you.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 12 February 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware issues found on FRST log.
This is just a cleanup.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Toolbar: HKU\S-1-5-21-1305080173-2023649632-172057087-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

Please post the log for my review.

======

#4 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:09:22 PM

Posted 12 February 2015 - 11:24 PM

Salut Nasdaq....

Here are the logs you requested.

There were no problems encountered while carrying out your instructions.

I'm not sure how Java got back on the machine; I had uninstalled it a long time ago. Does it come with the Chrome installation that I did recently? I'll uninstall it when we're through with this thread.

The computer has been running normally since February 8 when I disabled the Norton Anti-Spam Plugin for Microsoft Outlook

======================================================================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by Admin at 2015-02-12 21:03:58 Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & Admin (Available profiles: Ben & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Toolbar: HKU\S-1-5-21-1305080173-2023649632-172057087-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => Key deleted successfully.
HKU\S-1-5-21-1305080173-2023649632-172057087-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 21:03:59 ====

======================================================================================

Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.111)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

======================================================================================

joshuals

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 13 February 2015 - 08:44 AM

I'm not sure how Java got back on the machine; I had uninstalled it a long time ago. Does it come with the Chrome installation that I did recently?

Yes. It comes with every Chrome update.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:09:22 PM

Posted 13 February 2015 - 09:04 AM

All is well.

Merci, Nasdaq et bonne journée!!

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 13 February 2015 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users