Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan agent mnr & trojan.dropper/svchost-fake infections reported


  • This topic is locked This topic is locked
2 replies to this topic

#1 Harpua81

Harpua81

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 12 April 2015 - 10:48 AM

Hello Folks,

My fiancée is running Win 8.1 and SuperAntiSpyware has reported these two infections.  After deletion and reboot, svchost and lsaas both show up again in Windows\Temp and run themselves.  They use up all her system resources.  Malwarebytes Antimalware is unsuccessful at removing these threats as well.  Thanks in advance for reading over my logs.  I have read the posting instructions but I had to upload FRST and post Addition.txt in the message because FRST.txt was too big.  My apologies if this messes anyone up.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Beth at 2015-04-12 11:23:06
Running from C:\Users\Beth\Desktop\Virus Removal Tools
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{1FBC4ED4-5AFF-C237-A786-815BFA7BF728}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
ChocolateBar by We-Care.com v1.0.1.0 (HKLM-x32\...\{23F3465E-F59E-40A3-9127-11D1F8462B98}) (Version: 1.0.1.0 - We-Care.com)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
FlacSquisher 1.3.3 (HKLM-x32\...\FlacSquisher) (Version: 1.3.3 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
IKEA HomePlanner Office (HKLM-x32\...\{B5EB9775-4295-425E-9EBA-25968E80D0FC}) (Version: 1.9.4 - IKEA IT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4505.1006 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
OutfoxTV (HKLM-x32\...\OutfoxTV) (Version:  - OutfoxTV)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Setup - The Sims 4 © Electronic Arts ... (HKLM-x32\...\Setup - The Sims 4 © Electronic Arts ...) (Version: ... - Electronic Arts)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.13.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.13.0 - WonderShare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3018066717-3207517667-314346134-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3018066717-3207517667-314346134-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3018066717-3207517667-314346134-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3018066717-3207517667-314346134-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Beth\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

30-03-2015 04:54:08 Windows Update
31-03-2015 09:45:45 Installed IKEA HomePlanner Office
04-04-2015 13:26:51 Windows Update
11-04-2015 17:08:07 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {108FB42E-5FBB-47D2-90F5-0C4043434BDA} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {11D71CB2-6A9C-4E6A-B47B-550424841AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {1DD1AC1C-33D7-4FBE-AEDA-1542793E5D1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {23810CFC-0510-4C5B-A6EE-CC20263E33B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {2E9AD0F8-1198-44E5-8D9A-35760C4389D2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.7.0.20\SymErr.exe
Task: {3C5A417A-E073-48E3-B7E4-9F37A4FC0FC4} - System32\Tasks\{30E88B21-EE22-4599-99F4-4103F5A58AD4} => pcalua.exe -a "C:\windows\Titanic's Keys to the Past\uninstall.exe" -c "/U:C:\Program Files (x86)\Titanic's Keys to the Past\Uninstall\uninstall.xml"
Task: {3F102CEC-FC7E-4EAA-8034-6DB5249DFFE9} - System32\Tasks\EPSON XP-310 Series Invitation {A1B286CF-17EB-468E-B5D4-BC330FC6C718} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {518AE513-1B3E-468E-9BB4-CCF03EE403E2} - System32\Tasks\SLOW-PCfighter64-Beth-Notification => C:\Program Files\Fighters10119\SLOW-PCfighter 10119\Sync.exe
Task: {63BF8A1A-105D-4B74-AA69-EB4641A9404D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {6E41CA5C-A7E8-45E5-9F51-1B09332BD074} - System32\Tasks\EPSON XP-310 Series Update {A1B286CF-17EB-468E-B5D4-BC330FC6C718} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {780ECEE7-0F0C-4CDF-96E0-25068FDE11F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-20] (Microsoft Corporation)
Task: {786C44E9-1D77-4CAB-85C1-A7A284895FC5} - System32\Tasks\Origin => C:\Users\Beth\AppData\Roaming\Origin\update.vbe [2014-11-23] () <==== ATTENTION
Task: {7C4B1C98-67A4-4441-A24C-A683444C79FE} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-20] (Microsoft Corporation)
Task: {7D38EDB4-E745-4721-88DA-885476DD134C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7F1D9B1F-E4B9-489D-95B7-5B1971196B6A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {851CB264-6E53-43C5-B2F2-5FA3BF3467AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8EF2320E-9D4A-453B-9E06-B7C1199DDE43} - System32\Tasks\EPSON XP-310 Series Invitation {15F6F2AB-E4B9-4B9A-82CA-AE13079EC71F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {91837140-04FB-4B5C-89D3-87AE0BB18596} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {9D25BC85-65C0-4620-A74A-F61E457BCE4B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {A6BCB674-27E8-495A-A7BF-4D00DAD6AC80} - System32\Tasks\EPSON XP-310 Series Update {15F6F2AB-E4B9-4B9A-82CA-AE13079EC71F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AA92EA6C-7D42-4305-9563-253C4C00CEC9} - System32\Tasks\SLOW-PCfighter64-Beth-Startup => C:\Program Files\Fighters10119\SLOW-PCfighter 10119\SLOW-PCfighter 1011964.exe
Task: {AB9A6E40-7DDC-4192-99E9-90DAA3E1C48F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.7.0.20\SymErr.exe
Task: {C9620CF1-6CC4-40FE-9DE1-B1F3126E5B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)
Task: {D7764DEC-57DD-4E4B-A416-BF5990CC2EBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {15F6F2AB-E4B9-4B9A-82CA-AE13079EC71F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {A1B286CF-17EB-468E-B5D4-BC330FC6C718}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {15F6F2AB-E4B9-4B9A-82CA-AE13079EC71F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{15F6F2AB-E4B9-4B9A-82CA-AE13079EC71F} /F:UpdateWORKGROUP\BETHSLAPTOP$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {A1B286CF-17EB-468E-B5D4-BC330FC6C718}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{A1B286CF-17EB-468E-B5D4-BC330FC6C718} /F:UpdateWORKGROUP\BETHSLAPTOP$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SLOW-PCfighter64-Beth-Notification.job => C:\Program Files\Fighters10119\SLOW-PCfighter 10119\Sync.exe
Task: C:\WINDOWS\Tasks\SLOW-PCfighter64-Beth-Startup.job => C:\Program Files\Fighters10119\SLOW-PCfighter 10119\SLOW-PCfighter 1011964.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-11 15:12 - 2013-03-09 11:42 - 00373392 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-06-11 15:12 - 2013-03-16 15:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-06-11 15:12 - 2013-03-16 15:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-06-12 09:57 - 2013-06-12 09:57 - 08864936 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-09 16:41 - 2014-10-09 16:41 - 00484416 _____ () C:\Program Files (x86)\ChocolateBar\ChocolateBar.exe
2014-03-04 09:38 - 2014-03-04 09:38 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.298_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2014-03-04 09:38 - 2014-03-04 09:38 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.298_x64__8wekyb3d8bbwe\Sqlite3.dll
2015-01-17 06:04 - 2015-01-17 06:04 - 00028160 _____ () C:\Users\Beth\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\10ead687afca927bd7b22ad8d20e1de3\Microsoft.PerfTrack.ni.dll
2014-10-17 11:15 - 2014-10-17 11:15 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-17 11:15 - 2014-10-17 11:15 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-10-17 11:15 - 2014-10-17 11:15 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-02-08 16:51 - 2015-02-08 16:51 - 02207232 _____ () C:\Users\Beth\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.B2e1870ee#\0f61b0f981fd27540f3fd7334b48b601\Microsoft.Bing.AppEx.Telemetry.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-05-02 15:31 - 2014-05-02 15:31 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-01-17 06:06 - 2015-01-17 06:06 - 00117248 _____ () C:\Users\Beth\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\99fa190c50aa9d06da5fb90ed0d8b8f7\SqliteWrapper.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\b9985906d4d9f96e8c8047c4657a1388\Windows.Web.ni.dll
2014-05-02 15:33 - 2014-05-02 15:33 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2014-10-17 11:16 - 2014-10-17 11:16 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2014-05-02 15:33 - 2014-05-02 15:33 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2015-01-19 23:00 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-19 23:00 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-19 23:00 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-19 23:00 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-19 23:00 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2013-06-12 10:23 - 2013-06-12 10:23 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2013-06-12 10:22 - 2013-06-12 10:22 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2013-06-12 10:24 - 2013-06-12 10:24 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2013-06-12 10:21 - 2013-06-12 10:21 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2013-06-12 10:23 - 2013-06-12 10:23 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2013-06-12 10:20 - 2013-06-12 10:20 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-12-31 22:45 - 2014-12-05 21:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-31 22:45 - 2014-12-05 21:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:F42BB562
AlternateDataStreams: C:\Users\Beth\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news1582055302
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages534221023
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events2002947179
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-1449898924

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3018066717-3207517667-314346134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Beth\Desktop\images (1).jpg
DNS Servers: 192.168.10.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "YourFile DownloaderInstaller Starter"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "TrojanScanner"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== Accounts: =============================

Administrator (S-1-5-21-3018066717-3207517667-314346134-500 - Administrator - Disabled)
Beth (S-1-5-21-3018066717-3207517667-314346134-1001 - Administrator - Enabled) => C:\Users\Beth
Guest (S-1-5-21-3018066717-3207517667-314346134-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3018066717-3207517667-314346134-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 01:03:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16fc

Start Time: 01d074ddc8d398a8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 36eddda3-e0d1-11e4-bfa4-008cfa452428

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/12/2015 01:03:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lsass.exe, version: 0.0.0.0, time stamp: 0x54cf2869
Faulting module name: lsass.exe, version: 0.0.0.0, time stamp: 0x54cf2869
Exception code: 0xc0000005
Fault offset: 0x0000000000010cf0
Faulting process id: 0x1354
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3
Faulting package full name: lsass.exe4
Faulting package-relative application ID: lsass.exe5

Error: (04/11/2015 10:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x1828
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x19b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:39:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x1b58
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x1668
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0xe40
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:34:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x18ec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:31:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0xd00
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/11/2015 10:30:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 166c

Start Time: 01d074c833286616

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e315c1cd-e0bb-11e4-bfa3-008cfa452428

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (04/11/2015 10:44:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/11/2015 10:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/11/2015 10:43:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/11/2015 10:43:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/11/2015 10:43:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/11/2015 10:43:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (04/11/2015 10:43:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/11/2015 10:43:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (04/11/2015 10:43:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/11/2015 10:43:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/12/2015 01:03:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068916fc01d074ddc8d398a84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe36eddda3-e0d1-11e4-bfa4-008cfa452428microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/12/2015 01:03:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: lsass.exe0.0.0.054cf2869lsass.exe0.0.0.054cf2869c00000050000000000010cf0135401d074cb065631cfC:\Windows\Temp\lsass.exeC:\Windows\Temp\lsass.exe3cc7d85c-e0d1-11e4-bfa4-008cfa452428

Error: (04/11/2015 10:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d182801d074c776f67b6dC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe9f5b499d-e0bd-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d19b401d074c73f7e58a5C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe7cd9e023-e0bd-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:39:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d1b5801d074c7080c35daC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe356670ed-e0bd-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d166801d074c6d0892b1fC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exef9118e10-e0bc-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814de4001d074c64a14853bC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe9869298d-e0bc-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:34:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d18ec01d074c632846018C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe656b5797-e0bc-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:31:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814dd0001d074c5f48d5ef2C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe0ef7d8ca-e0bc-11e4-bfa3-008cfa452428

Error: (04/11/2015 10:30:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17416166c01d074c83328661631C:\Program Files\Internet Explorer\iexplore.exee315c1cd-e0bb-11e4-bfa3-008cfa452428

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3678.26 MB
Available physical RAM: 1866.92 MB
Total Pagefile: 7390.26 MB
Available Pagefile: 4911.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (TI10657600C) (Fixed) (Total:454.25 GB) (Free:270.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   468.06KB   7 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 14 April 2015 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint
CloseProcesses:

() C:\Program Files (x86)\ChocolateBar\ChocolateBar.exe
HKLM-x32\...\Run: [YourFile DownloaderInstaller Starter] => "C:\Users\Beth\AppData\Local\Temp\install24851296.exe" -startup <===== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3018066717-3207517667-314346134-1001\...\Run: [ChocolateBar Sidebar] => C:\Program Files (x86)\ChocolateBar\ChocolateBar.exe [484416 2014-10-09] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: ChocolateBar -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Users\Beth\Appdata\LocalLow\wecarebooster\ChocolateBar.dll [2014-10-09] ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/?cid={84E58910-2FB7-4670-9DFF-D21385E65C35}&mid=8a24c568cc1c47d39dc4d1c5bca1cddb-df96efad2756bfe5ec8f73766de01450c0ab829d&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-01-19%2019:42:12&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0A0AyB0A0B0B0C0B0A0B0CtN0D0Tzu0CyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=126286476&ir=", "hxxp://www.key-find.com/?type=hp&ts=1395613462&from=amt&uid=TOSHIBAXMQ01ABD050_Z2C4FL16SXXZ2C4FL16S", "https://www.google.com/"
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]
Task: {786C44E9-1D77-4CAB-85C1-A7A284895FC5} - System32\Tasks\Origin => C:\Users\Beth\AppData\Roaming\Origin\update.vbe [2014-11-23] () <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:F42BB562
AlternateDataStreams: C:\Users\Beth\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news1582055302
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages534221023
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events2002947179
AlternateDataStreams: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-1449898924
C:\Users\Beth\AppData\Local\Temp\install24851296.exe
C:\Program Files (x86)\ChocolateBar
C:\Users\Beth\AppData\Roaming\Origin\update.vbe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 19 April 2015 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users